Login button shouldn't turn into loading icon when email is still not confirmed

[youdontneedtoknow22]

Requirements

• [X] Is this a feature request? For questions or discussions use https://lemmy.ml/c/lemmy_support
• [X] Did you check to see if this issue already exists?
• [X] Is this only a feature request? Do not put multiple feature requests in one issue.
• [ ] Is this a server side (not related to the UI) issue? Use the Lemmy back end repo.

Is your proposal related to a problem?

I just created an account and tried to login and the login button turned into loading icon. The problem wasn't clear that I still didn't confirm my email (why is that even necessary?), as there was no indication. Reddit doesn't use email confirmation and no one expects the FOSS alternatives to use that.

Describe the solution you'd like.

Just a message saying "Please check your email for confirmation link, only users with confirmed emails can login"

Describe alternatives you've considered.

Searching on REDDIT for the solution (https://www.reddit.com/r/Lemmy/comments/145qe4t/cant_log_in_to_lemmy/)

Additional context

No response

[gabrielgsalvatore]

This should be priority, i thought the login servers were down and gives a bad first impression for registering users.

[LiftedStarfish]

I think the scope of this issue should be broadened a bit. I think that, upon a failed login, the server should send a message back indicating both the fact that the login failed, and the reason for that failure, and the UI should be indicating to the user what that reason is, such as an unverified email, suspended/deactivated account, nonexistent credentials, or incorrect password.

I think that something similar ought to be implemented for the sign up as well. Sign up should not be allowing users to submit passwords over the character limit, and if the frontend UI tries to submit such a request, it should error, and inform the user of this problem, and if they somehow succeed in submiting such a request, the server should send back an error indicating that the password is too long, which UI displays to the user.

[RayBB]

Can you confirm that this is still an issue with v0.18.0 (which lemmy.ml has recently updated to).

I think it should be resolved as there are now feedback messages for login problem.

If not, lets close this.

[LiftedStarfish]

I have tested this with both my existing account and tried to create a new account. I can confirm that:

• When trying to log in to an existing account with the incorrect password, the UI tells me that the password is wrong.
• When tryinig to create a new account, the password input field does not allow more than 60 characters, and when there is more than 60 characters (such as in the case of using the BitWarden browser extension to fill in the information), an error is returned, indicating that the password was invalid.
• When I try to log in with an account that has pending approval, the UI informs me that my approval is still pending. However, if I use the incorrect password it just tells me that the password is incorrect, and does not tell me that the account is pending approval (this is good).
• If I log into an existing account, and try to change the password to one that is over the character limit, it returns an error indicating that the password is too long.

I am still waiting on account approval, and when that is done, I will test to see what happens when I attempt to log in without a verified email, but so far, this seems to be all good.

[youdontneedtoknow22]

Can you confirm that this is still an issue with v0.18.0 (which lemmy.ml has recently updated to).

I think it should be resolved as there are now feedback messages for login problem.

If not, lets close this.

I tried it on sh.itjust.works , as it has v 0.18.0 and requires an email to register (so I need to confirm the email). It works and I get the message as requested. @LiftedStarfish I would close this issue if you still have no issues left on your side. I'm not sure I totally got what you're waiting for (you said in your 3rd point that you get the message on pending accounts, but then said at the end that you still want to test it).

[LiftedStarfish]

Thank you for informing me about sh.itjust.works. I can now confirm that:

• If you attempt to login with the correct password with an account that does not have a verified email, the web UI informs the user that the account has not been verified. Once again though, if the incorrect password is supplied, it simply tells the user that the password is incorrect.
• If you try to log in with a nonexistent username, the web UI tells the user that no user with that name could be found.

[LiftedStarfish]

Turns out that lemmy.ml, while requiring manual approval, does not require email verification, so it's good that you told me about sh.itjust.works. You're good to close this issue.

[ancientmarinerdev]

Turns out that lemmy.ml, while requiring manual approval, does not require email verification, so it's good that you told me about sh.itjust.works. You're good to close this issue.

What version is this fixed for? It isn't doing it on lemmy.world atm. Actually, on second attempt, it did, first attempt it did not. Weird. I had already cleared cache earlier and use another account on the instance.

Also, is there a risk with this one? Most bots will brute force usernames and passwords, so confirming accounts exist is risky unless credentials are correct. It should probably only respond if account needs verification which would impact on UI response. Both incorrect username and incorrect password should respond with invalid credentials to prevent aiding in brute forcing.