App: Improvements to error messaging

If you haven’t already, check out our contributing guidelines for onboarding!

View the job in Upwork here. Platform - version: ALL

Action Performed (reproducible steps): Summary: Currently, when a user encounters a sign-in error on expensify.cash, we display the raw API message to the user. We’d like to replace these responses so that when an error occurs, we display a user-friendly message instead.

The error codes and associated user-friendly messages are included in the Messaging section of this issue.

Steps to reproduce an example of the issue:

  1. Go to expensify.cash
  2. Sign in using an incorrect email address and password combination (i.e. a pair of credentials not associated with an account)
  3. See error code and generic error message appear (in red text).
    • Example: 401 No user with that partner/user/password

Desired Result: Show user-friendly error messages. Example: 401 error should show: Incorrect password

Actual Result Generic 401 No user with that partner/user/password appears

Notes/Photos/Videos: image

Messaging:

Error Code Message to display
401 Incorrect login or password. Please try again.
402 You have 2FA enabled on this account. Please sign in using your email or phone number.
403 Invalid login or password. Please try again or reset your password.
404 We were unable to change your password. This is likely due to an expired password reset link in an old password reset email. We have emailed you a new link so you can try again. Check your Inbox and your Spam folder; it should arrive in just a few minutes.
405 You do not have access to this application. Please add your GitHub username for access.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 25 (14 by maintainers)

Commits related to this issue

Most upvoted comments

@ajay426 some of them may be harder to reproduce than others because of restrictions we have on the client. I would say establishing that the code works for one or two cases should be enough. I think I know how you can reproduce 405

405: Try logging in with an account that does not have access to the application but is an expensify account. You can create an invalidated “dummy” account on expensify.com (simply enter an email into the sign in, then log out right away. This will create an invalidated “dummy” account) and then try logging into the expensify.cash site.

EDIT: Also, just looking at the issue it seems like you simply need these for screenshots? In which case, I would just “simulate” those responses in JS for that.

+1
yuwenmemon on Jan 12, 2021

@ajay426 your proposal looks good, and yes please use the jsonCode in the response from the API. Please proceed with a PR.

+1
yuwenmemon on Jan 8, 2021

Telling the user that their password is wrong is giving away important information. It tells the requestor that the username exists but that the password is wrong. Giving a non-specific error that the username or password is wrong is better security practice. but a worse UX.

Either the UX or Security suffers here. Although if the API is giving those codes I’m guessing this choice has already been made?

+1
anthony-hull on Jan 5, 2021
Read more comments on GitHub
← App: Improve UX when pasting images and there is an error
App: Inconsistent Android back button behavior while navigated to a modal view →