Error message indistinguishable

incuna / django-user-management

User management model mixins and api views.

BSD 2-Clause "Simplified" License

57 stars 24 forks source link

Open wytrych opened 9 years ago

wytrych commented 9 years ago

I'm trying to e2e test user registration and login.

When I try to log in with bad credentials I get back a 400 error with a text in non_field_errors Unable to log in with provided credentials.

When I try to log in with an unverified account I also get back a 400 error with a different non_field_errors User account is disabled.

The only way to distinguish between them is by the error text, which will break when the text changes or we change to a different language.

A possible solution would be to use a different error status or maybe add a field which describes error type in machine readable form.

wytrych commented 9 years ago

@KevinEtienne @meshy @Ian-Foote FYI

meshy commented 9 years ago

Why do you need to distinguish between them? Is a 400 not enough to confirm your expected result? What are you testing exactly?

kevinetienne commented 9 years ago

It looks like we are already making the distinction between:

Maybe the first one should return a 401?

meshy commented 9 years ago

@KevinEtienne they are both bad requests. 400 is correct.

wytrych commented 9 years ago

@meshy I wanted to test two cases:

A user has created an account, enters their correct email and password, but the account isn't verified, so it will not let them in.
A user enters bad credentials, so can't log in.

LilyFoote commented 9 years ago

I think this might be trying to test too much in end-to-end tests.

wytrych commented 9 years ago

Possibly.