[PM-30993] Better Error Message for Expired Invitation Tokens#6971
[PM-30993] Better Error Message for Expired Invitation Tokens#6971sven-bitwarden merged 17 commits intomainfrom
Conversation
|
New Issues (2)Checkmarx found the following issues in this Pull Request
|
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #6971 +/- ##
=======================================
Coverage 57.64% 57.64%
=======================================
Files 2033 2034 +1
Lines 89622 89626 +4
Branches 7977 7977
=======================================
+ Hits 51660 51668 +8
+ Misses 36106 36104 -2
+ Partials 1856 1854 -2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Claude finished @sven-bitwarden's task in 2m 14s —— View job Code Review: APPROVEThis PR introduces a
No issues found. Clean, well-structured PR with good test coverage. |
JaredSnider-Bitwarden
left a comment
JaredSnider-Bitwarden
left a comment
There was a problem hiding this comment.
Nice work!
…essage # Conflicts: # src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AcceptOrgUserCommand.cs
sven-bitwarden
dismissed stale reviews from JaredScar and JaredSnider-Bitwarden
via
0d3fc39
|
@JaredScar @JaredSnider-Bitwarden sorry y'all, my prior PR #6972 had a conflict here 🙏 |
sven-bitwarden
dismissed stale reviews from JaredSnider-Bitwarden and JaredScar
via
93350af
|
@JaredScar @JaredSnider-Bitwarden 🙏 Through QA (which is difficult to QA expired tokens) we found an additional area that needs to benefit from the expired token message. This lead me to consolidate the error message creation logic. @JaredSnider-Bitwarden I wasn't sure of your preference - we could have all of the methods inside of the static class point to the new method and check if it's null or not to determine the presence of an error. I left it as-is otherwise |
JaredSnider-Bitwarden
left a comment
JaredSnider-Bitwarden
left a comment
There was a problem hiding this comment.
Excellent work! Please be sure that the standard org invite and org invite registration flows are re-tested by QA. The tests give great confidence that those will be successful though!
|
sven-bitwarden
deleted the
ac/pm-30993/update-expired-token-exception-message
branch
4 participants
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-30993
📔 Objective
The server currently sends a nondescript
Invalid token.error message when accepting an invalid token. While technically true, we want to be kinder to users accepting expired tokens, giving them a better error message.Other Considerations
I thought about enhancing the Tokenable API to be return a
TokenableValidationResult, which could mirror the existing inheritance hierarchy to return objects that indicate what went wrong. For example, Tokenable returns TokenableValidationResult, ExpiringTokenable returns ExpiringTokenableValidationResult.. each tacking on new metadata.I opted not to do this, as this is so far the only Tokenable area that is interested in knowing what validation failed, and I didn't want to force the creation of N result classes (one for each Tokenable derivative).
📸 Screenshots