Improvement of notifying sign in error about hackatalk HOT 7 CLOSED

#436 (comment)

from hackatalk.

Specify project
Client

Is your feature request related to a problem? Please describe.
When I tried to sign in with incorrect email, but correct password, error message displays like "비밀번호를 다시 확인해주세요.".

Describe the solution you'd like
현재 db, 클라이언트에서 어떤 부분이 틀렸는지 알려줍니다.

어떤 부분이 틀렸는지 알려주는 것은 보안상으로 이슈가 있을 것으로 예상됩니다.

일례로 네이버 로그인 창에서는 아이디 또는 비밀번호가 틀리면 어떤게 틀렸는지 알려주지 않고 "가입하지 않은 아이디이거나, 잘못된 비밀번호입니다.와 같은 메시지를 표시합니다.

Additional context

I hope you write in English next time 😅 so that more people around the world lately can participate in our work.
I think this issue is the matter of which string we should provide here since it doesn't tell which is wrong. It just tells that the password is incorrect. It doesn't argue that the email is wrong.

from hackatalk.

Do you saying it should validate and tells whether email is wrong not only arguing about password if I understand correctly? @hyochan

from hackatalk.

Do you saying it should validate and tells whether email is wrong not only arguing about password if I understand correctly? @hyochan

No. Looking inside the code, I found that it did not have any scenario on giving hints on the wrong email that does not match the database. Just telling the email format is not correct does not make any security issue.

from hackatalk.

Okay I got this now "No. Looking inside the code, I found that it did not have any scenario on giving hints on the wrong email that does not match the database. Just telling the email format is not correct does not make any security issue."

Than, how about just displaying error message like "가입하지 않은 아이디이거나, 잘못된 비밀번호입니다." not displaying red underline because users may be confused because of it.(email format is wrong, but message is "비밀번호를 다시 확인해주세요." with red underline on password field)

from hackatalk.

Than, how about just displaying error message like "가입하지 않은 아이디이거나, 잘못된 비밀번호입니다." not displaying red underline because users may be confused because of it.(email format is wrong, but message is "비밀번호를 다시 확인해주세요." with red underline on password field)

I think you've missed the code here https://github.com/dooboolab/hackatalk/blob/ee38d64fba78203f63e13a80425e7e689d383c29/client/src/components/pages/SignIn/index.tsx#L176.

I am still confused about what you are trying to achieve here. How about just give out a proposal if you think something is actually needed? Or it'd be good to bring another idea and focus on that 🤔

from hackatalk.

I've focused on these lines
https://github.com/dooboolab/hackatalk/blob/ee38d64fba78203f63e13a80425e7e689d383c29/client/src/components/pages/SignIn/index.tsx#L217-L220
It only tells password is incorrect If I understand correctly.

Well if you think it is not an issue I will close this issue.

from hackatalk.