improvement: provide better error message on hijack protection

team-alembic · Dec 12, 2024 · a265b57 · a265b57
1 parent b1d31c1
commit a265b57
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/lib/mix/tasks/ash_authentication_phoenix.install.ex b/lib/mix/tasks/ash_authentication_phoenix.install.ex
@@ -271,7 +271,21 @@ defmodule Mix.Tasks.AshAuthenticationPhoenix.Install do
         |> redirect(to: return_to)
       end
 
-      def failure(conn, _activity, _reason) do
+      def failure(conn, activity, reason) do
+        message =
+          case {activity, reason} do
+            {{:magic_link, _},
+            %AshAuthentication.Errors.AuthenticationFailed{
+              caused_by: %Ash.Error.Forbidden{
+                errors: [%AshAuthentication.Errors.CannotConfirmUnconfirmedUser{}]
+              }
+            }} ->
+              "You have already signed in another way, but have not confirmed your account. Please confirm your account."
+
+            _ ->
+              "Incorrect email or password"
+          end
+
         conn
         |> put_flash(:error, "Incorrect email or password")
         |> redirect(to: ~p"/sign-in")