[feature] More consistent API error handling (#637)

* update templates * start reworking api error handling * update template * return AP status at web endpoint if negotiated * start making api error handling much more consistent * update account endpoints to new error handling * use new api error handling in admin endpoints * go fmt ./... * use api error logic in app * use generic error handling in auth * don't export generic error handler * don't defer clearing session * user nicer error handling on oidc callback handler * tidy up the sign in handler * tidy up the token handler * use nicer error handling in blocksget * auth emojis endpoint * fix up remaining api endpoints * fix whoopsie during login flow * regenerate swagger docs * change http error logging to debug
2025-06-05 21:59:39 +02:00 · 2022-06-08 20:38:03 +02:00
parent 91c0ed863a
commit 1ede54ddf6
130 changed files with 2154 additions and 1673 deletions
--- a/internal/processing/account.go
+++ b/internal/processing/account.go
@@ -26,7 +26,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )

-func (p *processor) AccountCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AccountCreateRequest) (*apimodel.Token, error) {
+func (p *processor) AccountCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AccountCreateRequest) (*apimodel.Token, gtserror.WithCode) {
 	return p.accountProcessor.Create(ctx, authed.Token, authed.Application, form)
 }

@@ -42,7 +42,7 @@ func (p *processor) AccountGetLocalByUsername(ctx context.Context, authed *oauth
 	return p.accountProcessor.GetLocalByUsername(ctx, authed.Account, username)
 }

-func (p *processor) AccountUpdate(ctx context.Context, authed *oauth.Auth, form *apimodel.UpdateCredentialsRequest) (*apimodel.Account, error) {
+func (p *processor) AccountUpdate(ctx context.Context, authed *oauth.Auth, form *apimodel.UpdateCredentialsRequest) (*apimodel.Account, gtserror.WithCode) {
 	return p.accountProcessor.Update(ctx, authed.Account, form)
 }

--- a/internal/processing/account/account.go
+++ b/internal/processing/account/account.go
@@ -40,7 +40,7 @@ import (
 // Processor wraps a bunch of functions for processing account actions.
 type Processor interface {
 	// Create processes the given form for creating a new account, returning an oauth token for that account if successful.
-	Create(ctx context.Context, applicationToken oauth2.TokenInfo, application *gtsmodel.Application, form *apimodel.AccountCreateRequest) (*apimodel.Token, error)
+	Create(ctx context.Context, applicationToken oauth2.TokenInfo, application *gtsmodel.Application, form *apimodel.AccountCreateRequest) (*apimodel.Token, gtserror.WithCode)
 	// Delete deletes an account, and all of that account's statuses, media, follows, notifications, etc etc etc.
 	// The origin passed here should be either the ID of the account doing the delete (can be itself), or the ID of a domain block.
 	Delete(ctx context.Context, account *gtsmodel.Account, origin string) gtserror.WithCode
@@ -52,7 +52,7 @@ type Processor interface {
 	// GetLocalByUsername processes the given request for account information targeting a local account by username.
 	GetLocalByUsername(ctx context.Context, requestingAccount *gtsmodel.Account, username string) (*apimodel.Account, gtserror.WithCode)
 	// Update processes the update of an account with the given form
-	Update(ctx context.Context, account *gtsmodel.Account, form *apimodel.UpdateCredentialsRequest) (*apimodel.Account, error)
+	Update(ctx context.Context, account *gtsmodel.Account, form *apimodel.UpdateCredentialsRequest) (*apimodel.Account, gtserror.WithCode)
 	// StatusesGet fetches a number of statuses (in time descending order) from the given account, filtered by visibility for
 	// the account given in authed.
 	StatusesGet(ctx context.Context, requestingAccount *gtsmodel.Account, targetAccountID string, limit int, excludeReplies bool, excludeReblogs bool, maxID string, minID string, pinned bool, mediaOnly bool, publicOnly bool) (*apimodel.TimelineResponse, gtserror.WithCode)
--- a/internal/processing/account/create.go
+++ b/internal/processing/account/create.go
@@ -27,29 +27,30 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/messages"
 	"github.com/superseriousbusiness/gotosocial/internal/text"
 	"github.com/superseriousbusiness/oauth2/v4"
 )

-func (p *processor) Create(ctx context.Context, applicationToken oauth2.TokenInfo, application *gtsmodel.Application, form *apimodel.AccountCreateRequest) (*apimodel.Token, error) {
+func (p *processor) Create(ctx context.Context, applicationToken oauth2.TokenInfo, application *gtsmodel.Application, form *apimodel.AccountCreateRequest) (*apimodel.Token, gtserror.WithCode) {
 	l := logrus.WithField("func", "accountCreate")

 	emailAvailable, err := p.db.IsEmailAvailable(ctx, form.Email)
 	if err != nil {
-		return nil, err
+		return nil, gtserror.NewErrorBadRequest(err)
 	}
 	if !emailAvailable {
-		return nil, fmt.Errorf("email address %s in use", form.Email)
+		return nil, gtserror.NewErrorConflict(fmt.Errorf("email address %s is not available", form.Email))
 	}

 	usernameAvailable, err := p.db.IsUsernameAvailable(ctx, form.Username)
 	if err != nil {
-		return nil, err
+		return nil, gtserror.NewErrorBadRequest(err)
 	}
 	if !usernameAvailable {
-		return nil, fmt.Errorf("username %s in use", form.Username)
+		return nil, gtserror.NewErrorConflict(fmt.Errorf("username %s in use", form.Username))
 	}

