boxerror: always pass second error string

src/users.js

@@ -344,7 +344,7 @@ async function verifyAppPassword(userId, password, identifier) {
 
     if (hashedPasswords.includes(hash)) return;
 
-    throw new BoxError(BoxError.INVALID_CREDENTIALS);
+    throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Password is not valid');
 }
 
 // identifier is only used to check if password is valid for a specific app
@@ -881,7 +881,7 @@ async function setTwoFactorAuthenticationSecret(user, auditSource) {
 
     if (constants.DEMO && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');
 
-    if (user.twoFactorAuthenticationEnabled) throw new BoxError(BoxError.ALREADY_EXISTS);
+    if (user.twoFactorAuthenticationEnabled) throw new BoxError(BoxError.ALREADY_EXISTS, '2FA is already enabled');
 
     const { fqdn:dashboardFqdn } = await dashboard.getLocation();
     const secret = speakeasy.generateSecret({ name: `Cloudron ${dashboardFqdn} (${user.username})` });
@@ -903,9 +903,9 @@ async function enableTwoFactorAuthentication(user, totpToken, auditSource) {
     if (user.source === 'ldap' && externalLdap.supports2FA(externalLdapConfig)) throw new BoxError(BoxError.BAD_STATE, 'Cannot enable 2FA of external auth user');
 
     const verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: totpToken, window: 2 });
-    if (!verified) throw new BoxError(BoxError.INVALID_CREDENTIALS);
+    if (!verified) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Invalid 2FA code');
 
-    if (user.twoFactorAuthenticationEnabled) throw new BoxError(BoxError.ALREADY_EXISTS);
+    if (user.twoFactorAuthenticationEnabled) throw new BoxError(BoxError.ALREADY_EXISTS, '2FA already enabled');
 
     await update(user, { twoFactorAuthenticationEnabled: true }, auditSource);
 }