@baris Done!fais3000 created this issue in NodeBB/NodeBB closed Users able to signup with invalid email address (containing comma) #5902
Loss of inputted data and no message on register failure
SPHINX last edited by
On my dev 0.4+, and also on this (community.nodebb.org) site:
Attempt to register with an email address that already exists (or any criteria that would cause registration to fail). Click [register now] and the registration input fields just clear and no message is given. The user does not have any indication of what went wrong.
I have never observed any registration failure messages, so I am guessing something is broken/missing.
@SPHINX each field has a box to the right of it, if a username is taken, the error is there as soon as it detects a conflict. Same with mismatched passwords. The only difference is username when registering using oauth, which adds a string to the username to avoid conflicts.
If you can still click register even with the error on the field, perhaps a better method of handling this would be to either grey out / remove the clickable aspect of register, or when register is clicked, just take them back to that error. Something along the lines of
if errors === 0 then register else take them to errorbut correct.
SPHINX last edited by
Thanks for the reply @a_5mith.
I still feel a better user experience would be to give some feedback and not flush all their input fields forcing them to fill it all in again. Real potential to lose new sign ups this current way. So am I right to assume that there has never been any messaging for this, and I should add from scratch?
Drifting off topic, but:
The only difference is username when registering using oauth, which adds a string to the username to avoid conflicts.
According to the source code, this appears to always be the functionality, even without oauth. I have edited my fork to not do it. It would be nice if there was an on/off option.
@SPHINX the error messaging is there, it's just displayed as you're filling out the form, rather than after you've filled it all out a la the days of php. I agree that clicking register shouldn't empty the fields, but at the same time, from another perspective, register shouldn't fire unless all fields pass the validation. Both would end up with the same outcome, but you've saved yourself a wasted request, therefore time.
It's a minor bug either way, so I'll add it to github for the devs to look at and see what they reckon. If you want to give something a go, then i imagine the devs are always happy to receive a PR on the issue.
Definitely a bug, the
validateFormfunction is calling
validateEmailwhich makes a socket call but it doesn't wait for it to complete.
@baris saved you 3 seconds of making an issue gh#1589
Yeah we definitely have form validation in place... Sounds like a regression