chore(login): Add error message for invalid password

[jsingleton-dev]

We don't currently show any errors if the password is invalid which makes it hard to tell if the app is responding. Adding a small error message showing when creds are invalid

Screen.Recording.2026-05-05.at.2.08.41.PM.mov

Summary by CodeRabbit

• Bug Fixes
  • Improved sign-in error handling. Error messages are now displayed when login attempts fail, providing users with feedback instead of silent failures.

[coderabbitai]

Warning

Rate limit exceeded

@jsingleton-dev has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 46 minutes and 27 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 52c9c65e-6fd2-481b-88c7-5109fd3427a3

📥 Commits

Reviewing files that changed from the base of the PR and between 3ae6f73 and 20238f8.

📒 Files selected for processing (1)

• apps/web/app/routes/auth/login.tsx

📝 Walkthrough

Walkthrough

The login form component now tracks and displays sign-in errors. LoginEmailPassword adds errorMessage state and converts onSubmit to an async handler that awaits the authentication request and displays errors conditionally via an Alert component.

Changes

Error Handling in Sign-In Form

Layer / File(s)	Summary
Imports & Dependencies apps/web/app/routes/auth/login.tsx (lines 3–10)	React useState hook and Alert/AlertDescription UI components are imported to support error state and display.
State & Async Handler apps/web/app/routes/auth/login.tsx (lines 54–71)	LoginEmailPassword introduces errorMessage state and replaces synchronous onSubmit with async handler that awaits authClient.signIn.email and sets error message on failure.
Error Display apps/web/app/routes/auth/login.tsx (lines 76–80)	Form conditionally renders a destructive Alert with errorMessage above the input fields when an error is present.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A hop, skip, and await so fine,
Errors caught before you sign!
The form now whispers what went wrong—
No silent fails, just clarity strong! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding error message display for invalid password in the login flow.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch jsingleton/login-error-msg

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/web/app/routes/auth/login.tsx`:
- Around line 63-71: The onSubmit handler currently exposes raw backend error
text and doesn't catch thrown exceptions; update the onSubmit function (which
uses signInEmailPasswordSchema, authClient.signIn.email, and setErrorMessage) to
wrap the auth call in try/catch, normalize any error to a generic message like
"Invalid credentials" (instead of using error.message), setErrorMessage to that
generic message on both returned errors and thrown exceptions, and optionally
log the original error internally for diagnostics without showing it to the
user.
- Line 53: Convert the function declaration LoginEmailPassword into a typed
const arrow component and add the React import: change the declaration to a
const with React.FC typing (e.g., const LoginEmailPassword: React.FC = () => {
... }) and add either import React from "react" or import type { FC } from
"react" at the top; keep the existing component body and exports unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 135c96bb-8fdc-4b54-845d-2d6c872b055b

📥 Commits

Reviewing files that changed from the base of the PR and between 46b08f5 and 3ae6f73.

📒 Files selected for processing (1)

• apps/web/app/routes/auth/login.tsx