 	reasonRequired := config.GetAccountsReasonRequired()
@@ -64,19 +65,19 @@ func (p *processor) Create(ctx context.Context, applicationToken oauth2.TokenInf
 	l.Trace("creating new username and account")
 	user, err := p.db.NewSignup(ctx, form.Username, text.SanitizePlaintext(reason), approvalRequired, form.Email, form.Password, form.IP, form.Locale, application.ID, false, false)
 	if err != nil {
-		return nil, fmt.Errorf("error creating new signup in the database: %s", err)
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error creating new signup in the database: %s", err))
 	}

 	l.Tracef("generating a token for user %s with account %s and application %s", user.ID, user.AccountID, application.ID)
 	accessToken, err := p.oauthServer.GenerateUserAccessToken(ctx, applicationToken, application.ClientSecret, user.ID)
 	if err != nil {
-		return nil, fmt.Errorf("error creating new access token for user %s: %s", user.ID, err)
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error creating new access token for user %s: %s", user.ID, err))
 	}

 	if user.Account == nil {
 		a, err := p.db.GetAccountByID(ctx, user.AccountID)
 		if err != nil {
-			return nil, fmt.Errorf("error getting new account from the database: %s", err)
+			return nil, gtserror.NewErrorInternalError(fmt.Errorf("error getting new account from the database: %s", err))
 		}
 		user.Account = a
 	}
--- a/internal/processing/account/get.go
+++ b/internal/processing/account/get.go
@@ -94,5 +94,6 @@ func (p *processor) getAccountFor(ctx context.Context, requestingAccount *gtsmod
 	if err != nil {
 		return nil, gtserror.NewErrorInternalError(fmt.Errorf("error converting account: %s", err))
 	}
+
 	return apiAccount, nil
 }
--- a/internal/processing/account/update.go
+++ b/internal/processing/account/update.go
@@ -29,6 +29,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
 	"github.com/superseriousbusiness/gotosocial/internal/messages"
@@ -37,7 +38,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )

-func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form *apimodel.UpdateCredentialsRequest) (*apimodel.Account, error) {
+func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form *apimodel.UpdateCredentialsRequest) (*apimodel.Account, gtserror.WithCode) {
 	l := logrus.WithField("func", "AccountUpdate")

 	if form.Discoverable != nil {
@@ -50,14 +51,14 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form

 	if form.DisplayName != nil {
 		if err := validate.DisplayName(*form.DisplayName); err != nil {
-			return nil, err
+			return nil, gtserror.NewErrorBadRequest(err)
 		}
 		account.DisplayName = text.SanitizePlaintext(*form.DisplayName)
 	}

 	if form.Note != nil {
 		if err := validate.Note(*form.Note); err != nil {
-			return nil, err
+			return nil, gtserror.NewErrorBadRequest(err)
 		}

 		// Set the raw note before processing
@@ -66,7 +67,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form
 		// Process note to generate a valid HTML representation
 		note, err := p.processNote(ctx, *form.Note, account.ID)
 		if err != nil {
-			return nil, err
+			return nil, gtserror.NewErrorBadRequest(err)
 		}

 		// Set updated HTML-ified note
@@ -76,7 +77,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form
 	if form.Avatar != nil && form.Avatar.Size != 0 {
 		avatarInfo, err := p.UpdateAvatar(ctx, form.Avatar, account.ID)
 		if err != nil {
-			return nil, err
+			return nil, gtserror.NewErrorBadRequest(err)
 		}
 		account.AvatarMediaAttachmentID = avatarInfo.ID
 		account.AvatarMediaAttachment = avatarInfo
@@ -86,7 +87,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form
 	if form.Header != nil && form.Header.Size != 0 {
 		headerInfo, err := p.UpdateHeader(ctx, form.Header, account.ID)
 		if err != nil {
-			return nil, err
+			return nil, gtserror.NewErrorBadRequest(err)
 		}
 		account.HeaderMediaAttachmentID = headerInfo.ID
 		account.HeaderMediaAttachment = headerInfo
@@ -100,7 +101,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form
 	if form.Source != nil {
 		if form.Source.Language != nil {
 			if err := validate.Language(*form.Source.Language); err != nil {
-				return nil, err
+				return nil, gtserror.NewErrorBadRequest(err)
 			}
 			account.Language = *form.Source.Language
 		}
@@ -111,7 +112,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form

 		if form.Source.Privacy != nil {
 			if err := validate.Privacy(*form.Source.Privacy); err != nil {
-				return nil, err
+				return nil, gtserror.NewErrorBadRequest(err)
 			}
 			privacy := p.tc.APIVisToVis(apimodel.Visibility(*form.Source.Privacy))
 			account.Privacy = privacy
@@ -120,7 +121,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form

 	updatedAccount, err := p.db.UpdateAccount(ctx, account)
 	if err != nil {
-		return nil, fmt.Errorf("could not update account %s: %s", account.ID, err)
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not update account %s: %s", account.ID, err))
 	}

 	p.clientWorker.Queue(messages.FromClientAPI{
@@ -132,7 +133,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, form

 	acctSensitive, err := p.tc.AccountToAPIAccountSensitive(ctx, updatedAccount)
 	if err != nil {
-		return nil, fmt.Errorf("could not convert account into apisensitive account: %s", err)
+		return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not convert account into apisensitive account: %s", err))
 	}
 	return acctSensitive, nil
 }
--- a/internal/processing/account/update_test.go
+++ b/internal/processing/account/update_test.go
@@ -45,8 +45,8 @@ func (suite *AccountUpdateTestSuite) TestAccountUpdateSimple() {
 	}

