From 1ff8b88ac8d4d9504dc7475987ccfa67b345a3ed Mon Sep 17 00:00:00 2001 From: justin Date: Wed, 10 Jun 2026 14:41:19 -0500 Subject: [PATCH] fix: stop suppressing synthetic@pipeline.com (real customer address) Paul Wilson (Compound Technologies) signed up with synthetic@pipeline.com, which is a genuine, deliverable EarthLink address (pipeline.com MX -> earthlink-vadesecure.net; he confirmed receipt by phone). Our code had hardcoded pipeline.com + the synthetic@ prefix as a 'non-deliverable FMCSA-census placeholder' and silently suppressed every automated email to him (checkout provisioning, order-creation validation, intake reminders, set-password invites). Nothing in the codebase actually generates that address, so the placeholder rationale was wrong. Removed pipeline.com and the synthetic@ rule from all four suppression sites; only RFC-reserved example.com/test.com/invalid remain blocked. --- api/src/routes/checkout.ts | 12 ++++-------- api/src/routes/compliance-orders.ts | 14 ++++++++------ scripts/workers/delivery_worker.py | 6 +++--- scripts/workers/intake_reminder.py | 9 +++++---- 4 files changed, 20 insertions(+), 21 deletions(-) diff --git a/api/src/routes/checkout.ts b/api/src/routes/checkout.ts index 8793623..b3f869d 100644 --- a/api/src/routes/checkout.ts +++ b/api/src/routes/checkout.ts @@ -202,14 +202,10 @@ async function ensureCompliancePortalUser( } if (!email) return; - // Skip only the genuine FMCSA-census placeholder, never a real customer who - // happens to use these (real) consumer domains. The census placeholder is - // exactly "synthetic@pipeline.com"; treat that one string as non-deliverable - // and anything else as a real address. - if (email === "synthetic@pipeline.com") { - console.warn(`[checkout] Skipping portal provisioning for ${orderId}: FMCSA-census placeholder email`); - return; - } + // (No address suppression here. `synthetic@pipeline.com` is a real customer + // address (EarthLink/pipeline.com), not a placeholder -- provisioning + email + // proceed normally. Only RFC-reserved test domains are rejected upstream at + // order creation (emailError in compliance-orders.ts).) // ── Portal login account (Postgres `customers` row) ────────────────── // The portal login + forgot-password read the Postgres `customers` table diff --git a/api/src/routes/compliance-orders.ts b/api/src/routes/compliance-orders.ts index 67aff44..eb26750 100644 --- a/api/src/routes/compliance-orders.ts +++ b/api/src/routes/compliance-orders.ts @@ -18,19 +18,21 @@ import { requireAdmin } from "../middleware/admin-auth.js"; const router = Router(); // ── Email validation ──────────────────────────────────────────────────────── -// Reject malformed addresses AND known non-deliverable placeholders (e.g. the -// FMCSA-census "synthetic@pipeline.com" used when no real email was found) at -// order-creation time, so we never seed an order/portal account with an -// address we can't actually reach. +// Reject malformed addresses AND RFC-reserved non-deliverable test domains, so +// we never seed an order/portal account with an address we can't reach. NOTE: +// `pipeline.com` is a REAL (EarthLink) domain with deliverable mailboxes and is +// NOT a placeholder -- a customer (Paul Wilson) uses synthetic@pipeline.com as +// his genuine address, confirmed reachable. Only example.com/test.com are +// reserved test domains. const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/; -const PLACEHOLDER_EMAIL_DOMAINS = new Set(["pipeline.com", "example.com", "test.com"]); +const PLACEHOLDER_EMAIL_DOMAINS = new Set(["example.com", "test.com", "invalid"]); function emailError(raw: unknown): string | null { const email = String(raw || "").trim().toLowerCase(); if (!email) return "customer_email is required."; if (!EMAIL_RE.test(email)) return "customer_email is not a valid email address."; const domain = email.split("@")[1] || ""; - if (email.startsWith("synthetic@") || PLACEHOLDER_EMAIL_DOMAINS.has(domain)) { + if (PLACEHOLDER_EMAIL_DOMAINS.has(domain)) { return "customer_email appears to be a placeholder; a real email address is required."; } return null; diff --git a/scripts/workers/delivery_worker.py b/scripts/workers/delivery_worker.py index d8290e6..afd5dc8 100644 --- a/scripts/workers/delivery_worker.py +++ b/scripts/workers/delivery_worker.py @@ -338,10 +338,10 @@ def _build_portal_onboard_html(pg_order: dict | None) -> str: order_number = pg_order.get("order_number", "") if not email: return "" - # Never send a set-password invite to a known placeholder address (e.g. the - # FMCSA-census "synthetic@pipeline.com" used when no real email was found). + # Never send to RFC-reserved test domains. (pipeline.com is a REAL EarthLink + # domain a customer uses -- not a placeholder -- so it is allowed.) em = email.strip().lower() - if em.startswith("synthetic@") or em.split("@")[-1] in {"pipeline.com", "example.com", "test.com"}: + if em.split("@")[-1] in {"example.com", "test.com", "invalid"}: return "" token = _generate_set_password_token(email, order_number) url = f"{PORTAL_URL.rstrip('/')}/set-password?token={token}" diff --git a/scripts/workers/intake_reminder.py b/scripts/workers/intake_reminder.py index c8f9587..4c184c2 100644 --- a/scripts/workers/intake_reminder.py +++ b/scripts/workers/intake_reminder.py @@ -64,10 +64,11 @@ MAX_REMINDERS = int(os.getenv("INTAKE_REMINDER_MAX", "10")) MIN_AGE_HOURS = int(os.getenv("INTAKE_REMINDER_MIN_AGE_HOURS", "20")) # Mirror the API's email validation (api/src/routes/compliance-orders.ts): -# reject malformed addresses AND known non-deliverable placeholders such as the -# FMCSA-census "synthetic@pipeline.com" used when no real email was found. +# reject malformed addresses AND RFC-reserved non-deliverable test domains. +# NOTE: pipeline.com is a REAL (EarthLink) domain a customer uses -- not a +# placeholder -- so it is NOT blocked. EMAIL_RE = re.compile(r"^[^@\s]+@[^@\s]+\.[^@\s]+$") -PLACEHOLDER_DOMAINS = {"pipeline.com", "example.com", "test.com"} +PLACEHOLDER_DOMAINS = {"example.com", "test.com", "invalid"} def _email_ok(raw: str | None) -> bool: @@ -75,7 +76,7 @@ def _email_ok(raw: str | None) -> bool: if not email or not EMAIL_RE.match(email): return False domain = email.split("@", 1)[1] if "@" in email else "" - if email.startswith("synthetic@") or domain in PLACEHOLDER_DOMAINS: + if domain in PLACEHOLDER_DOMAINS: return False return True