Error handling for Login needs to be split apart

kdilla301 · December 4, 2020, 7:13am

Hello.

I am trying to render my errors to the client for logging in.

Whenever I try logging in with the correct a user that does not exist, I get the following error:

"The instance was not found or provided password was incorrect"

This is annoying because I should be able to tell my users definitively whether they have entered an incorrect password OR if they definitively do not have an account registered in the database. Instead, because I get this error back regardless of whether the account is nonexistent or the password is incorrect, it becomes a confusing error to render to the on the client. Users that previously signed up may think their account was deleted when in reality, their password is incorrect. They’d have to go through the extra process of signing up again and getting an error that their account already exists just to confirm that their password is incorrect and their account was not deleted. Conversely, users could have the right password and have misspelled their username.

Splitting this error message into two separate errors would solve this problem and I would be able to tell users explicitly what the issue is when they are trying to Login.

Luigi_Servini · December 4, 2020, 9:25am

Hi @kdilla301 and welcome,

How does your login function look like on an FQL perspective?

Luigi

kdilla301 · December 4, 2020, 9:58pm

Login(Match(Index("user_email"), Select(["email"], Var("input"))), {
              password: Select(["password"], Var("input")),
            })

The function works as it should when the credentials are correct.

Luigi_Servini · December 7, 2020, 4:33pm

Hi @kdilla301,

you can handle wrong user/password that way:

 Let(
  {
    email: <email>,
    password: <password>,
    login: If(
      Not(
        Exists(Match('user_email', Var('email')))
        ),
        Abort("User does not exist"),
        If(
          Not(Identify(Match('userByMail',Var('email')),Var('password'))),
            Abort("WRONG PASSWORD"),
            Login(Match('userByMail',Var('email')),{password:Var('password')})
        )
    )
  },
    Var('login')
)

it first checks if a document is returned by the index, if not aborts with “User does not exist”.
If a user is returned, check if the password is correct with Identify, if not abort with “WRONG PASSWORD” message.
If user and password are correct, return the Login() output.

Hope it helps.

Luigi

kdilla301 · December 7, 2020, 4:33pm

Never thought to use conditional error handling directly into FQL. That solution works perfectly