Patch #35450

Better validation error message when the domain of email is not allowed

Added by Yuichi HARADA over 1 year ago. Updated 6 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Go MAEDA% Done:

0%

Category:Accounts / authentication
Target version:5.1.0

Description

When registering an email address with a disallowed email domain with "My account > Email", the error message "Email is invalid" is displayed.

I don't understand what the error message wants to convey, so fixed the error message.

current-error-message.png (100 KB) Yuichi HARADA, 2021-06-24 03:56

fixed-error-message.png (98.7 KB) Yuichi HARADA, 2021-06-24 03:57

fixed-error-message.patch Magnifier (1.78 KB) Yuichi HARADA, 2021-06-24 03:59

35450-v2.patch Magnifier (1.84 KB) Go MAEDA, 2022-07-22 02:33

35450-v3.patch Magnifier (2 KB) Go MAEDA, 2022-07-23 02:52


Related issues

Related to Redmine - Feature #3369: Allowed/Disallowed email domains settings to restrict use... Closed 2009-05-16

Associated revisions

Revision 21739
Added by Go MAEDA 6 months ago

Better validation error message when the domain of email is not allowed (#35450).

Patch by Yuichi HARADA.

Revision 21740
Added by Go MAEDA 6 months ago

Update locales (#35450).

History

#1 Updated by Go MAEDA 7 months ago

  • File 37151-v2.patch added
  • Subject changed from Fixed an error message when registering an email address for a disallowed email domain to Better validation error message when the domain of email is not allowed
  • Category changed from Code cleanup/refactoring to Accounts / authentication
  • Target version set to 5.1.0

+1
One of my customers was also confused by this error message.

Setting the target version to 5.1.0.

#2 Updated by Go MAEDA 7 months ago

  • File deleted (37151-v2.patch)

#3 Updated by Go MAEDA 7 months ago

#4 Updated by Go MAEDA 7 months ago

  • Related to Feature #3369: Allowed/Disallowed email domains settings to restrict users' email addresses added

#5 Updated by Go MAEDA 7 months ago

I wrote as follows in #3369#note-13 two years ago.

Changed the error message when the domain is not allowed from "Email contains a domain not allowed (example.com)" to simpler "Email is invalid" because the former detailed error message may give attackers useful hints to avoid restrictions especially on /account/register page

Taking the above into account, I have updated the patch so that the detailed error message is not displayed for anonymous users.

#6 Updated by Yuichi HARADA 7 months ago

Go MAEDA wrote:

Taking the above into account, I have updated the patch so that the detailed error message is not displayed for anonymous users.

+1
I think the patch is good as I don't have to provide any details to anonymous users.

#7 Updated by Go MAEDA 6 months ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA

Committed the patch. Thank you.

Also available in: Atom PDF