Strict validations for signup view

[saltukalakus]

Changes

Username validation

In signup view if the user enters an email in the username field, we can't detect this and perform a backend call which ends up with a generic error message. This PR adds a client-side check to verify if the email was typed in the username field and shows an error message instead of making the call.

With this PR we see the following screen as an outcome:

Email validation

Current email validation is very basic and doesn't check all the different email patters. For example, following is considered a valid email, but it isn't: abc..@xyz.com

A few notes about the implementation

• To ensure backward compatibility, validations are implemented behind a feature flag named signUpFieldsStrictValidation and the flag is disabled by default. The only use case I can think of which might break with this change is the custom DBs with migration option turned off.

• While navigating between the login and the signup screen we weren't refreshing the state. This caused the same validation be in effect for the login screen which we don't want. This issue was fixed by updating the state machine during the component mount.

• If the Auth0 server was returning distinct error codes for the invalid usages, it could be possible to add translations for these errors. Here are the error codes returned from Auth0 server as of today. They aren't sufficient to implement a reliable error messaging with translations.

email
{"error":"error in email - email format validation failed: abc..@xyz.com"}

username
{"name":"BadRequestError","code":"missing_property","description":"Email address cannot be used as username.","statusCode":400,"data":{"min":1,"max":40,"errors":["NOT_PASSED"]}}

References

These changes are related to two support tickets.

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

• This change adds unit test coverage
• This change adds integration test coverage
• This change has been tested on the latest version of the platform/language

Checklist

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct
• All existing and new tests complete without errors
• All code quality tools/guidelines have been run/followed
• All relevant assets have been compiled
• All active GitHub checks have passed

[stevehobbsdev]

@saltukalakus Can you check how this behaves with #1918?

We've just implemented a change where, if you're using a custom resolver, we always use the username field which does not perform formatting validation, where they could use either a username or email address.

[stevehobbsdev]

Also, could you please convert the PR into a draft until it is time to review. Thanks.

[saltukalakus]

👋 @stevehobbsdev the PR is ready for review. I have also tested it with connection resolver option along with your PR. It seems to be working well. I didn't notice an issue.

[stevehobbsdev]

Looks good, thanks 👍