[BUG] Backend Allows Inviting Users with Invalid Email Formats in Local Part of the Email Addresses

[arindam-sahoo]

The backend currently allows invitations to be sent to users with improperly formatted email addresses. When querying user details with an invalid email, the API correctly returns a Json deserialize error, indicating inconsistent validation across endpoints.

Steps to Reproduce:

1. Send an invite:

   curl '{{baseUrl}}/api/user/user/invite_multiple?auth_id=' \
     -H 'authorization: auth_token' \
     -H 'content-type: application/json' \
     -H 'cookie: some_cookie' \
     --data-raw '[{"email":"#[email protected]","name":"#$gdyhasd","role_id":"merchant_view_only"}]'
   

2. Response:

   [{"email":"#[email protected]","is_email_sent":true}]

   • The API accepts the invalid email format.

3. Attempt to retrieve user details using an invalid email:

   curl '{{baseUrl}}/api/user/user' \
     -H 'authorization: auth_token' \
     -H 'content-type: application/json' \
     -H 'cookie: some_token' \
     --data-raw '{"email":""}'
   

4. Response:

   {
       "error": {
           "error_type": "invalid_request",
           "message": "Json deserialize error: Failed to parse email at line 1 column 12",
           "code": "IR_06"
       }
   }

Invalid Characters in the Local Part (#$gdyhasd):

• The local part of an email address (before @) can include letters, digits, and certain special characters like . (dot), _ (underscore), and - (hyphen).
• Special characters like # and $ are not allowed unless they are part of a quoted string (e.g., "#$gdyhasd").

Domain Part:

• This part seems fine as it allows emails addresses that follows the format of a valid domain name: letters, digits, and hyphens followed by a valid top-level domain (e.g., '.in', '.com').