Summary
Currently, AuthRepositoryImpl methods (signIn, signUp, getCurrentUser, resendOtpCode) always return Result.success(...) when the API call completes without a HTTP-level error, without inspecting the success field on the response DTO.
If the backend returns HTTP 200 with success: false, the flow incorrectly advances as if the operation succeeded. Each method should gate on response.success and, when false, return Result.failure with an appropriate user-facing AuthFailure carrying response.message.
Note: This should be applied consistently across all auth repository methods once confirmed with the backend developer that the success field is reliably used.
Affected methods
AuthRepositoryImpl.signUp — does not check RegisterResponseDto.success- Potentially
signIn and getCurrentUser depending on backend contract
AuthRepositoryImpl.resendOtpCode — does not check ResendVerificationCodeResponseDto.success or message
Acceptance criteria
References
Summary
Currently,
AuthRepositoryImplmethods (signIn,signUp,getCurrentUser,resendOtpCode) always returnResult.success(...)when the API call completes without a HTTP-level error, without inspecting thesuccessfield on the response DTO.If the backend returns HTTP 200 with
success: false, the flow incorrectly advances as if the operation succeeded. Each method should gate onresponse.successand, whenfalse, returnResult.failurewith an appropriate user-facingAuthFailurecarryingresponse.message.Affected methods
AuthRepositoryImpl.signUp— does not checkRegisterResponseDto.successsignInandgetCurrentUserdepending on backend contractAuthRepositoryImpl.resendOtpCode— does not checkResendVerificationCodeResponseDto.successormessageAcceptance criteria
response.successbefore returningResult.success(...)response.success == false, returnResult.failurewith anAuthFailurecarryingresponse.messageas the user-facing messageUnauthorizedAuthFailurecontinues to carry an empty message (silent redirect) per existing conventionsuccess: falsepath for affected methodsReferences