Problem/Motivation

When a Login attempt is unsuccessful due to incorrect username and/ or password being supplied, two sets of information regarding the failure are displayed to the user in two different areas of the page. An error message is displayed in the messages area and a conflicting message is displayed by the inline_form_errors core module inline with the login form elements (i.e. further down the page). Not only do the two sets of output conflict, the output is also factually incorrect.

So, for example, the message "1 error has been found: username" is output, regardless of whether an incorrect username was entered, or if just the password was entered incorrectly, or indeed if both form elements received incorrect input.

For reference, this is what D7 did, hence why this issue is described as a regression:

Steps to reproduce

  1. Install a Drupal 11 site using the standard profile.
  2. Ensure that the Inline Form Errors core module is enabled.
  3. Login to the site using the standard login form at /user/login but enter an incorrect username/ password combination.
  4. Observe the error message output and the inline_form_errors output lower down the page adjacent to the login form itself.

Proposed resolution

Usability meeting determined that skipping the behavior of the Inline Form Errors module for the login form is a good first step [to fixing this issue].

Remaining tasks

Apply the code fix and create test coverage: how about a functional test inside the inline_form_errors module?

User interface changes

N/A

Introduced terminology

N/A

API changes

N/A

Data model changes

N/A

Release notes snippet

N/A

CommentFileSizeAuthor
#16 regressionPatchApply.jpg253 KBshwetaneelsharma
#11 interdiff-6-11.txt695 bytessdstyles
#11 regression_login_form-2579779-11.patch2.55 KBsdstyles
#9 with.png37.94 KBmgifford
#8 with-n-without.png73.85 KBmgifford
#6 regression_login_form-2579779-6.patch2.38 KBcilefen
#4 regression_login_form-2579779-4.patch1.71 KBcilefen
Screen Shot 2015-10-03 at 8.14.54 PM.png158.26 KBcilefen
Screen Shot 2015-10-03 at 8.15.08 PM.png157.62 KBcilefen

Issue fork drupal-2579779

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

cilefen created an issue. See original summary.

cilefen’s picture

cilefen commented
Issue summary: View changes
cilefen’s picture

cilefen commented
Issue tags: +Usability
cilefen’s picture

cilefen commented
Status: Active » Needs review
StatusFileSize
new regression_login_form-2579779-4.patch1.71 KB

Status: Needs review » Needs work

The last submitted patch, 4: regression_login_form-2579779-4.patch, failed testing.

cilefen’s picture

cilefen commented
Status: Needs work » Needs review
StatusFileSize
new regression_login_form-2579779-6.patch2.38 KB

The last submitted patch, 4: regression_login_form-2579779-4.patch, failed testing.

mgifford’s picture

mgifford
he/him
Primary language English
commented
Issue summary: View changes
StatusFileSize
new with-n-without.png73.85 KB

Here's a screenshot without & also with the patch. The one on the right is with the patch above:

Definitely an improvement.

mgifford’s picture

mgifford
he/him
Primary language English
commented
Issue summary: View changes
StatusFileSize
new with.png37.94 KB

Sorry screenshot wit the patch was a different width. This one is a better comparison.

cilefen’s picture

cilefen commented
Status: Needs review » Needs work
Issue tags: +Novice

I added the Novice tag because a novice can do the following:

+++ b/core/modules/user/src/Tests/UserBlocksTest.php
@@ -72,8 +72,6 @@ function testUserLoginBlock() {
     $this->drupalPostForm('node', $edit, t('Log in'));
-    $this->assertRaw('1 error has been found:');
-    $this->assertRaw('<a href="#edit-name">Username</a>');
     $this->assertText(t('Unrecognized username or password.'));

These could be converted to ->assertNoRaw.

sdstyles’s picture

sdstyles commented
Status: Needs work » Needs review
StatusFileSize
new regression_login_form-2579779-11.patch2.55 KB
new interdiff-6-11.txt695 bytes
cilefen’s picture

cilefen commented 
+++ b/core/modules/user/src/Tests/UserBlocksTest.php
@@ -72,9 +72,7 @@ function testUserLoginBlock() {
-    $this->assertRaw('<a href="#edit-name">Username</a>');
-    $this->assertText(t('Unrecognized username or password.'));
+    $this->assertNoRaw('<a href="#edit-name">Username</a>', t('Unrecognized username or password.'));

This is sort-of the idea and it will probably pass the bots, however, this will not do what you intend—you cannot combine asserts like this with assertNoRaw. The second parameter is supposed to be the test log message. You can't pass additional strings to be checked.

