fix: Updated translation key usage in change password error scenario

[utkershrajvenshi]

Description

Updated translation keys being used in toast component invokation in change password catch block. Fixes #8082

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Improvement (change that would cause existing functionality to not work as expected)
• Code refactoring
• Performance improvements
• Documentation update

Screenshots and Media (if applicable)

Test Scenarios

References

---

Note

Use change_password-specific i18n keys for error toast in the account security password change flow.

^{Written by Cursor Bugbot for commit 7602831. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

• Bug Fixes
  • Improved error message accuracy during password change operations by displaying more contextually relevant authentication error notifications.

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

Walkthrough

The SecurityPage component's error handling was updated to display password change-specific error translations instead of generic password error keys, ensuring appropriate error messages appear when authentication errors occur during the password change process.

Changes

Cohort / File(s)	Change Summary
Error translation key updates apps/web/app/(all)/[workspaceSlug]/(settings)/settings/account/security/page.tsx	Updated error toast title and message to use change_password translation keys instead of generic password keys for improved error messaging during password changes

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Single file change affecting only error message translation keys
• No logic modifications or control-flow alterations
• Straightforward string substitution for improved error messaging alignment

Poem

🐰 A password changed, now errors sing clear,
No cryptic keys to fill hearts with fear,
From generic to specific, the message takes flight,
Error handling polished, passwords set right! 🔐

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating translation key usage for change password error scenarios.
Description check	✅ Passed	The description covers the bug fix type, references the linked issue #8082, but lacks test scenarios and screenshots sections.
Linked Issues check	✅ Passed	The PR updates translation keys in the change password error handler to use change_password-specific i18n keys instead of generic password keys, directly addressing the root cause of issue #8082 where translation keys were displayed instead of user-friendly error messages.
Out of Scope Changes check	✅ Passed	The change is limited to updating translation key references in the SecurityPage password change error handler, remaining focused on the scope of issue #8082 without introducing unrelated modifications.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4e357c4 and 7602831.

📒 Files selected for processing (1)

• apps/web/app/(all)/[workspaceSlug]/(settings)/settings/account/security/page.tsx (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

apps/web/app/(all)/[workspaceSlug]/(settings)/settings/account/security/page.tsx (1)

packages/i18n/src/store/index.ts (1)

• t (223-244)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Good alignment with success message pattern, but verify translation keys exist.

The change to use change_password specific error keys is consistent with the success toast pattern (lines 89-90) and is more semantically appropriate than generic password error keys.

However, issue #8082 indicates that translation keys were being displayed as raw text (e.g., "auth.common.password.toast.error.title"), suggesting those keys didn't exist in the translation files. This fix assumes the new keys auth.common.password.toast.change_password.error.title and auth.common.password.toast.change_password.error.message are properly defined. Based on the provided context (lines 222-243 of packages/i18n/src/store/index.ts), if a key is not found, the t() function returns the key itself as a string, which would reproduce the same issue.

Additionally, the PR objective mentions backend error types like INVALID_NEW_PASSWORD and INVALID_PASSWORD from the zxcvbn complexity check. Ensure authErrorHandler (line 97) properly maps these error codes to user-friendly messages.

Run the following script to verify the translation keys exist and check for related password error handling:

---

🏁 Script executed:

#!/bin/bash
# Verify new translation keys exist in i18n files and check authErrorHandler coverage

echo "=== Searching for new translation keys in i18n/locale files ==="
rg -n "change_password\.error\.(title|message)" --type json --type ts

echo -e "\n=== Checking authErrorHandler implementation ==="
ast-grep --pattern 'export $_ function authErrorHandler($$$) { $$$ }'

echo -e "\n=== Searching for password complexity error codes ==="
rg -n "INVALID_NEW_PASSWORD|INVALID_PASSWORD" --type ts --type py -C 2

Length of output: 22807

---

</thinking>

Based on the verification, the script output reveals a **critical issue**: The new translation keys `auth.common.password.toast.change_password.error.title` and `auth.common.password.toast.change_password.error.message` do **not exist** in the i18n translation files. The grep search found only references to these keys in the code being reviewed (lines 102, 104), not their definitions in translation files.

Additionally, the `authErrorHandler` function was not found by the ast-grep search, suggesting either it's defined differently or the error handling logic relies entirely on the translation fallback.

**Verify translation keys are added and error handler covers password complexity codes.**

The change aligns error toast keys with the success pattern (consistent with lines 89-90), but verification shows the new keys `auth.common.password.toast.change_password.error.title` and `auth.common.password.toast.change_password.error.message` are not currently defined in i18n translation files. If the key is still not found, i18n will then return the key itself, which would reproduce the exact problem from issue #8082 (raw translation keys displayed).

