Use the same email validation for User and Email

Related to #348947 (closed)

Use the same email validation for User and Email. Otherwise, it is possible to successfully save a primary User email, but fail to add it to user.emails because it is invalid for the Email model.

The Email#email validation is now more relaxed, and the same as the User#email validation: it is the Devise email validation, that basically only checks that there is a single @ sign separating local part and domain. The previous stricter Email#email validation was enforcing compliance with RFC3696, but many mail servers allow addresses that are not fully compliant with the RFC. Therefore, the relaxed validation is preferable, to avoid blocking working email addresses.

See also this comment.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

app/models/email.rb

@@ -6,8 +6,8 @@ class Email < ApplicationRecord
 
   belongs_to :user, optional: false
 
-  validates :email, presence: true, uniqueness: true
-  validate :validate_email_format
+  validates :email, presence: true, uniqueness: true, devise_email: true
+
   validate :unique_email, if: ->(email) { email.email_changed? }
 
   scope :confirmed, -> { where.not(confirmed_at: nil) }
@@ -33,10 +33,6 @@ def unique_email
     self.errors.add(:email, 'has already been taken') if primary_email_of_another_user?
   end
 
-  def validate_email_format
-    self.errors.add(:email, I18n.t(:invalid, scope: 'valid_email.validations.email')) unless ValidateEmail.valid?(self.email)
-  end
-
   # once email is confirmed, update the gpg signatures
   def update_invalid_gpg_signatures
     user.update_invalid_gpg_signatures if confirmed?