 	// should get no error from the update function, and an api model account returned
-	apiAccount, err := suite.accountProcessor.Update(context.Background(), testAccount, form)
-	suite.NoError(err)
+	apiAccount, errWithCode := suite.accountProcessor.Update(context.Background(), testAccount, form)
+	suite.NoError(errWithCode)
 	suite.NotNil(apiAccount)

 	// fields on the profile should be updated
@@ -88,8 +88,8 @@ go check out @1happyturtle, they have a cool account!
 	}

 	// should get no error from the update function, and an api model account returned
-	apiAccount, err := suite.accountProcessor.Update(context.Background(), testAccount, form)
-	suite.NoError(err)
+	apiAccount, errWithCode := suite.accountProcessor.Update(context.Background(), testAccount, form)
+	suite.NoError(errWithCode)
 	suite.NotNil(apiAccount)

 	// fields on the profile should be updated
--- a/internal/processing/admin/emoji.go
+++ b/internal/processing/admin/emoji.go
@@ -34,7 +34,7 @@ import (

 func (p *processor) EmojiCreate(ctx context.Context, account *gtsmodel.Account, user *gtsmodel.User, form *apimodel.EmojiCreateRequest) (*apimodel.Emoji, gtserror.WithCode) {
 	if !user.Admin {
-		return nil, gtserror.NewErrorNotAuthorized(fmt.Errorf("user %s not an admin", user.ID), "user is not an admin")
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("user %s not an admin", user.ID), "user is not an admin")
 	}

 	data := func(innerCtx context.Context) (io.Reader, int, error) {
--- a/internal/processing/app.go
+++ b/internal/processing/app.go
@@ -23,12 +23,13 @@ import (

 	"github.com/google/uuid"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/id"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )

-func (p *processor) AppCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, error) {
+func (p *processor) AppCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, gtserror.WithCode) {
 	// set default 'read' for scopes if it's not set
 	var scopes string
 	if form.Scopes == "" {
@@ -40,13 +41,13 @@ func (p *processor) AppCreate(ctx context.Context, authed *oauth.Auth, form *api
 	// generate new IDs for this application and its associated client
 	clientID, err := id.NewRandomULID()
 	if err != nil {
-		return nil, err
+		return nil, gtserror.NewErrorInternalError(err)
 	}
 	clientSecret := uuid.NewString()

 	appID, err := id.NewRandomULID()
 	if err != nil {
-		return nil, err
+		return nil, gtserror.NewErrorInternalError(err)
 	}

 	// generate the application to put in the database
@@ -62,7 +63,7 @@ func (p *processor) AppCreate(ctx context.Context, authed *oauth.Auth, form *api

 	// chuck it in the db
 	if err := p.db.Put(ctx, app); err != nil {
-		return nil, err
+		return nil, gtserror.NewErrorInternalError(err)
 	}

 	// now we need to model an oauth client from the application that the oauth library can use
@@ -70,17 +71,18 @@ func (p *processor) AppCreate(ctx context.Context, authed *oauth.Auth, form *api
 		ID:     clientID,
 		Secret: clientSecret,
 		Domain: form.RedirectURIs,
-		UserID: "", // This client isn't yet associated with a specific user,  it's just an app client right now
+		// This client isn't yet associated with a specific user,  it's just an app client right now
+		UserID: "",
 	}

 	// chuck it in the db
 	if err := p.db.Put(ctx, oc); err != nil {
-		return nil, err
+		return nil, gtserror.NewErrorInternalError(err)
 	}

 	apiApp, err := p.tc.AppToAPIAppSensitive(ctx, app)
 	if err != nil {
-		return nil, err
+		return nil, gtserror.NewErrorInternalError(err)
 	}

 	return apiApp, nil
--- a/internal/processing/federation/getfollowers.go
+++ b/internal/processing/federation/getfollowers.go
@@ -42,7 +42,7 @@ func (p *processor) GetFollowers(ctx context.Context, requestedUsername string,

 	requestingAccount, err := p.federator.GetRemoteAccount(ctx, requestedUsername, requestingAccountURI, false, false)
 	if err != nil {
-		return nil, gtserror.NewErrorNotAuthorized(err)
+		return nil, gtserror.NewErrorUnauthorized(err)
 	}

 	blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
@@ -51,7 +51,7 @@ func (p *processor) GetFollowers(ctx context.Context, requestedUsername string,
 	}

 	if blocked {
-		return nil, gtserror.NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
 	}

 	requestedAccountURI, err := url.Parse(requestedAccount.URI)
--- a/internal/processing/federation/getfollowing.go
+++ b/internal/processing/federation/getfollowing.go
@@ -42,7 +42,7 @@ func (p *processor) GetFollowing(ctx context.Context, requestedUsername string,

