invalid login credentials fixes

common/locales/en/api-v3.json

@@ -16,6 +16,7 @@
   "passwordResetEmailSubject": "Password Reset for Habitica",
   "passwordResetEmailText": "Password for <%= username %> has been reset to <%= newPassword %> . Important! Both username and password are case-sensitive -- you must enter both exactly as shown here. We recommend copying and pasting both instead of typing them. Log in at <%= baseUrl %>. After you have logged in, head to <%= baseUrl %>/#/options/settings/settings and change your password.",
   "passwordResetEmailHtml": "Password for <strong><%= username %></strong> has been reset to <strong><%= newPassword %></strong>.<br /><br />Important! Both username and password are case-sensitive -- you must enter both exactly as shown here. We recommend copying and pasting both instead of typing them.<br /><br />Log in at <%= baseUrl %>. After you have logged in, head to <%= baseUrl %>/#/options/settings/settings and change your password.",
+  "invalidLoginCredentialsLong": "Uh-oh - your username or password is incorrect.\n- Make sure your username or email is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login.\n- If you forgot your password, click \"Forgot Password\".",
   "invalidCredentials": "User not found with given auth credentials.",
   "accountSuspended": "Account has been suspended, please contact leslie@habitica.com with your UUID \"<%= userId %>\" for assistance.",
   "onlyFbSupported": "Only Facebook supported currently.",

test/api/v3/integration/user/auth/POST-login-local.test.js

@@ -29,41 +29,41 @@ describe('POST /user/auth/local/login', () => {
   });
   it('user is blocked', async () => {
     await user.update({ 'auth.blocked': 1 });
-    expect(api.post(endpoint, {
+    await expect(api.post(endpoint, {
       username: user.auth.local.username,
       password,
     })).to.eventually.be.rejected.and.eql({
-      code: 400,
+      code: 401,
       error: 'NotAuthorized',
       message: t('accountSuspended', { userId: user._id }),
     });
   });
   it('wrong password', async () => {
-    expect(api.post(endpoint, {
+    await expect(api.post(endpoint, {
       username: user.auth.local.username,
       password: 'wrong-password',
     })).to.eventually.be.rejected.and.eql({
-      code: 400,
+      code: 401,
       error: 'NotAuthorized',
-      message: t('wrongPassword'),
+      message: t('invalidLoginCredentialsLong'),
     });
   });
   it('missing username', async () => {
-    expect(api.post(endpoint, {
+    await expect(api.post(endpoint, {
       password: 'wrong-password',
     })).to.eventually.be.rejected.and.eql({
       code: 400,
-      error: 'NotAuthorized',
-      message: t('missingUsername'),
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
     });
   });
   it('missing password', async () => {
-    expect(api.post(endpoint, {
+    await expect(api.post(endpoint, {
       username: user.auth.local.username,
     })).to.eventually.be.rejected.and.eql({
       code: 400,
-      error: 'NotAuthorized',
-      message: t('missingPassword'),
+      error: 'BadRequest',
+      message: t('invalidReqParams'),
     });
   });
 });

website/src/controllers/api-v3/auth.js

@@ -208,11 +208,8 @@ api.loginLocal = {
     }
 
     let user = await User.findOne(login, {auth: 1, apiToken: 1}).exec();
-
-    // TODO place back long error message return res.json(401, {err:"Uh-oh - your username or password is incorrect.\n- Make sure your username or email is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login.\n- If you forgot your password, click \"Forgot Password\"."});
     let isValidPassword = user && user.auth.local.hashed_password === passwordUtils.encrypt(req.body.password, user.auth.local.salt);
-
-    if (!isValidPassword) throw new NotAuthorized(res.t('invalidLoginCredentials'));
+    if (!isValidPassword) throw new NotAuthorized(res.t('invalidLoginCredentialsLong'));
     _loginRes(user, ...arguments);
   },
 };