Additionally, confirm that `authErrorHandler` (line 97) properly handles backend error codes like `INVALID_NEW_PASSWORD` and `INVALID_PASSWORD`. The backend sends these codes from password complexity checks, but the error handler must map them to user-friendly messages before falling back to translation keys.

**Required actions:**
1. Ensure the translation keys are defined in all language translation files (e.g., `packages/i18n/src/locales/en.json`)
2. Verify `authErrorHandler` maps backend error codes (`INVALID_NEW_PASSWORD`, `INVALID_PASSWORD`) to readable messages
3. Test the error handling flow with actual password complexity failures

---

🏁 Script executed:

```shell
#!/bin/bash
# Find authErrorHandler and verify translation key existence more thoroughly

echo "=== Searching for authErrorHandler function definition (any scope) ==="
rg -n "authErrorHandler" --type ts --type tsx -B 2 -A 8

echo -e "\n=== Searching for i18n locale files structure ==="
fd -e json -e ts -path "*i18n*" -path "*locale*" | head -20

echo -e "\n=== Checking if translation keys exist with slightly different format ==="
rg -n "change_password" --type json | grep -i "error\|toast" || echo "No matches found"

echo -e "\n=== Looking at the component to understand error flow ==="
rg -n "authErrorHandler\|errorInfo" apps/web/app/\(all\)/\[workspaceSlug\]/\(settings\)/settings/account/security/page.tsx -A 2 -B 2

Length of output: 590

---

---

🏁 Script executed:

#!/bin/bash
# Corrected script with proper syntax

echo "=== Searching for authErrorHandler function definition ==="
rg -n "authErrorHandler" -A 8 --glob "*.ts" --glob "*.tsx" 2>/dev/null || echo "Function not found or search failed"

echo -e "\n=== Finding i18n locale files ==="
find . -path "*/i18n/*" -name "*.json" 2>/dev/null | grep -i locale | head -10

echo -e "\n=== Checking if change_password.error keys exist in JSON files ==="
find . -name "*.json" -path "*/i18n/*" -o -name "*.json" -path "*/locale/*" 2>/dev/null | xargs grep -l "change_password.error" 2>/dev/null || echo "No translation files contain change_password.error keys"

echo -e "\n=== Viewing the security page component error handling ==="
find . -path "*settings/account/security*" -name "page.tsx" 2>/dev/null | head -1 | xargs cat 2>/dev/null | grep -A 15 "catch.*error" | head -30

echo -e "\n=== Finding where translation keys should be defined ==="
find . -name "*.json" -path "*/i18n/*" 2>/dev/null | head -5 | xargs ls -lh

echo -e "\n=== Searching for authErrorHandler in utils or helpers ==="
rg -n "function authErrorHandler|const authErrorHandler|export.*authErrorHandler" 2>/dev/null | head -20

Length of output: 21517

---

---

🏁 Script executed:

#!/bin/bash
# Examine authErrorHandler implementation to check password error code coverage

echo "=== Full authErrorHandler implementation ==="
rg -n "export const authErrorHandler" apps/web/helpers/authentication.helper.tsx -A 50 | head -60

echo -e "\n=== Check if INVALID_NEW_PASSWORD or INVALID_PASSWORD return values ==="
rg -n "INVALID_NEW_PASSWORD\|INVALID_PASSWORD" apps/web/helpers/authentication.helper.tsx -B 2 -A 2

echo -e "\n=== Find i18n locale directory structure ==="
find ./packages/i18n -type f | head -20

echo -e "\n=== Check for toast configuration in authErrorHandler ==="
rg -n "toastAlertErrorCodes\|bannerAlertErrorCodes" apps/web/helpers/authentication.helper.tsx -A 20 | head -40

Length of output: 3967

---

---

🏁 Script executed:

#!/bin/bash
# Check full authErrorHandler logic and search translation files

echo "=== Full authErrorHandler logic (looking for return statements) ==="
rg -n "export const authErrorHandler" apps/web/helpers/authentication.helper.tsx -A 100 | grep -A 90 "bannerAlertErrorCodes"

echo -e "\n=== Search translation files for change_password.error ==="
find ./packages/i18n/src/locales -name "*.ts" -exec grep -l "change_password" {} \;

echo -e "\n=== Check English translation file for password toast keys ==="
rg -n "auth\.common\.password\.toast" ./packages/i18n/src/locales/en/translations.ts -B 1 -A 1

echo -e "\n=== Full search for password toast keys in all locale files ==="
find ./packages/i18n/src/locales -name "*.ts" -exec grep -H "password.*toast\|toast.*password" {} \;

Length of output: 4572

---

---

🏁 Script executed:

#!/bin/bash
# Find errorCodeMessages and verify password error handling

echo "=== Search for errorCodeMessages definition ==="
rg -n "const errorCodeMessages|export.*errorCodeMessages" apps/web/helpers/authentication.helper.tsx -A 5

echo -e "\n=== Find errorCodeMessages entries for password codes ==="
rg -n "\[EAuthenticationErrorCodes.INVALID_NEW_PASSWORD\]|\[EAuthenticationErrorCodes.INVALID_PASSWORD\]" apps/web/helpers/authentication.helper.tsx -B 1 -A 2

echo -e "\n=== Search translation files more broadly for toast keys ==="
rg -n "change_password.*error" ./packages/i18n/src/locales/en/ -A 2 -B 2

