Users receive incorrect error message when login system fails

[trillium]

Overview

Users receive incorrect error messages when the VRMS login system encounters failures, leading them to believe their login attempts are failing due to their account not existing (currently showing: We don't recognize your email address. Please create an account). This confusion causes unnecessary troubleshooting attempts and erodes user confidence in the system.

Action Items

• Audit the current login backend error states and HTTP status codes returned by the server
• Map each status code to appropriate user-facing messages:
  • Account not found errors (user doesn't exist) → "We don't recognize your email address"
  • Authentication/credential errors → "Incorrect email or password"
  • Server/system errors (5xx) → "We're experiencing technical difficulties. Please try again later"
  • Service unavailability → "The login service is temporarily unavailable"
• Update backend to return appropriate status codes and error messages based on the actual failure reason
• Update frontend to display the server's error message to the user instead of a generic message
• Test error messages across different failure scenarios to ensure correct messaging
• Document the error response format and mapping for future maintainers

Resources/Instructions

• Review the existing login flow and error handling in the VRMS backend
• Examine current HTTP status codes being returned by the authentication endpoints
• The backend should communicate the actual error type via both status code and response body, allowing the frontend to display appropriate messaging
• Related issue: Admin Login Requires Multiple Attempts  #1322 (Admin Login Requires Multiple Attempts) - This issue was split off to focus on error messaging
• Consider examining API error handling patterns (e.g., GitHub API, Google APIs) for reference on status code usage