 	requestingAccount, err := p.federator.GetRemoteAccount(ctx, requestedUsername, requestingAccountURI, false, false)
 	if err != nil {
-		return nil, gtserror.NewErrorNotAuthorized(err)
+		return nil, gtserror.NewErrorUnauthorized(err)
 	}

 	blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
@@ -51,7 +51,7 @@ func (p *processor) GetFollowing(ctx context.Context, requestedUsername string,
 	}

 	if blocked {
-		return nil, gtserror.NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
 	}

 	requestedAccountURI, err := url.Parse(requestedAccount.URI)
--- a/internal/processing/federation/getoutbox.go
+++ b/internal/processing/federation/getoutbox.go
@@ -43,7 +43,7 @@ func (p *processor) GetOutbox(ctx context.Context, requestedUsername string, pag

 	requestingAccount, err := p.federator.GetRemoteAccount(ctx, requestedUsername, requestingAccountURI, false, false)
 	if err != nil {
-		return nil, gtserror.NewErrorNotAuthorized(err)
+		return nil, gtserror.NewErrorUnauthorized(err)
 	}

 	// authorize the request:
@@ -53,7 +53,7 @@ func (p *processor) GetOutbox(ctx context.Context, requestedUsername string, pag
 		return nil, gtserror.NewErrorInternalError(err)
 	}
 	if blocked {
-		return nil, gtserror.NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
 	}

 	var data map[string]interface{}
--- a/internal/processing/federation/getstatus.go
+++ b/internal/processing/federation/getstatus.go
@@ -42,7 +42,7 @@ func (p *processor) GetStatus(ctx context.Context, requestedUsername string, req

 	requestingAccount, err := p.federator.GetRemoteAccount(ctx, requestedUsername, requestingAccountURI, false, false)
 	if err != nil {
-		return nil, gtserror.NewErrorNotAuthorized(err)
+		return nil, gtserror.NewErrorUnauthorized(err)
 	}

 	// authorize the request:
@@ -53,7 +53,7 @@ func (p *processor) GetStatus(ctx context.Context, requestedUsername string, req
 	}

 	if blocked {
-		return nil, gtserror.NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
 	}

 	// get the status out of the database here
--- a/internal/processing/federation/getstatusreplies.go
+++ b/internal/processing/federation/getstatusreplies.go
@@ -44,7 +44,7 @@ func (p *processor) GetStatusReplies(ctx context.Context, requestedUsername stri

 	requestingAccount, err := p.federator.GetRemoteAccount(ctx, requestedUsername, requestingAccountURI, false, false)
 	if err != nil {
-		return nil, gtserror.NewErrorNotAuthorized(err)
+		return nil, gtserror.NewErrorUnauthorized(err)
 	}

 	// authorize the request:
@@ -55,7 +55,7 @@ func (p *processor) GetStatusReplies(ctx context.Context, requestedUsername stri
 	}

 	if blocked {
-		return nil, gtserror.NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+		return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
 	}

 	// get the status out of the database here
--- a/internal/processing/federation/getuser.go
+++ b/internal/processing/federation/getuser.go
@@ -54,7 +54,7 @@ func (p *processor) GetUser(ctx context.Context, requestedUsername string, reque
 		if !p.federator.Handshaking(ctx, requestedUsername, requestingAccountURI) {
 			requestingAccount, err := p.federator.GetRemoteAccount(ctx, requestedUsername, requestingAccountURI, false, false)
 			if err != nil {
-				return nil, gtserror.NewErrorNotAuthorized(err)
+				return nil, gtserror.NewErrorUnauthorized(err)
 			}

 			blocked, err := p.db.IsBlocked(ctx, requestedAccount.ID, requestingAccount.ID, true)
@@ -63,7 +63,7 @@ func (p *processor) GetUser(ctx context.Context, requestedUsername string, reque
 			}

 			if blocked {
-				return nil, gtserror.NewErrorNotAuthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
+				return nil, gtserror.NewErrorUnauthorized(fmt.Errorf("block exists between accounts %s and %s", requestedAccount.ID, requestingAccount.ID))
 			}
 		}

--- a/internal/processing/media.go
+++ b/internal/processing/media.go
@@ -26,7 +26,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )

-func (p *processor) MediaCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AttachmentRequest) (*apimodel.Attachment, error) {
+func (p *processor) MediaCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AttachmentRequest) (*apimodel.Attachment, gtserror.WithCode) {
 	return p.mediaProcessor.Create(ctx, authed.Account, form)
 }

--- a/internal/processing/media/create.go
+++ b/internal/processing/media/create.go
@@ -24,11 +24,12 @@ import (
 	"io"

 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/media"
 )

-func (p *processor) Create(ctx context.Context, account *gtsmodel.Account, form *apimodel.AttachmentRequest) (*apimodel.Attachment, error) {
+func (p *processor) Create(ctx context.Context, account *gtsmodel.Account, form *apimodel.AttachmentRequest) (*apimodel.Attachment, gtserror.WithCode) {
 	data := func(innerCtx context.Context) (io.Reader, int, error) {
 		f, err := form.File.Open()
 		return f, int(form.File.Size), err
@@ -36,7 +37,8 @@ func (p *processor) Create(ctx context.Context, account *gtsmodel.Account, form

 	focusX, focusY, err := parseFocus(form.Focus)
 	if err != nil {
-		return nil, fmt.Errorf("could not parse focus value %s: %s", form.Focus, err)
+		err := fmt.Errorf("could not parse focus value %s: %s", form.Focus, err)
+		return nil, gtserror.NewErrorBadRequest(err, err.Error())
 	}

