Refactor login error handling and improve user feedback

- Update LoginForm component to display error messages directly from the authentication response. - Modify useAuth composable to handle login errors more effectively, ensuring proper error messages are thrown. - Enhance login API response to return structured error messages for invalid credentials. - Adjust Cidaas utility to throw specific errors for invalid username/password scenarios.
2025-10-31 14:51:15 +01:00
parent 7c7c4fcb6f
commit c2c706ebcf
5 changed files with 54 additions and 33 deletions
--- a/server/api/auth/login.post.ts
+++ b/server/api/auth/login.post.ts
@@ -21,6 +21,7 @@

 import { z } from 'zod'
 import { eq } from 'drizzle-orm'
+import { users } from '../../database/schema'

 const loginSchema = z.object({
  email: z.string().email('Invalid email address'),
@@ -93,15 +94,19 @@ export default defineEventHandler(async (event) => {

    // Handle specific error cases
    if (error.statusCode === 401) {
-      throw createError({
-        statusCode: 401,
-        statusMessage: 'Ungültige E-Mail-Adresse oder Passwort',
-      })
+      // Set response status and return error as JSON body
+      // This ensures umlauts are properly encoded in the response body
+      setResponseStatus(event, 401, 'Invalid credentials')
+      return {
+        success: false,
+        message: 'Ungültige E-Mail-Adresse oder Passwort',
+      }
    }

-    throw createError({
-      statusCode: 500,
-      statusMessage: 'Anmeldung fehlgeschlagen',
-    })
+    setResponseStatus(event, 500, 'Login failed')
+    return {
+      success: false,
+      message: 'Anmeldung fehlgeschlagen',
+    }
  }
 })
--- a/server/utils/cidaas.ts
+++ b/server/utils/cidaas.ts
@@ -256,6 +256,14 @@ export async function loginWithPassword(
      console.error('Cidaas password login failed:', errorData)

      // Handle specific errors
+      // Cidaas returns 400 with error: 'invalid_username_password' for invalid credentials
+      if (response.status === 400 && errorData.error === 'invalid_username_password') {
+        throw createError({
+          statusCode: 401,
+          statusMessage: 'Invalid email or password',
+        })
+      }
+
      if (response.status === 401) {
        throw createError({
          statusCode: 401,