From 0b818283fd5a676fda6c42a0a1d37723fb170e34 Mon Sep 17 00:00:00 2001
From: Christian Rohmann <christian.rohmann@inovex.de>
Date: Thu, 20 Jan 2022 15:20:35 +0100
Subject: Allow email subadresses to be used within mail url of CAA records

This patch allows for +subaddress to be used for the local part of mail urls
used for CAA records. While there are more characters allowed in email
addresses, using subadresses for incoming email to role accounts is quite
common.

Closes-Bug: 1958533
Change-Id: Id265fa1dfa5c0703d8e95b5de1334d4ca716fbc0
(cherry picked from commit 1cef20edbc462fab75a919fc0de796c2d6edb30b)
---
 designate/objects/fields.py                                    |  2 +-
 designate/tests/unit/objects/test_caa_object.py                |  7 +++++++
 .../bug-1958533-allow-caa-mail-subaddr-d02cdc46bbb118ad.yaml   | 10 ++++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/bug-1958533-allow-caa-mail-subaddr-d02cdc46bbb118ad.yaml

diff --git a/designate/objects/fields.py b/designate/objects/fields.py
index dd3268c8..13b7168b 100644
--- a/designate/objects/fields.py
+++ b/designate/objects/fields.py
@@ -100,7 +100,7 @@ class StringFields(ovoo_fields.StringField):
     RE_NAPTR_SERVICE = r'^([A-Za-z]([A-Za-z0-9]*)(\+[A-Za-z]([A-Za-z0-9]{0,31}))*)?'  # noqa
     RE_NAPTR_REGEXP = r'^([^0-9i\\])(.*)\1((.+)|(\\[1-9]))\1(i?)'
     RE_KVP = r'^\s[A-Za-z0-9]+=[A-Za-z0-9]+'
-    RE_URL_MAIL = r'^mailto:[A-Za-z0-9_\-]+@.*'
+    RE_URL_MAIL = r'^mailto:[A-Za-z0-9_\-]+(\+[A-Za-z0-9_\-]+)?@.*'
     RE_URL_HTTP = r'^http(s)?://.*/'
     RE_CERT_TYPE = r'(^[A-Z]+$)|(^[0-9]+$)'
     RE_CERT_ALGO = r'(^[A-Z]+[A-Z0-9\-]+[A-Z0-9]$)|(^[0-9]+$)'
diff --git a/designate/tests/unit/objects/test_caa_object.py b/designate/tests/unit/objects/test_caa_object.py
index 877ffb25..b6b0b070 100644
--- a/designate/tests/unit/objects/test_caa_object.py
+++ b/designate/tests/unit/objects/test_caa_object.py
@@ -50,6 +50,13 @@ class CAARecordTest(oslotest.base.BaseTestCase):
         self.assertEqual(0, caa_record.flags)
         self.assertEqual('iodef mailto:security@example.net', caa_record.prpt)
 
+        caa_record = objects.CAA()
+        caa_record._from_string('0 iodef mailto:security+caa@example.net')
+
+        self.assertEqual(0, caa_record.flags)
+        self.assertEqual('iodef mailto:security+caa@example.net',
+                         caa_record.prpt)
+
     def test_parse_caa_invalid(self):
         caa_record = objects.CAA()
         self.assertRaisesRegex(
diff --git a/releasenotes/notes/bug-1958533-allow-caa-mail-subaddr-d02cdc46bbb118ad.yaml b/releasenotes/notes/bug-1958533-allow-caa-mail-subaddr-d02cdc46bbb118ad.yaml
new file mode 100644
index 00000000..694d0d2f
--- /dev/null
+++ b/releasenotes/notes/bug-1958533-allow-caa-mail-subaddr-d02cdc46bbb118ad.yaml
@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    CAA records now allow the use of `+` prefixed subadresses like
+    `security+caa@example.net` within mail urls.
+    (https://www.rfc-editor.org/rfc/rfc5233.html#section-1)
+
+    See `bug 1958533`_ for more information.
+
+    .. _bug 1958533: https://bugs.launchpad.net/designate/+bug/1958533
-- 
cgit v1.2.1