 	// process the media attachment and load it immediately
@@ -46,19 +48,18 @@ func (p *processor) Create(ctx context.Context, account *gtsmodel.Account, form
 		FocusY:      &focusY,
 	})
 	if err != nil {
-		return nil, err
+		return nil, gtserror.NewErrorUnprocessableEntity(err)
 	}

 	attachment, err := media.LoadAttachment(ctx)
 	if err != nil {
-		return nil, err
+		return nil, gtserror.NewErrorUnprocessableEntity(err)
 	}

-	// prepare the frontend representation now -- if there are any errors here at least we can bail without
-	// having already put something in the database and then having to clean it up again (eugh)
 	apiAttachment, err := p.tc.AttachmentToAPIAttachment(ctx, attachment)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing media attachment to frontend type: %s", err)
+		err := fmt.Errorf("error parsing media attachment to frontend type: %s", err)
+		return nil, gtserror.NewErrorInternalError(err)
 	}

 	return &apiAttachment, nil
--- a/internal/processing/media/media.go
+++ b/internal/processing/media/media.go
@@ -34,7 +34,7 @@ import (
 // Processor wraps a bunch of functions for processing media actions.
 type Processor interface {
 	// Create creates a new media attachment belonging to the given account, using the request form.
-	Create(ctx context.Context, account *gtsmodel.Account, form *apimodel.AttachmentRequest) (*apimodel.Attachment, error)
+	Create(ctx context.Context, account *gtsmodel.Account, form *apimodel.AttachmentRequest) (*apimodel.Attachment, gtserror.WithCode)
 	// Delete deletes the media attachment with the given ID, including all files pertaining to that attachment.
 	Delete(ctx context.Context, mediaAttachmentID string) gtserror.WithCode
 	// GetFile retrieves a file from storage and streams it back to the caller via an io.reader embedded in *apimodel.Content.
--- a/internal/processing/processor.go
+++ b/internal/processing/processor.go
@@ -72,7 +72,7 @@ type Processor interface {
 	*/

 	// AccountCreate processes the given form for creating a new account, returning an oauth token for that account if successful.
-	AccountCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AccountCreateRequest) (*apimodel.Token, error)
+	AccountCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AccountCreateRequest) (*apimodel.Token, gtserror.WithCode)
 	// AccountDeleteLocal processes the delete of a LOCAL account using the given form.
 	AccountDeleteLocal(ctx context.Context, authed *oauth.Auth, form *apimodel.AccountDeleteRequest) gtserror.WithCode
 	// AccountGet processes the given request for account information.
@@ -80,7 +80,7 @@ type Processor interface {
 	// AccountGet processes the given request for account information.
 	AccountGetLocalByUsername(ctx context.Context, authed *oauth.Auth, username string) (*apimodel.Account, gtserror.WithCode)
 	// AccountUpdate processes the update of an account with the given form
-	AccountUpdate(ctx context.Context, authed *oauth.Auth, form *apimodel.UpdateCredentialsRequest) (*apimodel.Account, error)
+	AccountUpdate(ctx context.Context, authed *oauth.Auth, form *apimodel.UpdateCredentialsRequest) (*apimodel.Account, gtserror.WithCode)
 	// AccountStatusesGet fetches a number of statuses (in time descending order) from the given account, filtered by visibility for
 	// the account given in authed.
 	AccountStatusesGet(ctx context.Context, authed *oauth.Auth, targetAccountID string, limit int, excludeReplies bool, excludeReblogs bool, maxID string, minID string, pinned bool, mediaOnly bool, publicOnly bool) (*apimodel.TimelineResponse, gtserror.WithCode)
@@ -117,7 +117,7 @@ type Processor interface {
 	AdminMediaPrune(ctx context.Context, mediaRemoteCacheDays int) gtserror.WithCode

 	// AppCreate processes the creation of a new API application
-	AppCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, error)
+	AppCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, gtserror.WithCode)

 	// BlocksGet returns a list of accounts blocked by the requesting account.
 	BlocksGet(ctx context.Context, authed *oauth.Auth, maxID string, sinceID string, limit int) (*apimodel.BlocksResponse, gtserror.WithCode)
@@ -143,7 +143,7 @@ type Processor interface {
 	InstancePatch(ctx context.Context, form *apimodel.InstanceSettingsUpdateRequest) (*apimodel.Instance, gtserror.WithCode)

 	// MediaCreate handles the creation of a media attachment, using the given form.
-	MediaCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AttachmentRequest) (*apimodel.Attachment, error)
+	MediaCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AttachmentRequest) (*apimodel.Attachment, gtserror.WithCode)
 	// MediaGet handles the GET of a media attachment with the given ID
 	MediaGet(ctx context.Context, authed *oauth.Auth, attachmentID string) (*apimodel.Attachment, gtserror.WithCode)
 	// MediaUpdate handles the PUT of a media attachment with the given ID and form
@@ -156,11 +156,11 @@ type Processor interface {
 	SearchGet(ctx context.Context, authed *oauth.Auth, searchQuery *apimodel.SearchQuery) (*apimodel.SearchResult, gtserror.WithCode)

