Wrong error msg for incorrect password during login

[ananyaarun]

Description

The issue of not allowing null fields either for username or password during login was taken care of in #5087 , But when a user enters a correct user name (ie present in db) followed by an incorrect password, Instead of a msg saying wrong password this pops up.

Solution

An error msg saying Pls enter correct password or incorrect password should pop up instead of this. I feel this error msg is misleading to a common user.

[ananyaarun]

I'd like to work on this. Thanks :)

[grvsachdeva]

Sure, go ahead @ananyaarun

[ananyaarun]

@gauravano , Can you tell me what This line exactly does ?

to solve this issue i replaced it with a flash warning msg and then a redirect

flash[:warning] = "Wrong password"
redirect_to '/login'

that solved the issue but other cases of login functionality seem to break by this method not sure why.

[grvsachdeva]

@gauravano , Can you tell me what This line exactly does ?

the line you referred take the control to here-

plots2/app/controllers/user_sessions_controller.rb

Line 3 in 4fc2e9f

def new

It behaves just as render template - https://stackoverflow.com/questions/5045222/difference-between-render-action-and-render-template

I think "Password is not valid" message is default one shown by rails authlogic?

[ananyaarun]

Actually it doesnt show an understandable message. This is what comes.

I thought of replacing this render template with a flash msg followed by redirect.

"Password not valid" is fine but i felt the other parts are unnecessary ?

[grvsachdeva]

I think flash message will not be that appropriate to inform/give message such as password validation or captcha fail, etc, as user can ignore flash message easily

[ananyaarun]

Hmm makes sense, But isnt this msg a bit unrelated ? As in why display "1 error prohibited this user session from being saved " to an external user ?

[grvsachdeva]

That's how devise show errors

[ananyaarun]

Ok so if that's the case i assume we cant change it right ? So shall we let the error msg be then ?

[grvsachdeva]

I think we can. Or, we can jump on it and implement our validation? @jywarren what do you think here?

[ananyaarun]

If its possible to change i definitely think "1 error prohibited user session from being saved" can be removed.
Actually i feel, Implementing our own validation is better. Not only this issue but there are several login/signup problems various user are reporting right ?