Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 9.x
  4. Topic: [SOLVED] TAINTED_ACCOUNT error
« previous next »
Pages: [1]   Go Down

[SOLVED] TAINTED_ACCOUNT error

  • 3 Replies
  • 1603 Views

guest22

[SOLVED] TAINTED_ACCOUNT error
« on: March 07, 2017, 02:18:43 PM »
Hi,


new SME Server 9.1, passwordstrength Users set to none.


User tries to change his password (letters end numbers > 7) and get the error message 'TAINTED_ACCOUNT.


Anybody an idea what's wrong please?


TIA
Logged

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: TAINTED_ACCOUNT error
« Reply #1 on: March 07, 2017, 03:01:24 PM »
Quote from: guest22 on March 07, 2017, 02:18:43 PM
Hi,


new SME Server 9.1, passwordstrength Users set to none.


User tries to change his password (letters end numbers > 7) and get the error message 'TAINTED_ACCOUNT.


Anybody an idea what's wrong please?


TIA

in /etc/e-smith/web/panels/password/cgi-bin/userpassword I read

Code: [Select]
unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ ))
    {
        $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT');
        return;
    }

so it seems that the username you're using is not correct
if you think this is wrong, please open a bug, thank you :-)
Logged

guest22

[SOLVED] Re: TAINTED_ACCOUNT error
« Reply #2 on: March 07, 2017, 03:26:55 PM »
Quote from: Stefano on March 07, 2017, 03:01:24 PM
Code: [Select]
unless (($acctName) = ($acctName =~ /^([a-z][\-\_\.a-z0-9]*)$/ ))
    {
        $q->param(-name => 'status_message', -value => 'TAINTED_ACCOUNT');
        return;
    }

The error was between the keyboard and the chair, user tried to use his email address to login.


So it seems there is a other bug in the way the user error is reported back cryptically instead of detecting the '@' sign and report, 'please use your username only', or we allow full email addresses too (which is common out there).


Thanks

Logged

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: TAINTED_ACCOUNT error
« Reply #3 on: March 07, 2017, 03:38:46 PM »
Quote from: guest22 on March 07, 2017, 03:26:55 PM
The error was between the keyboard and the chair, user tried to use his email address to login.

You owe me 50€c, I bet on this :-)

Quote
So it seems there is a other bug in the way the user error is reported back cryptically instead of detecting the '@' sign and report, 'please use your username only',

I agree, error messages must be readable and understandable by final users
please open a NFR, thank you

Quote
or we allow full email addresses too (which is common out there).

quite useless, we're using real accounts and so having the @domain part would be useless..
I mean: we'd accept the email but we'd edit the code to consider just the username part.. moreover, often users have an email address which is just an alias..
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 9.x
  4. Topic: [SOLVED] TAINTED_ACCOUNT error