Email Verification required and Captcha return the same error code

Hey!

I think this might be a bug — or at least a DX issue — because the current implementation doesn’t let us differentiate between different failure cases.

Here’s the relevant code:

signIn.email({
      email: values.email,
      password: values.password,
      callbackURL: "/dashboard",
      fetchOptions: {
        headers: {
          "x-captcha-response": turnstileToken
        },
        onResponse: () => {
          setLoading(false);
        },
        onRequest: () => {
          setLoading(true);
        },
        onError: (ctx) => {
          if (ctx.error.status === 403) {
            toast.error(`You need a verified email address to login, an email has been sent to you.`);
            
          } else {
            toast.error(ctx.error.message);
          }
        },
        onSuccess: () => {
          toast.success("Login successful, redirecting...");
        },
      },
    });

signIn.email({
      email: values.email,
      password: values.password,
      callbackURL: "/dashboard",
      fetchOptions: {
        headers: {
          "x-captcha-response": turnstileToken
        },
        onResponse: () => {
          setLoading(false);
        },
        onRequest: () => {
          setLoading(true);
        },
        onError: (ctx) => {
          if (ctx.error.status === 403) {
            toast.error(`You need a verified email address to login, an email has been sent to you.`);
            
          } else {
            toast.error(ctx.error.message);
          }
        },
        onSuccess: () => {
          toast.success("Login successful, redirecting...");
        },
      },
    });

signIn.email({
      email: values.email,
      password: values.password,
      callbackURL: "/dashboard",
      fetchOptions: {
        headers: {
          "x-captcha-response": turnstileToken
        },
        onResponse: () => {
          setLoading(false);
        },
        onRequest: () => {
          setLoading(true);
        },
        onError: (ctx) => {
          if (ctx.error.status === 403) {
            toast.error(`You need a verified email address to login, an email has been sent to you.`);
            
          } else {
            toast.error(ctx.error.message);
          }
        },
        onSuccess: () => {
          toast.success("Login successful, redirecting...");
        },
      },
    });

signIn.email({
      email: values.email,
      password: values.password,
      callbackURL: "/dashboard",
      fetchOptions: {
        headers: {
          "x-captcha-response": turnstileToken
        },
        onResponse: () => {
          setLoading(false);
        },
        onRequest: () => {
          setLoading(true);
        },
        onError: (ctx) => {
          if (ctx.error.status === 403) {
            toast.error(`You need a verified email address to login, an email has been sent to you.`);
            
          } else {
            toast.error(ctx.error.message);
          }
        },
        onSuccess: () => {
          toast.success("Login successful, redirecting...");
        },
      },
    });

The issue is that both of the following failure cases return the same 403 status:

When the user hasn’t verified their email.
When the captcha check fails.

The frontend can’t tell them apart, so users get the same error message either way — which is confusing and bad UX.

Email Verification required and Captcha return the same error code

Similar Threads

Similar Threads

Similar Threads