Instead, you would replace the ->assertRaw with ->assertNoRaw and ->assertText with ->assertNoText.

But, this issue may not be necessary if the forms issue that inadvertently caused it is reverted, as seems likely.

Bojhan’s picture

Bojhan commented

Why do we remove the drupal set message, are we special casing this one message?

cilefen’s picture

cilefen commented

Yes.

j2r’s picture

j2r commented
Status: Needs review » Needs work
Issue tags: +Needs reroll
StatusFileSize
new without-patch.png55.08 KB

The patch fail to apply - adding tag 'Needs reroll'
When I try to login with invalid username or password I am getting the correct output - Please check the screenshot.

shwetaneelsharma’s picture

shwetaneelsharma commented
StatusFileSize
new regressionPatchApply.jpg253 KB

Tried applying regression_login_form-2579779-11.patch. Error attached in the screenshot.

maris.abols’s picture

maris.abols commented
Assigned: Unassigned » maris.abols
cilefen’s picture

cilefen commented
Status: Needs work » Closed (won't fix)
Issue tags: -Novice, -Needs reroll

#2578561: Move "Inline Form Errors" functionality to optional module and restore D7-style form errors by default removed the functionality we don't want.

maris.abols’s picture

maris.abols commented
Assigned: maris.abols » Unassigned
PeterE’s picture

PeterE commented

I am not a fan of patches, so a simple solution for me was to copy the "status-messages.html.twig" template from the core Classy theme into my own theme. I then I added an id (status_message) to the div as follows:

<div data-drupal-messages id="status_message">

Then in css I hid the status message as follows:

.context-user-login #status_message {
	display: none; /* hides redundant error message on login screen */
}
skaught’s picture

skaught
Primary language English
commented

you can also override what the messeage in the block says more directly for your project by putting. 

$settings['locale_custom_strings_en'][''] = array(
  'Unrecognized username or password. <a href=":password">Forgot your password?</a>' => 'My message is better than yours!',
);

in settings.php

skaught’s picture

skaught
Primary language English
commented

removed. flashback, double post.

benjifisher credited MrPaulDriver.

benjifisher credited longwave.

benjifisher’s picture

benjifisher
he/him or they/them
Primary language English
Location Boston area
commented
Status: Closed (won't fix) » Active

I am reopening this issue and marking #3179666: Inline Form Errors module advises that a failed login attempt with the wrong password is because of providing the wrong username. as a duplicate.

Even though the Inline Form Errors (IEF) module is disabled by default, it would be nice to solve the problem here even when IEF is enabled.

One suggestion from #3179666: Inline Form Errors module advises that a failed login attempt with the wrong password is because of providing the wrong username.:

As there are only two fields I wonder if the login form is a case where we should just disable inline form errors entirely via #2856950: Add a possibility to disable inline form errors for a complete form

We discussed these issues at #3186531: Drupal Usability Meeting 2020-12-11. We identified two problems with notifications that we might want to address, but not as part of this issue:

  1. Drupal puts all status messages in the same place (usually at the top of the screen). This is appropriate for site errors, but it is confusing to put user errors in the same place.
  2. The problem in this issue is similar to one we discussed in #2895055: Edit the date range error messages. With the login form and with datetime rage fields, there are two related fields. There is no way to decide which one has the invalid input, but the IEF module picks one. (I think it picks the first one on the form.) This can be confusing.