echo -e "\n=== Check what keys exist in authentication error messages section ==="
rg -n "auth\.common\.password" ./packages/i18n/src/locales/en/core.ts 2>/dev/null | head -20 || rg -n "auth\.common\.password" ./packages/i18n/src/locales/en/translations.ts 2>/dev/null | head -20

Length of output: 848

---

Translation keys must be added to all locale files; fallback still risks displaying raw key strings.

The change aligns error fallback keys with the success pattern (change_password.error.* matches change_password.success.*), which is good for consistency. However, critical issues remain:

1. Missing translation definitions: The new fallback keys auth.common.password.toast.change_password.error.title and message don't exist in any translation files. For INVALID_NEW_PASSWORD and INVALID_PASSWORD specifically, authErrorHandler provides hardcoded English messages (lines 136-138 and 293-295 in apps/web/helpers/authentication.helper.tsx), so those cases work. But any other password error codes not in the bannerAlertErrorCodes list will return undefined, triggering the fallback to non-existent translation keys. The t() function will then return the key string itself, reproducing issue [bug]: Password complexity errors not displayed #8082.

2. Incomplete error code coverage: authErrorHandler only handles error codes in bannerAlertErrorCodes (which includes INVALID_NEW_PASSWORD and INVALID_PASSWORD). Verify all possible backend password error responses are covered or have translation keys defined.

Required actions:

• Add auth.common.password.toast.change_password.error.title and auth.common.password.toast.change_password.error.message keys to all locale files in packages/i18n/src/locales/*/
• Verify authErrorHandler covers all password complexity error codes from the backend or ensure translation fallbacks exist

🤖 Prompt for AI Agents

In
apps/web/app/(all)/[workspaceSlug]/(settings)/settings/account/security/page.tsx
around lines 102 to 104, the new translation fallback keys used for password
change errors are not defined in locale files and some backend password error
codes may be unhandled; add the keys
auth.common.password.toast.change_password.error.title and
auth.common.password.toast.change_password.error.message to every locale file
under packages/i18n/src/locales/* with appropriate translations, and then audit
authentication.helper.tsx (and bannerAlertErrorCodes) to ensure all backend
password-complexity error codes either map to a handled case that returns a
localized string or have corresponding translation keys/fallbacks so the t()
call never returns a raw key.

[utkershrajvenshi]

Actual observation related to backend password check described in linked issue still stands unresolved. Converting to draft PR for now.

[utkershrajvenshi]

Verified the issue author's findings. On backend the package zxcvbn is performing common pattern matching to determine if the entered password is complex enough to be considered strong, this is the output with sample value Say!hello1:

{
    "password": "Say!hello1",
    "guesses": "8870000",
    "guesses_log10": 6.947923619831726,
    "sequence": [
        {
            "pattern": "bruteforce",
            "token": "Say!",
            "i": 0,
            "j": 3,
            "guesses": 10000,
            "guesses_log10": 4.0
        },
        {
            "pattern": "dictionary",
            "i": 4,
            "j": 9,
            "token": "hello1",
            "matched_word": "hello1",
            "rank": 443,
            "dictionary_name": "passwords",
            "reversed": false,
            "l33t": false,
            "base_guesses": 443,
            "uppercase_variations": 1,
            "l33t_variations": 1,
            "guesses": 443,
            "guesses_log10": 2.6464037262230695
        }
    ],
    "calc_time": 0.000694,
    "crack_times_seconds": {
        "online_throttling_100_per_hour": "319320000.0000000177258208112",
        "online_no_throttling_10_per_second": "887000",
        "offline_slow_hashing_1e4_per_second": "887",
        "offline_fast_hashing_1e10_per_second": "0.000887"
    },
    "crack_times_display": {
        "online_throttling_100_per_hour": "10 years",
        "online_no_throttling_10_per_second": "10 days",
        "offline_slow_hashing_1e4_per_second": "15 minutes",
        "offline_fast_hashing_1e10_per_second": "less than a second"
    },
    "score": 2,
    "feedback": {
        "warning": "This is similar to a commonly used password.",
        "suggestions": [
            "Add another word or two. Uncommon words are better."
        ]
    }
}

On frontend, only basic structural validation checks are being used for entered passwords.

Either we can use zxcvbn npm package on frontend, or to maintain structural validation on both ends, use the getPasswordStrength helper function from utils.

@vihar what's your take?