 	// StatusCreate processes the given form to create a new status, returning the api model representation of that status if it's OK.
-	StatusCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AdvancedStatusCreateForm) (*apimodel.Status, error)
+	StatusCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AdvancedStatusCreateForm) (*apimodel.Status, gtserror.WithCode)
 	// StatusDelete processes the delete of a given status, returning the deleted status if the delete goes through.
-	StatusDelete(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, error)
+	StatusDelete(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, gtserror.WithCode)
 	// StatusFave processes the faving of a given status, returning the updated status if the fave goes through.
-	StatusFave(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, error)
+	StatusFave(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, gtserror.WithCode)
 	// StatusBoost processes the boost/reblog of a given status, returning the newly-created boost if all is well.
 	StatusBoost(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, gtserror.WithCode)
 	// StatusUnboost processes the unboost/unreblog of a given status, returning the status if all is well.
@@ -168,11 +168,11 @@ type Processor interface {
 	// StatusBoostedBy returns a slice of accounts that have boosted the given status, filtered according to privacy settings.
 	StatusBoostedBy(ctx context.Context, authed *oauth.Auth, targetStatusID string) ([]*apimodel.Account, gtserror.WithCode)
 	// StatusFavedBy returns a slice of accounts that have liked the given status, filtered according to privacy settings.
-	StatusFavedBy(ctx context.Context, authed *oauth.Auth, targetStatusID string) ([]*apimodel.Account, error)
+	StatusFavedBy(ctx context.Context, authed *oauth.Auth, targetStatusID string) ([]*apimodel.Account, gtserror.WithCode)
 	// StatusGet gets the given status, taking account of privacy settings and blocks etc.
-	StatusGet(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, error)
+	StatusGet(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, gtserror.WithCode)
 	// StatusUnfave processes the unfaving of a given status, returning the updated status if the fave goes through.
-	StatusUnfave(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, error)
+	StatusUnfave(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, gtserror.WithCode)
 	// StatusGetContext returns the context (previous and following posts) from the given status ID
 	StatusGetContext(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Context, gtserror.WithCode)

@@ -184,7 +184,7 @@ type Processor interface {
 	FavedTimelineGet(ctx context.Context, authed *oauth.Auth, maxID string, minID string, limit int) (*apimodel.TimelineResponse, gtserror.WithCode)

 	// AuthorizeStreamingRequest returns a gotosocial account in exchange for an access token, or an error if the given token is not valid.
-	AuthorizeStreamingRequest(ctx context.Context, accessToken string) (*gtsmodel.Account, error)
+	AuthorizeStreamingRequest(ctx context.Context, accessToken string) (*gtsmodel.Account, gtserror.WithCode)
 	// OpenStreamForAccount opens a new stream for the given account, with the given stream type.
 	OpenStreamForAccount(ctx context.Context, account *gtsmodel.Account, streamType string) (*stream.Stream, gtserror.WithCode)

--- a/internal/processing/status.go
+++ b/internal/processing/status.go
@@ -26,15 +26,15 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )

-func (p *processor) StatusCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AdvancedStatusCreateForm) (*apimodel.Status, error) {
+func (p *processor) StatusCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.AdvancedStatusCreateForm) (*apimodel.Status, gtserror.WithCode) {
 	return p.statusProcessor.Create(ctx, authed.Account, authed.Application, form)
 }

-func (p *processor) StatusDelete(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, error) {
+func (p *processor) StatusDelete(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, gtserror.WithCode) {
 	return p.statusProcessor.Delete(ctx, authed.Account, targetStatusID)
 }

-func (p *processor) StatusFave(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, error) {
+func (p *processor) StatusFave(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, gtserror.WithCode) {
 	return p.statusProcessor.Fave(ctx, authed.Account, targetStatusID)
 }

@@ -50,15 +50,15 @@ func (p *processor) StatusBoostedBy(ctx context.Context, authed *oauth.Auth, tar
 	return p.statusProcessor.BoostedBy(ctx, authed.Account, targetStatusID)
 }

-func (p *processor) StatusFavedBy(ctx context.Context, authed *oauth.Auth, targetStatusID string) ([]*apimodel.Account, error) {
+func (p *processor) StatusFavedBy(ctx context.Context, authed *oauth.Auth, targetStatusID string) ([]*apimodel.Account, gtserror.WithCode) {
 	return p.statusProcessor.FavedBy(ctx, authed.Account, targetStatusID)
 }

-func (p *processor) StatusGet(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, error) {
+func (p *processor) StatusGet(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, gtserror.WithCode) {
 	return p.statusProcessor.Get(ctx, authed.Account, targetStatusID)
 }

-func (p *processor) StatusUnfave(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, error) {
+func (p *processor) StatusUnfave(ctx context.Context, authed *oauth.Auth, targetStatusID string) (*apimodel.Status, gtserror.WithCode) {
 	return p.statusProcessor.Unfave(ctx, authed.Account, targetStatusID)
 }

--- a/internal/processing/status/create.go
+++ b/internal/processing/status/create.go
@@ -57,8 +57,8 @@ func (p *processor) Create(ctx context.Context, account *gtsmodel.Account, appli
 		Text:                     form.Status,
 	}

