Skip to content

fix: more specific error message #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
highesttt merged 1 commit into from
Jun 16, 2026
+28 −10
Merged

fix: more specific error message #187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions pkg/connector/connector.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,11 +204,10 @@ func (ll *LineEmailLogin) SubmitUserInput(ctx context.Context, input map[string]
}

func (ll *LineEmailLogin) loginErrorStep(message string) *bridgev2.LoginStep {
instructions := fmt.Sprintf("Error when logging in: %s", message)
return &bridgev2.LoginStep{
Type: bridgev2.LoginStepTypeUserInput,
StepID: "dev.highest.matrix.line.enter_creds",
Instructions: instructions,
Instructions: loginErrorInstructions(message),
UserInputParams: &bridgev2.LoginUserInputParams{
Fields: []bridgev2.LoginInputDataField{
{
Expand All @@ -226,6 +225,17 @@ func (ll *LineEmailLogin) loginErrorStep(message string) *bridgev2.LoginStep {
}
}

func loginErrorInstructions(message string) string {
message = strings.TrimSpace(message)
if message == "" {
return "Could not log in to LINE. Please check your email and password and try again."
}
if strings.EqualFold(message, "Account ID or password is invalid") {

@indent indent Bot Jun 16, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Brittle exact-string match: strings.EqualFold against the literal Account ID or password is invalid only fires when LINE returns that exact phrase. The data.reason field extracted by loginErrorReason is user-facing text from LINE and has historically changed wording across locales/versions; the moment it does (e.g. Invalid account ID or password, or a localized variant), this branch is skipped and users get the generic copy that this PR is specifically trying to avoid. Consider matching on a substring (strings.Contains(strings.ToLower(message), "password is invalid")) or — better — keying off the structured LINE error code if one is available upstream of loginErrorReason.

return "LINE rejected the email or password. Make sure you used the email from LINE Settings -> Account -> Email Address, then try again."
}
return fmt.Sprintf("Could not log in to LINE: %s", message)
}

func loginErrorReason(err error) string {
if err == nil {
return ""
Expand Down
24 changes: 16 additions & 8 deletions pkg/line/password/password.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package password

import (
"bytes"
"crypto/rand"
"crypto/rsa"
"encoding/hex"
Expand All @@ -11,7 +12,10 @@ import (
// EncryptPassword constructs the payload and encrypts it using RSA-PKCS1v15.
func EncryptPassword(email, password, sessionKey, nHex, eHex string) (string, error) {
// 1. Construct the payload: [len + val]...
payload := createPayload(email, password, sessionKey)
payload, err := createPayload(email, password, sessionKey)
if err != nil {
return "", fmt.Errorf("failed to create password payload: %w", err)
}

// 2. Parse Public Key from Hex
pubKey, err := parseRSAPublicKey(nHex, eHex)
Expand All @@ -20,7 +24,7 @@ func EncryptPassword(email, password, sessionKey, nHex, eHex string) (string, er
}

// 3. Encrypt using RSA-PKCS1-v1.5
encryptedBytes, err := rsa.EncryptPKCS1v15(rand.Reader, pubKey, []byte(payload))
encryptedBytes, err := rsa.EncryptPKCS1v15(rand.Reader, pubKey, payload)
if err != nil {
return "", fmt.Errorf("failed to encrypt payload: %w", err)
}
Expand All @@ -30,12 +34,16 @@ func EncryptPassword(email, password, sessionKey, nHex, eHex string) (string, er
}

// Format: [len(sessionKey) + sessionKey + len(email) + email + len(password) + password]
func createPayload(email, password, sessionKey string) string {
return fmt.Sprintf("%c%s%c%s%c%s",
len(sessionKey), sessionKey,
len(email), email,
len(password), password,
)
func createPayload(email, password, sessionKey string) ([]byte, error) {
var payload bytes.Buffer
for _, field := range []string{sessionKey, email, password} {
if len(field) > 255 {
return nil, fmt.Errorf("field is too long: %d bytes", len(field))

@indent indent Bot Jun 16, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Identify the offending field: when this fires the user / log reader has no way to tell whether the server-supplied sessionKey, their email, or their password was over 255 bytes. Swap the anonymous loop for named iterations so the error can name the field, e.g.:

for _, f := range []struct{ name, value string }{
    {"sessionKey", sessionKey},
    {"email", email},
    {"password", password},
} {
    if len(f.value) > 255 {
        return nil, fmt.Errorf("%s is too long: %d bytes (max 255)", f.name, len(f.value))
    }
    payload.WriteByte(byte(len(f.value)))
    payload.WriteString(f.value)
}

(Make sure not to log the field value — only the name and length.)

}
payload.WriteByte(byte(len(field)))
payload.WriteString(field)
}
return payload.Bytes(), nil
}

// parseRSAPublicKey converts hex modulus and exponent into *rsa.PublicKey.
Expand Down
Loading