fix: added correct verification endpoint & validation logic for alegra

[sahil9001]

Description:

Fixes #3436

Checklist:

• Tests passing (make test-community)?
• Lint passing (make lint this requires golangci-lint)?

[sahil9001]

@rgmz @zricethezav

[kashifkhan0771]

I created an account on Alegra and generated a token. Initially, I tested the /users API endpoint using an API client, and it worked as expected, returning the same response as /users/self. However, the Alegra documentation only mentions the /users/self endpoint, and there’s no reference to /users, so I'm unsure why it’s functioning similarly.

Additionally, I noticed an issue with the detector failing to identify my user ID, which I believe is always the email used during signup. The regex used for detecting IDs has a length constraint of 25 to 30 characters. However, I was able to create an account with an email shorter than this limit, and despite using that email (as my username) along with my token to successfully call the API via the API client, the detector did not pick it up.

I suggest testing and adjusting the regex for detecting user IDs to ensure it covers valid email lengths.

As for the API behavior, I’ll leave that to @zricethezav and @abmussani. Both /users and /users/self worked for me, though only the /users/self endpoint is mentioned in the documentation.

[sahil9001]

Thanks for the detailed review, @kashifkhan0771 !

I have expanded the email regex to include all case for any possible email.

[kashifkhan0771]

I would feel more confident approving this if you could also test the current email regex to confirm that it isn't working correctly(I tested it but a second round of testing from the PR owner will be good I believe. You can create an account and test this email regex change). A screenshot or any form of documentation from your testing would be sufficient.

[sahil9001]

I have added the testing screenshot, please check

[kashifkhan0771]

New Changes are picking up the key and ID correctly now and verifying. Wait for @zricethezav and @abmussani to respond about the API change.

[sahil9001]

Can you apply the label for Hacktoberfest @kashifkhan0771?

[kashifkhan0771]

Once the PR is approved. We can add it 😃 - Once again thanks for the all the fixes and contributions!

[zricethezav]

Note: We need to standardize on a email regex. @rgmz you're a regex wizard, got one handy?

[zricethezav]

trufflehog/pkg/common/patterns.go

Line 10 in 86d2c6d

const EmailPattern = `\b(?:[a-z0-9!#$%&'*+/=?^_\x60{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_\x60{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])\b`

Looks like we already have one, although I'd be curious on your thoughts

[sahil9001]

Should I use this, I actually picked this pattern from one of the existing detectors only.

trufflehog/pkg/detectors/zipbooks/zipbooks.go

Line 26 in 3ab6086

emailPat = regexp.MustCompile(`\b([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-z]+)\b`)

[zricethezav]

Yes, please use const EmailPattern for consistency. We are planning to standardize across all the detectors.

[sahil9001]

[sahil9001]

@rgmz updated this to alchemy pattern too.

[kashifkhan0771]

The changes are working fine now. I tested locally. One thing I noticed is if we add an email like [email protected] it actually picks the whole string including alegra_email= 😄 and results in unverified result. If we can somehow avoid that it will be more better. Anyway approving the PR as it is working as expected now.

[sahil9001]

The changes are working fine now. I tested locally. One thing I noticed is if we add an email like [email protected] it actually picks the whole string including alegra_email= 😄 and results in unverified result. If we can somehow avoid that it will be more better. Anyway approving the PR as it is working as expected now.

Thanks @kashifkhan0771 , can you please re-run the workflow again, for some reason it is failing on GitHub, locally works fine.

Also I am thinking of a case where we actually have an email like [email protected], as the current email regex is too accurate for this.

[sahil9001]

Can we merge this @zricethezav ?