https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292022-07-21T09:25:01ZRedmineRedmine - Feature #35450: Better validation error message when the domain of email is not allowedhttps://www.redmine.org/issues/35450?journal_id=1074062022-07-21T09:25:01ZGo MAEDA
<ul><li><strong>File</strong> <i>37151-v2.patch</i> added</li><li><strong>Subject</strong> changed from <i>Fixed an error message when registering an email address for a disallowed email domain</i> to <i>Better validation error message when the domain of email is not allowed</i></li><li><strong>Category</strong> changed from <i>Code cleanup/refactoring</i> to <i>Accounts / authentication</i></li><li><strong>Target version</strong> set to <i>5.1.0</i></li></ul><p>+1<br />One of my customers was also confused by this error message.</p>
<p>Setting the target version to 5.1.0.</p> Redmine - Feature #35450: Better validation error message when the domain of email is not allowedhttps://www.redmine.org/issues/35450?journal_id=1074152022-07-22T00:33:07ZGo MAEDA
<ul><li><strong>File</strong> deleted (<del><i>37151-v2.patch</i></del>)</li></ul> Redmine - Feature #35450: Better validation error message when the domain of email is not allowedhttps://www.redmine.org/issues/35450?journal_id=1074162022-07-22T00:33:24ZGo MAEDA
<ul><li><strong>File</strong> <a href="/attachments/29486">35450-v2.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/29486/35450-v2.patch">35450-v2.patch</a> added</li></ul> Redmine - Feature #35450: Better validation error message when the domain of email is not allowedhttps://www.redmine.org/issues/35450?journal_id=1074202022-07-22T04:08:07ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/3369">Feature #3369</a>: Allowed/Disallowed email domains settings to restrict users' email addresses</i> added</li></ul> Redmine - Feature #35450: Better validation error message when the domain of email is not allowedhttps://www.redmine.org/issues/35450?journal_id=1074282022-07-23T00:53:14ZGo MAEDA
<ul><li><strong>File</strong> <a href="/attachments/29490">35450-v3.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/29490/35450-v3.patch">35450-v3.patch</a> added</li></ul><p>I wrote as follows in <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Allowed/Disallowed email domains settings to restrict users' email addresses (Closed)" href="https://www.redmine.org/issues/3369#note-13">#3369#note-13</a> two years ago.</p>
<blockquote>
<p>Changed the error message when the domain is not allowed from "Email contains a domain not allowed (example.com)" to simpler "Email is invalid" because the former detailed error message may give attackers useful hints to avoid restrictions especially on /account/register page</p>
</blockquote>
<p>Taking the above into account, I have updated the patch so that the detailed error message is not displayed for anonymous users.</p> Redmine - Feature #35450: Better validation error message when the domain of email is not allowedhttps://www.redmine.org/issues/35450?journal_id=1074312022-07-24T23:54:55ZYuichi HARADA
<ul></ul><p>Go MAEDA wrote:</p>
<blockquote>
<p>Taking the above into account, I have updated the patch so that the detailed error message is not displayed for anonymous users.</p>
</blockquote>
<p>+1<br />I think the patch is good as I don't have to provide any details to anonymous users.</p> Redmine - Feature #35450: Better validation error message when the domain of email is not allowedhttps://www.redmine.org/issues/35450?journal_id=1074522022-07-27T14:30:39ZGo MAEDA
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Go MAEDA</i></li></ul><p>Committed the patch. Thank you.</p> Redmine - Feature #35450: Better validation error message when the domain of email is not allowedhttps://www.redmine.org/issues/35450?journal_id=1112882023-10-30T12:54:41ZGo MAEDA
<ul><li><strong>Tracker</strong> changed from <i>Patch</i> to <i>Feature</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul>