Skip to content

[WIP] Fix invalid credentials message on login page #1648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 2 commits into from
Closed

[WIP] Fix invalid credentials message on login page #1648

Copilot wants to merge 2 commits into from

Conversation

Copy link

Copilot AI commented Oct 7, 2025
edited
Loading

Fix Invalid Credentials Message

Goal: Provide clear, user-friendly error messages when users enter invalid credentials during login, both in the traditional PHP interface and the API v2.

Changes Made:

  • Understand current error handling in login flow (PHP and API v2)
  • Improve error message in HttpBasicAuthentication middleware to show "Invalid credentials. Please check your username and password." instead of generic messages
  • Update PHP login error message (error code 3) to dynamically include OTP in the message when Yubikey is enabled
  • Test the changes to verify proper error messages are displayed
  • Manual verification of UI changes

Technical Changes:

  1. API v2 (src/api/v2/index.php):

    • Updated HttpBasicAuthentication error handler to return clear message: "Invalid credentials. Please check your username and password." instead of passing through the generic middleware message

  2. PHP Login (src/index.php):

    • Changed error code 3 message from "Wrong username/password/OTP!" to "Invalid credentials. Please check your username, password, and OTP." (OTP only shown when Yubikey is enabled)
    • This ensures consistency between the API and traditional login flows

Benefits:

  • More user-friendly error messages
  • Consistent messaging across API and traditional login
  • Clearer guidance for users on what to check
  • Dynamic message that adapts to whether OTP is enabled
Original prompt

This section details on the original issue you should resolve

<issue_title>[FEATURE]: Missing invalid credentials message</issue_title>
<issue_description>### Version Information

beta

Hashcat

No response

Description

When a user tries to log in from the log in page using invalid credentials, the page displays a "Status Code: 401 - Token expired. Please log in again." message instead of a message informing about the invalid credentials. Additionally, an error toast message with the subject "An error occurred. Please try again later." is displayed, taking this user error as an error of the tool.</issue_description>

<agent_instructions>The toast message differs from the message directly displayed to the user. Please make sure that the both messages match each other to make it more user-friendly.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@ObsidianOracle Fixed and merged in PR hashtopolis/web-ui#368 @ObsidianOracle Still not fixed. This is not an issue at all but a suggestion. When you try to login and the credentials are incorrect, the message that appears is not very user friendly. My recommendation is to show a toast or a notification that disappears after a few seconds, or just display the message clearly on the form.
Fixes #1487

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI requested a review from ObsidianOracle October 7, 2025 11:46
@ObsidianOracle ObsidianOracle deleted the copilot/fix-login-invalid-credentials-message branch October 7, 2025 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ObsidianOracle ObsidianOracle Awaiting requested review from ObsidianOracle

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ObsidianOracle