7
Password change through legacy api UpdateUser2 Not working
Problem reported by ServerPoint - 8/23/2023 at 5:20 PM
Resolved
Hi
Build 8629 (Aug 17, 2023)
Password change through legacy api call UpdateUser2 no longer working, it just return this no matter what ever password i put there in api call. And ofcourse all of those requirements are disabled at server level and domain level

<ResultCode>-21</ResultCode><Message>Password does not meet password requirements: PASSWORD_RESET_REQUIRE_NOT_USERNAME, PASSWORD_RESET_REQUIRE_MIN_LENGTH, PASSWORD_RESET_REQUIRE_CAPITAL, PASSWORD_RESET_REQUIRE_LOWER_CASE, PASSWORD_RESET_REQUIRE_SYMBOL, PASSWORD_RESET_REQUIRE_NUMBER, PASSWORD_RESET_REQUIRE_NOT_BLANK, PASSWORD_RESET_REQUIRE_COMMON, PASSWORD_RESET_REQUIRE_NOT_USED_PREVIOUSLY,

Any solution ?

35 Replies

Reply to Thread
4
Tom Craig Replied
We are experiencing the exact same error starting 8/23 when we installed build 8269 (Aug 17th, 2023). The exact same input works in the web interface.
4
Reto Replied
Thanks, had planned to upgrade this weekend. Happy to avoid this problem now, waiting for a fix of ST.
0
Zach Sylvester Replied
Employee Post
Hey Everyone, 

We don't typically update the legacy API calls as we no longer support them. If you can, I would suggest that you modify your application to use the new JSON API. 

Thanks, 
Zach Sylvester Software Developer SmarterTools Inc. www.smartertools.com
5
Reto Replied
The current communication says only that it's not recommend for new development. I would assume that if you break it, you fix it. And if you like to stop support, that's ok - but do proper communication first. 
2
Webio Replied
It looks like legacy API is not the only one which got affected by update (8629). Until yesterday code updating passwords using:


was working correctly. I've just updated to latest build (8629) and having all password requirements turned off I'm getting error

{"message":"SYSADMIN_SECURITY_PASSWORD_REQUIREMENTS
 PASSWORD_RESET_REQUIRE_NOT_USERNAME
 PASSWORD_RESET_REQUIRE_MIN_LENGTH
 PASSWORD_RESET_REQUIRE_CAPITAL
 PASSWORD_RESET_REQUIRE_LOWER_CASE
 PASSWORD_RESET_REQUIRE_SYMBOL
 PASSWORD_RESET_REQUIRE_NUMBER
 PASSWORD_RESET_REQUIRE_NOT_BLANK
 PASSWORD_RESET_REQUIRE_COMMON
 PASSWORD_RESET_REQUIRE_NOT_USED_PREVIOUSLY
"}
2
Sérgio Rocha Replied
Hi smarter tools

That API method is used by solidcp panel its not easy so it ourself the api method

Sr
2
Tim Uzzanti Replied
Employee Post
As you know, legacy means there is a risk something won't work.  We can test only so many things.

We will fix this but moving forward, legacy API's are unsupported.  Help is being updated with that information.

If you know a company is using legacy API's, let them know.  There is a chance something will break in the future and we will not be updating them!
Tim Uzzanti CEO SmarterTools Inc. www.smartertools.com
6
Webio Replied
@Tim. Current API is also affected....

For legacy IMHO this should be part which is not changed at all. You've stopped developing this API and thats fine but you can't just criple/broke/etc it without any notification. It is called legacy for a reason. So if your actions end up by modifying this part of code then I think you should redo any modification which affected this part of SmarterMail don't you think?

I think you should just announce that you will be  removing legacy API in XX months/years/builds/whatever and everyone who is using it will prepare for that.
2
Tim Uzzanti Replied
Employee Post
It's been legacy for MANY years.  Message already delivered.

If current is impacted, we will fix, that is a bug.  It is a result of new features added.
Tim Uzzanti CEO SmarterTools Inc. www.smartertools.com
5
Employee Replied
Employee Post
In response to Tim's comment... This was all changed about 6 years ago with the release of SmarterMail 16.x in 2017. In that release, we made SmarterMail 100% API driven. When we did that, the legacy API was preserved, as many existing integrations were already in place with that old API. However, we noted at that time that all new integration development should be done using the new API calls, as the legacy calls will no longer updated. 

As the product continues to evolve and change, this does mean that the legacy APIs may stop working. In these situations, we update the legacy API documentation to indicate which legacy API calls are now deprecated. The integration/script using that legacy API call should be updated to use the supported API call instead. 
4
Bruce Replied
It's not just the legacy API you changed the current API with the build 8495 with no notifications!

This unannounced alteration to the current API has caused several control panels utilising the new API to be incompatible with the most recent version of SmarterMail. As a result, I have numerous clients that are unable to upgrade from build 8451.

