Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-2194

Don't display stack trace to user on login error

    Details

    • Type: Bug Report
    • Status: Done
    • Priority: L3 - Default
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: 2.5.0-alpha2
    • Component/s: frontend
    • Labels:

      Description

      Observed
      When there's an error logging the user in, we currently display the whole stacktrace. This is neither understandable nor actionable for an end user and could potentially blow the screen up to any possible height, and therefore should be fixed.

      Expected
      There should only be a human digestible message (without a stacktrace):

      There was an error. If the error persists, contact the system administrator.

        Activity

        Hide
        omran.abazeed Omran Abazeed added a comment -

        Franz Heidl,
        Can you please tell us how to reproduce the error in the attached image because maybe it is better to be solved from the backend

        Show
        omran.abazeed Omran Abazeed added a comment - Franz Heidl , Can you please tell us how to reproduce the error in the attached image because maybe it is better to be solved from the backend
        Hide
        franz.heidl Franz Heidl added a comment -

        I'd love to, but at the point I got this I just tried to log in, I have no idea how to reproduce this or what happened at BE side…

        Show
        franz.heidl Franz Heidl added a comment - I'd love to, but at the point I got this I just tried to log in, I have no idea how to reproduce this or what happened at BE side…
        Hide
        omran.abazeed Omran Abazeed added a comment -

        Since we cannot reproduce it, we will have to close the ticket for now and reopen it later when it happens again.

        Show
        omran.abazeed Omran Abazeed added a comment - Since we cannot reproduce it, we will have to close the ticket for now and reopen it later when it happens again.
        Hide
        franz.heidl Franz Heidl added a comment -

        Even though we cannot reproduce this specific error, there must be a way to prevent any error stack trace from being displayed and the generic message being rendered instead I would assume?

        Show
        franz.heidl Franz Heidl added a comment - Even though we cannot reproduce this specific error, there must be a way to prevent any error stack trace from being displayed and the generic message being rendered instead I would assume?
        Hide
        franz.heidl Franz Heidl added a comment -

        After discussion with Omran Abazeed and Johannes Heinemann it turned out we actually need to rely on the error from the server (e.g. to support messaging re account lock after too many failed login attempts), hence we cannot simply not show the original server error.
        We decided to not go down the road of parsing the error message as this isn't a robust solution, as a consequence we'll have to live with the current situation. We expect a situation that results in a stack trace as long as in the screen shot above to be very rare though.

        Show
        franz.heidl Franz Heidl added a comment - After discussion with Omran Abazeed and Johannes Heinemann it turned out we actually need to rely on the error from the server (e.g. to support messaging re account lock after too many failed login attempts), hence we cannot simply not show the original server error. We decided to not go down the road of parsing the error message as this isn't a robust solution, as a consequence we'll have to live with the current situation. We expect a situation that results in a stack trace as long as in the screen shot above to be very rare though.

          People

          • Assignee:
            Unassigned
            Reporter:
            franz.heidl Franz Heidl
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: