"Invalid username or token has expired." when using the wrong password

SchedulesDirect / JSON-Service

Code related to download, slice-and-dice and generation of JSON into database.

36 stars 5 forks source link

"Invalid username or token has expired." when using the wrong password #71

Open bbigras opened 7 years ago

bbigras commented 7 years ago

url: https://json.schedulesdirect.org/20141201/token

imho the message is confusing. My username was valid but I sent the wrong password.

{
  "response": "INVALID_USER",
  "code": 4003,
  "serverID": "20141201.web.1",
  "message": "Invalid username or token has expired.",
  "datetime": "2016-11-25T03:41:18Z"
}

garybuhrmaster commented 7 years ago

I believe this is intentional (if a slightly confusing message) as a mitigation to trying to discover valid usernames and then trying passwords. This is mentioned in issue #46 (closed). Improving the message to state "invalid username or password" might be a better message.