SmarterTools should improve communication and documentation of API changes and implement versioning.
5
echoDreamz Replied
The API should not change at all, at least, not without some sort of versioning We use numerous products who have an API that uses version numbers or you specify a version in your API call, if a change is made to a method, the change is only reflected in the newer version, this way, implementations that rely on older methods continue working as expected.
3
Duarte Replied
We will not be able to update SmarterMail due to SolidCP... :(
1
echoDreamz Replied
SolidCPs SM100 provider is terribly written... I dont blame them for not wanting to fix it...
2
Ishikaistawan Ishikaistawan Replied
I am experiencing the same...
1
Jade B Replied
Confirming that we’re experiencing the same with solidcp, affecting creation of new accounts and updates to existing credentials 
1
Jade B Replied
Is there any ETA as to when this will be resolved?
2
Chris Mayer Replied
Hello

We are experiencing the same on all our Plesk Hosting Control Panel servers towards the smartermail mailservers.
Chris Mayer Simple Hosting GmbH www.simplehosting.ch
1
Jade B Replied
Can we downgrade to the previous version whilst we wait for a fix?

This issue has halted our automation of new new orders and causing issues.

Any feedback would be appreciated.
1
Duarte Replied
We have downgraded to build 8601 without any problems so far.
0
Jade B Replied
Thanks for the feedback Duarte, will downgrade and revert back
0
Chris Mayer Replied
Hello

Information for all customers which use also Plesk as a hosting control panel together with smartermail. after installing Plesk Plesk Obsidian Version 18.0.55 Update #1 setup new mail accounts and also password change is working with smartermail version Build 8629.
Chris Mayer Simple Hosting GmbH www.simplehosting.ch
1
Jade B Replied
Thanks Duarte

Uninstalled version 8629 and installed version 8601 - orders are now running and services provisioned, and clients can manage their passwords via SolidCP.

Smartertools release notes should include functions and features that are removed

Below is a screenshot from another of our vendors and their changelog is well documented, hopefully Smartertools can implement similar going forward.
1
Bruce Replied
One issue I have seen when deleting a SmarterMail mailbox using the API in Build 8629 is that the SmarterMail Domain User folder is deleted in SmarterMail but a short time later the folder is re-created with a token file in it. Is anyone else seeing this?
0
Sérgio Rocha Replied
Hi,

I are please to announce that we have a quick fix for SOLIDCP.
For a rapid response we change the smartermail provider version 100, anyone that need this quick fix please send me a message, and I will send you the DLL.

The fix is for servers that are using the provider Smarter Mail 100 in solidcp but its running version 8629, is substitute the DLL on server component.

For the future we are preparing a new provider called 8629+, but to create a new provider we need to do a few more thinks, and submit to the Solidcp project managers.

Regards,

SR
0
Sérgio Rocha Replied
@bruce, yes you are right, if you delete a domain or mailbox, the folder is not deleted and you cannot create the same domain/account again, until you delete de folder. 

This problem is critical because when this problem happens, RAM and CPU consumption skyrocket

0
Bruce Replied
Thanks, Sergio, it sounds like it might be a bug in SmarterMail, is anyone else having the issue of folders for deleted users being re-created, they usually contain just one auth-tokens.sbin file. 
0
Webio Replied
Sergio - does your SolidCP provider generate new token each API request or you use token expiration?
0
Sérgio Rocha Replied
HI,

All solidcp users, we have a post on Solidcp website, where we put a fast fix, before submit a new provider version to the project.

0
Sérgio Rocha Replied
@bruce I reported the API bug (fail to delete domain and account folders) on other thread:

0
Kyle Kerst Replied
Employee Post
I was not able to reproduce the delete issues involving the deleted user directories returning, or any subsequent resource issues on the latest release build. If you can reproduce this on demand please submit a ticket with us and we'll get a bug report sent up once we determine the root cause. Thanks!
Kyle Kerst System/Network Administrator SmarterTools Inc. www.smartertools.com
1
echoDreamz Replied
Kyle,

We've seen this issue quite a bit, run a delete and SM will randomly return an empty response (new API) and the folder will be empty, but still be there, the same goes for deleting domains, empty response from SM, the directory for the domain is still present, but empty.
1
Webio Replied
@Kyle I've reported this problem on 1th of september on ticket 3B8-2C68938C-0B30 which you've moved to a new one 2F7-2C8B6F9C-0B1E.

IMHO issue here is that Kyle or anyone else from ST perform tests using API calls without additional API queries. SolidCP and MSPControl share the same code (at least basic functionality and core system) when it comes to getting mail accounts, mail details, mail domain details and mail accounts deletion. When mailbox list is being loaded A LOT more things are being fetched from API, when mail account details is being loaded again a lot more is being loaded from API than simple API call for getting mailbox (for example auto responder settings). The same is with mail account or mail domain deletion. This is not just API call for mail account deletion. It is call for mail account deletion which leads to mail account list and this list is populated with details loaded from control panel but during this list loading some things are also loaded using API calls.

I'll try tomorrow to add simple text log creation which will list ALL api urls which are being called during operations like mail account deletion and mail domain deletion.

This is also one of reasons I've asked Sergio if he is requesting API token each API query is being done because maybe this the problem here. Querying for token each time control panel is accessing SM API.
0
echoDreamz Replied
We too have been struggling with the new API, constant issues saying "refresh token not found" - there are defiantly a lot more calls involved than the previous API, but of course, a lot more data can be fetched too.
1
Sérgio Rocha Replied
HI,

SM reported that the problem with the legacy API and the lost domain folder after deletion is resolved with the last update.

Regards,

SR

Reply to Thread