Feature #35450
closed
Better validation error message when the domain of email is not allowed
0%
Description
When registering an email address with a disallowed email domain with "My account > Email", the error message "Email is invalid" is displayed.
I don't understand what the error message wants to convey, so fixed the error message.
Files
Related issues
Updated by Go MAEDA over 2 years ago
- File 37151-v2.patch added
- Subject changed from Fixed an error message when registering an email address for a disallowed email domain to Better validation error message when the domain of email is not allowed
- Category changed from Code cleanup/refactoring to Accounts / authentication
- Target version set to 5.1.0
+1
One of my customers was also confused by this error message.
Setting the target version to 5.1.0.
Updated by Go MAEDA over 2 years ago
- Related to Feature #3369: Allowed/Disallowed email domains settings to restrict users' email addresses added
Updated by Go MAEDA over 2 years ago
- File 35450-v3.patch 35450-v3.patch added
I wrote as follows in #3369#note-13 two years ago.
Changed the error message when the domain is not allowed from "Email contains a domain not allowed (example.com)" to simpler "Email is invalid" because the former detailed error message may give attackers useful hints to avoid restrictions especially on /account/register page
Taking the above into account, I have updated the patch so that the detailed error message is not displayed for anonymous users.
Updated by Yuichi HARADA over 2 years ago
Go MAEDA wrote:
Taking the above into account, I have updated the patch so that the detailed error message is not displayed for anonymous users.
+1
I think the patch is good as I don't have to provide any details to anonymous users.
Updated by Go MAEDA over 2 years ago
- Status changed from New to Closed
- Assignee set to Go MAEDA
Committed the patch. Thank you.
Updated by Go MAEDA about 1 year ago
- Tracker changed from Patch to Feature
- Resolution set to Fixed