-	if err := p.ProcessReplyToID(ctx, form, account.ID, newStatus); err != nil {
-		return nil, gtserror.NewErrorInternalError(err)
+	if errWithCode := p.ProcessReplyToID(ctx, form, account.ID, newStatus); errWithCode != nil {
+		return nil, errWithCode
 	}

 	if err := p.ProcessMediaIDs(ctx, form, account.ID, newStatus); err != nil {
--- a/internal/processing/status/status.go
+++ b/internal/processing/status/status.go
@@ -60,7 +60,7 @@ type Processor interface {
 	*/

 	ProcessVisibility(ctx context.Context, form *apimodel.AdvancedStatusCreateForm, accountDefaultVis gtsmodel.Visibility, status *gtsmodel.Status) error
-	ProcessReplyToID(ctx context.Context, form *apimodel.AdvancedStatusCreateForm, thisAccountID string, status *gtsmodel.Status) error
+	ProcessReplyToID(ctx context.Context, form *apimodel.AdvancedStatusCreateForm, thisAccountID string, status *gtsmodel.Status) gtserror.WithCode
 	ProcessMediaIDs(ctx context.Context, form *apimodel.AdvancedStatusCreateForm, thisAccountID string, status *gtsmodel.Status) error
 	ProcessLanguage(ctx context.Context, form *apimodel.AdvancedStatusCreateForm, accountDefaultLanguage string, status *gtsmodel.Status) error
 	ProcessMentions(ctx context.Context, form *apimodel.AdvancedStatusCreateForm, accountID string, status *gtsmodel.Status) error
--- a/internal/processing/status/util.go
+++ b/internal/processing/status/util.go
@@ -26,6 +26,7 @@ import (
 	"github.com/sirupsen/logrus"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
@@ -103,7 +104,7 @@ func (p *processor) ProcessVisibility(ctx context.Context, form *apimodel.Advanc
 	return nil
 }

-func (p *processor) ProcessReplyToID(ctx context.Context, form *apimodel.AdvancedStatusCreateForm, thisAccountID string, status *gtsmodel.Status) error {
+func (p *processor) ProcessReplyToID(ctx context.Context, form *apimodel.AdvancedStatusCreateForm, thisAccountID string, status *gtsmodel.Status) gtserror.WithCode {
 	if form.InReplyToID == "" {
 		return nil
 	}
@@ -117,32 +118,37 @@ func (p *processor) ProcessReplyToID(ctx context.Context, form *apimodel.Advance
 	// If this is all OK, then we fetch the repliedStatus and the repliedAccount for later processing.
 	repliedStatus := &gtsmodel.Status{}
 	repliedAccount := &gtsmodel.Account{}
-	// check replied status exists + is replyable
+
 	if err := p.db.GetByID(ctx, form.InReplyToID, repliedStatus); err != nil {
 		if err == db.ErrNoEntries {
-			return fmt.Errorf("status with id %s not replyable because it doesn't exist", form.InReplyToID)
+			err := fmt.Errorf("status with id %s not replyable because it doesn't exist", form.InReplyToID)
+			return gtserror.NewErrorBadRequest(err, err.Error())
 		}
-		return fmt.Errorf("status with id %s not replyable: %s", form.InReplyToID, err)
+		err := fmt.Errorf("db error fetching status with id %s: %s", form.InReplyToID, err)
+		return gtserror.NewErrorInternalError(err)
 	}
 	if !repliedStatus.Replyable {
-		return fmt.Errorf("status with id %s is marked as not replyable", form.InReplyToID)
+		err := fmt.Errorf("status with id %s is marked as not replyable", form.InReplyToID)
+		return gtserror.NewErrorForbidden(err, err.Error())
 	}

-	// check replied account is known to us
 	if err := p.db.GetByID(ctx, repliedStatus.AccountID, repliedAccount); err != nil {
 		if err == db.ErrNoEntries {
-			return fmt.Errorf("status with id %s not replyable because account id %s is not known", form.InReplyToID, repliedStatus.AccountID)
+			err := fmt.Errorf("status with id %s not replyable because account id %s is not known", form.InReplyToID, repliedStatus.AccountID)
+			return gtserror.NewErrorBadRequest(err, err.Error())
 		}
-		return fmt.Errorf("status with id %s not replyable: %s", form.InReplyToID, err)
+		err := fmt.Errorf("db error fetching account with id %s: %s", repliedStatus.AccountID, err)
+		return gtserror.NewErrorInternalError(err)
 	}
-	// check if a block exists
+
 	if blocked, err := p.db.IsBlocked(ctx, thisAccountID, repliedAccount.ID, true); err != nil {
-		if err != db.ErrNoEntries {
-			return fmt.Errorf("status with id %s not replyable: %s", form.InReplyToID, err)
-		}
+		err := fmt.Errorf("db error checking block: %s", err)
+		return gtserror.NewErrorInternalError(err)
 	} else if blocked {
-		return fmt.Errorf("status with id %s not replyable", form.InReplyToID)
+		err := fmt.Errorf("status with id %s not replyable", form.InReplyToID)
+		return gtserror.NewErrorNotFound(err)
 	}
+
 	status.InReplyToID = repliedStatus.ID
 	status.InReplyToAccountID = repliedAccount.ID

--- a/internal/processing/streaming.go
+++ b/internal/processing/streaming.go
@@ -26,7 +26,7 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/stream"
 )