For this issue, we agreed that disabling IEF for the login form is a good step to take.

benjifisher’s picture

benjifisher
he/him or they/them
Primary language English
Location Boston area
commented
Version: 8.0.x-dev » 9.2.x-dev
mrpauldriver’s picture

mrpauldriver commented
Issue tags: +Bug Smash Initiative

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.0-rc1 was released on November 26, 2021, which means new developments and disruptive changes should now be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.0-alpha1 was released on May 6, 2022, which means new developments and disruptive changes should now be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

smustgrave’s picture

smustgrave commented
Status: Active » Closed (cannot reproduce)

Closing as cannot reproduce

In Drupal 9.5 when using a wrong username/password combo I get

Unrecognized username or password. Forgot your password? which seems pretty clear.

If this is still an issue please reopen maybe with an updated issue summary, screenshots, etc.

Thanks!

driskell’s picture

driskell commented
Status: Closed (cannot reproduce) » Active

@smusgrave

Closing as cannot reproduce

In Drupal 9.5 when using a wrong username/password combo I get

Unrecognized username or password. Forgot your password? which seems pretty clear.

If this is still an issue please reopen maybe with an updated issue summary, screenshots, etc.

The Inline Form Errors core module needs to be enabled to reproduce. The fix recommended was to disable this modules functionality from applying to the login form so that even when the module is enabled you see the default messaging.

I’ll reopen.

smustgrave’s picture

smustgrave commented
Issue tags: +Needs issue summary update

Thanks. Sounds like it will need an issue summary update to be more clear.

Version: 9.5.x-dev » 10.1.x-dev

Drupal 9.5.0-beta2 and Drupal 10.0.0-beta2 were released on September 29, 2022, which means new developments and disruptive changes should now be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

dmrupp’s picture

dmrupp commented
Issue summary: View changes
dmrupp’s picture

dmrupp commented
Issue tags: -Needs issue summary update

I removed "Needs issue summary update" because I added the detail that the inline forms error module must be enabled to recreate this issue. This is still occuring on core 9.5.9.

Version: 10.1.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch, which currently accepts only minor-version allowed changes. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

mlncn’s picture

mlncn commented
Priority: Normal » Major
Issue summary: View changes
Status: Active » Needs review
Issue tags: +Needs reroll

Bumping this to major because the message:

> 1 error has been found: Username

occurs when people enter an incorrect password, also, and that stops most people from trying a different password or trying to reset their password.

mlncn’s picture

mlncn commented
Status: Needs review » Needs work

welly made their first commit to this issue’s fork.

welly opened merge request !4728

welly’s picture

welly commented
Status: Needs work » Needs review

Can confirm patch at #11 resolves the described issue. Have rerolled for 11.x

welly’s picture

welly commented
Issue tags: -Needs reroll

(Removed "Needs reroll" tag)

welly’s picture

welly commented
smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work
Issue tags: +Needs tests

Seems test coverage is lost

welly’s picture

welly commented

Cheers @smustgrave, will get that fixed 👍

dcam made their first commit to this issue’s fork.

oily’s picture

oily commented
Title: Regression: Login form error message is redundant and does not make sense » Regression: When A Login attempt is unsuccessful two sets of conflicting information are displayed not make sense
Issue summary: View changes
oily’s picture

oily commented
Title: Regression: When A Login attempt is unsuccessful two sets of conflicting information are displayed not make sense » Regression: When A Login attempt is unsuccessful two sets of conflicting information are displayed
oily’s picture

oily commented
Issue summary: View changes
oily’s picture

oily commented

Have updated the IS. Applied the IS template.

oily’s picture

oily commented

Added stub functional test to the IFE module. Need to test the following scenarios: logins with bad username, bad password and bad username and password.

Assert that the status error message appears but that no IFE errors are output to the screen.

Version: 11.x-dev » main

Drupal core is now using the main branch as the primary development branch. New developments and disruptive changes should now be targeted to the main branch.

Read more in the announcement.