Jump to content

Two Small Frontend Bugs

hadzo

By hadzo
in Bugs

 Share

Recommended Posts

hadzo Newbie

hadzo

Posted
Posted

visit URL /client/login/reset/

without entering username/email click RESET PASSWORD button, you get green message saying "A confirmation email has been sent to the address on record."

 

you should get a message saying to enter username/email, this is confusing.

 

 

Using LogicBoxes module.

When you go to URL /plugin/order/main/preconfig/domain

click the TLD checkbox in my case .com, then click TRANSFER button you get "Congratulations, that domain is available." but it is a blank domain since user did not enter a domain. See attached picture.

 

post-3479-0-59085000-1383732333_thumb.pn

Link to comment
Share on other sites
Michael Apprentice

Michael

Posted
Posted

visit URL /client/login/reset/

without entering username/email click RESET PASSWORD button, you get green message saying "A confirmation email has been sent to the address on record."

 

you should get a message saying to enter username/email, this is confusing.

 

 

Using LogicBoxes module.

When you go to URL /plugin/order/main/preconfig/domain

click the TLD checkbox in my case .com, then click TRANSFER button you get "Congratulations, that domain is available." but it is a blank domain since user did not enter a domain. See attached picture.

 

 

Transfer you will always get it available, because you can transfer any domain, you just need the EPP code.

 

Edit: Oh you just clicked on enter. 

Link to comment
Share on other sites
Paul Community Regular

Paul

Posted
Posted

visit URL /client/login/reset/

without entering username/email click RESET PASSWORD button, you get green message saying "A confirmation email has been sent to the address on record."

 

you should get a message saying to enter username/email, this is confusing.

 

This always shows that message, so as not to leak your usernames to a potential attacker. We may add an option to display an error if there is no match, but for security reasons we recommend leaving it this way.

Link to comment
Share on other sites
Tyson Newbie

Tyson

Posted
Posted

visit URL /client/login/reset/

without entering username/email click RESET PASSWORD button, you get green message saying "A confirmation email has been sent to the address on record."

 

you should get a message saying to enter username/email, this is confusing.

 

As Paul mentioned, it is a security risk to reveal information about users that do or do not exist based on such error/success messages. That said, there is a config setting in your blesta config file called "Blesta.default_password_reset_value" which regulates this. You may set its value to false to show any errors.

 

 

Using LogicBoxes module.

When you go to URL /plugin/order/main/preconfig/domain

click the TLD checkbox in my case .com, then click TRANSFER button you get "Congratulations, that domain is available." but it is a blank domain since user did not enter a domain. See attached picture.

 

 

I'm not able to duplicate this. Not entering a domain says that it is not available. But I'm using the sandbox, and maybe that differs from a live account.

Link to comment
Share on other sites
  • 4 weeks later...
hadzo Newbie

hadzo

Posted
  • Author
Posted

Tyson, I updated to 3.0.6 and the problem with Transfers always returning success is still there. Transfer will return success even if the domain is not unlocked and you can not order and transfer a locked domain.

 

I know this is not a big deal for you but as user I am here to remind you what is important for the user since this confuses and makes problems for the customer and hence for the admin.

Link to comment
Share on other sites
Cody Newbie

Cody

Posted
Posted

Tyson, I updated to 3.0.6 and the problem with Transfers always returning success is still there. Transfer will return success even if the domain is not unlocked and you can not order and transfer a locked domain.

 

I know this is not a big deal for you but as user I am here to remind you what is important for the user since this confuses and makes problems for the customer and hence for the admin.

 

What does the log say [Tools] > [Logs] > [Module] when you perform the transfer? Sounds to me like whatever module you're using doesn't care that the domain is locked. That would be an issue outside of the control of Blesta.

Link to comment
Share on other sites
hadzo Newbie

hadzo

Posted
  • Author
Posted

What does the log say [Tools] > [Logs] > [Module] when you perform the transfer? Sounds to me like whatever module you're using doesn't care that the domain is locked. That would be an issue outside of the control of Blesta.

 

I am not performing the transfer, I am talking about the first step of checking if the domain is available to transfer ot not.

Link to comment
Share on other sites
Cody Newbie

Cody

Posted
Posted

I am not performing the transfer, I am talking about the first step of checking if the domain is available to transfer ot not.

 

I see. Well, Blesta has no way of knowing whether or not a domain can be transferred because the APIs that modules use to interface with registrars don't support such a query. So Blesta must assume that if you're intending to transfer a domain that you're aware of the steps required to perform the transfer from your existing registrar.

Link to comment
Share on other sites
  • 4 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...