-func (p *processor) AuthorizeStreamingRequest(ctx context.Context, accessToken string) (*gtsmodel.Account, error) {
+func (p *processor) AuthorizeStreamingRequest(ctx context.Context, accessToken string) (*gtsmodel.Account, gtserror.WithCode) {
 	return p.streamingProcessor.AuthorizeStreamingRequest(ctx, accessToken)
 }

--- a/internal/processing/streaming/authorize.go
+++ b/internal/processing/streaming/authorize.go
@@ -22,29 +22,40 @@ import (
 	"context"
 	"fmt"

+	"github.com/superseriousbusiness/gotosocial/internal/db"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 )

-func (p *processor) AuthorizeStreamingRequest(ctx context.Context, accessToken string) (*gtsmodel.Account, error) {
+func (p *processor) AuthorizeStreamingRequest(ctx context.Context, accessToken string) (*gtsmodel.Account, gtserror.WithCode) {
 	ti, err := p.oauthServer.LoadAccessToken(ctx, accessToken)
 	if err != nil {
-		return nil, fmt.Errorf("AuthorizeStreamingRequest: error loading access token: %s", err)
+		err := fmt.Errorf("could not load access token: %s", err)
+		return nil, gtserror.NewErrorUnauthorized(err)
 	}

 	uid := ti.GetUserID()
 	if uid == "" {
-		return nil, fmt.Errorf("AuthorizeStreamingRequest: no userid in token")
+		err := fmt.Errorf("no userid in token")
+		return nil, gtserror.NewErrorUnauthorized(err)
 	}

-	// fetch user's and account for this user id
 	user := &gtsmodel.User{}
-	if err := p.db.GetByID(ctx, uid, user); err != nil || user == nil {
-		return nil, fmt.Errorf("AuthorizeStreamingRequest: no user found for validated uid %s", uid)
+	if err := p.db.GetByID(ctx, uid, user); err != nil {
+		if err == db.ErrNoEntries {
+			err := fmt.Errorf("no user found for validated uid %s", uid)
+			return nil, gtserror.NewErrorUnauthorized(err)
+		}
+		return nil, gtserror.NewErrorInternalError(err)
 	}

 	acct, err := p.db.GetAccountByID(ctx, user.AccountID)
-	if err != nil || acct == nil {
-		return nil, fmt.Errorf("AuthorizeStreamingRequest: no account retrieved for user with id %s", uid)
+	if err != nil {
+		if err == db.ErrNoEntries {
+			err := fmt.Errorf("no account found for validated uid %s", uid)
+			return nil, gtserror.NewErrorUnauthorized(err)
+		}
+		return nil, gtserror.NewErrorInternalError(err)
 	}

 	return acct, nil
--- a/internal/processing/streaming/authorize_test.go
+++ b/internal/processing/streaming/authorize_test.go
@@ -39,7 +39,7 @@ func (suite *AuthorizeTestSuite) TestAuthorize() {
 	suite.Equal(suite.testAccounts["local_account_2"].ID, account2.ID)

 	noAccount, err := suite.streamingProcessor.AuthorizeStreamingRequest(context.Background(), "aaaaaaaaaaaaaaaaaaaaa!!")
-	suite.EqualError(err, "AuthorizeStreamingRequest: error loading access token: no entries")
+	suite.EqualError(err, "could not load access token: no entries")
 	suite.Nil(noAccount)
 }

--- a/internal/processing/streaming/streaming.go
+++ b/internal/processing/streaming/streaming.go
@@ -33,7 +33,7 @@ import (
 // Processor wraps a bunch of functions for processing streaming.
 type Processor interface {
 	// AuthorizeStreamingRequest returns an oauth2 token info in response to an access token query from the streaming API
-	AuthorizeStreamingRequest(ctx context.Context, accessToken string) (*gtsmodel.Account, error)
+	AuthorizeStreamingRequest(ctx context.Context, accessToken string) (*gtsmodel.Account, gtserror.WithCode)
 	// OpenStreamForAccount returns a new Stream for the given account, which will contain a channel for passing messages back to the caller.
 	OpenStreamForAccount(ctx context.Context, account *gtsmodel.Account, timeline string) (*stream.Stream, gtserror.WithCode)
 	// StreamUpdateToAccount streams the given update to any open, appropriate streams belonging to the given account.
--- a/internal/processing/user/changepassword_test.go
+++ b/internal/processing/user/changepassword_test.go
@@ -57,7 +57,7 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordIncorrectOld() {
 	errWithCode := suite.user.ChangePassword(context.Background(), user, "ooooopsydoooopsy", "verygoodnewpassword")
 	suite.EqualError(errWithCode, "crypto/bcrypt: hashedPassword is not the hash of the given password")
 	suite.Equal(http.StatusBadRequest, errWithCode.Code())
-	suite.Equal("bad request: old password did not match", errWithCode.Safe())
+	suite.Equal("Bad Request: old password did not match", errWithCode.Safe())
 }

 func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() {
@@ -66,7 +66,7 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() {
 	errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "1234")
 	suite.EqualError(errWithCode, "password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password")
 	suite.Equal(http.StatusBadRequest, errWithCode.Code())
-	suite.Equal("bad request: password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe())
+	suite.Equal("Bad Request: password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe())
 }

 func TestChangePasswordTestSuite(t *testing.T) {