Check email format on registration

app/models/devise_token_auth/concerns/user.rb

@@ -12,7 +12,7 @@ module DeviseTokenAuth::Concerns::User
 
     serialize :tokens, JSON
 
-    validates_presence_of :email, if: Proc.new { |u| u.provider == 'email' }
+    validates :email, presence: true, email: true, if: Proc.new { |u| u.provider == 'email' }
     validates_presence_of :uid, if: Proc.new { |u| u.provider != 'email' }
 
     # only validate unique emails among email registration users

app/validators/email_validator.rb

@@ -0,0 +1,7 @@
+class EmailValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
+      record.errors[attribute] << (options[:message] || 'is not an email')
+    end
+  end
+end

test/controllers/devise_token_auth/registrations_controller_test.rb

@@ -151,6 +151,36 @@ class DeviseTokenAuth::RegistrationsControllerTest < ActionDispatch::Integration
       end
     end
 
+    describe 'bad email' do
+      before do
+        post '/auth', {
+          email: "false_email@",
+          password: "secret123",
+          password_confirmation: "secret123",
+          confirm_success_url: Faker::Internet.url
+        }
+
+        @resource = assigns(:resource)
+        @data = JSON.parse(response.body)
+      end
+
+      test "request should not be successful" do
+        assert_equal 403, response.status
+      end
+
+      test "user should not have been created" do
+        assert_nil @resource.id
+      end
+
+      test "error should be returned in the response" do
+        assert @data['errors'].length
+      end
+
+      test "full_messages should be included in error hash" do
+        assert @data['errors']['full_messages'].length
+      end
+    end
+
     describe "Mismatched passwords" do
       before do
         post '/auth', {