Error message indistinguishable

[wytrych]

I'm trying to e2e test user registration and login.

When I try to log in with bad credentials I get back a 400 error with a text in non_field_errors Unable to log in with provided credentials.

When I try to log in with an unverified account I also get back a 400 error with a different non_field_errors User account is disabled.

The only way to distinguish between them is by the error text, which will break when the text changes or we change to a different language.

A possible solution would be to use a different error status or maybe add a field which describes error type in machine readable form.

[wytrych]

@kevinetienne @meshy @Ian-Foote FYI

[meshy]

Why do you need to distinguish between them? Is a 400 not enough to confirm your expected result? What are you testing exactly?

[kevinetienne]

It looks like we are already making the distinction between:

• a bad password
• an inactive account

Maybe the first one should return a 401?

[meshy]

@kevinetienne they are both bad requests. 400 is correct.

[wytrych]

@meshy I wanted to test two cases:

1. A user has created an account, enters their correct email and password, but the account isn't verified, so it will not let them in.
2. A user enters bad credentials, so can't log in.

[LilyFoote]

I think this might be trying to test too much in end-to-end tests.

[wytrych]

Possibly.