django-user-management icon indicating copy to clipboard operation
django-user-management copied to clipboard

Published 20 hours ago verified publisher icon incuna

Error message indistinguishable

Open wytrych opened this issue 10 years ago • 7 comments
trafficstars

I'm trying to e2e test user registration and login.

When I try to log in with bad credentials I get back a 400 error with a text in non_field_errors Unable to log in with provided credentials.

When I try to log in with an unverified account I also get back a 400 error with a different non_field_errors User account is disabled.

The only way to distinguish between them is by the error text, which will break when the text changes or we change to a different language.

A possible solution would be to use a different error status or maybe add a field which describes error type in machine readable form.

wytrych avatar Aug 18 '15 14:08 wytrych

@KevinEtienne @meshy @Ian-Foote FYI

wytrych avatar Aug 18 '15 14:08 wytrych

Why do you need to distinguish between them? Is a 400 not enough to confirm your expected result? What are you testing exactly?

meshy avatar Aug 18 '15 15:08 meshy

It looks like we are already making the distinction between:

  • a bad password
  • an inactive account

Maybe the first one should return a 401?

kevinetienne avatar Aug 18 '15 15:08 kevinetienne

@KevinEtienne they are both bad requests. 400 is correct.

meshy avatar Aug 18 '15 15:08 meshy

@meshy I wanted to test two cases:

  1. A user has created an account, enters their correct email and password, but the account isn't verified, so it will not let them in.
  2. A user enters bad credentials, so can't log in.

wytrych avatar Aug 18 '15 15:08 wytrych

I think this might be trying to test too much in end-to-end tests.

LilyFirefly avatar Aug 18 '15 15:08 LilyFirefly

Possibly.

wytrych avatar Aug 18 '15 15:08 wytrych