Improved wrong backup code error message

[OrangeAndGreen]

Discovered while working on an interrupt ticket:
https://dimagi.atlassian.net/browse/CI-448

Product Description

Changed error message after wrong backup code to indicate account will be locked instead of creating a new one.

Technical Summary

Simple string change

Feature Flag

None

Safety Assurance

Safety story

Simple change, nothing much to test

Automated test coverage

None

QA Plan

Verify the new message text appears

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request updates the localization strings for personalid_wrong_backup_message across seven language files (English, Spanish, French, Hindi, Portuguese, Swahili, and Tigrinya). The change modifies the user-facing message that appears when a PersonalID backup code is entered incorrectly, replacing the consequence statement from "You will need to create a new account after X incorrect attempts" to "Your account will be locked after X incorrect attempts." No code logic, error handling, or control flow is modified.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• PR #3181 — Modifies the same personalid_wrong_backup_message string resource key and related PersonalID-prefixed resources across locale files
• PR #3186 — Updates the same personalid_wrong_backup_message string resource key in localization files
• PR #3227 — Related PersonalID account-locked user messaging; introduces dedicated "account locked" string resource and API handling

Suggested labels

Release Note, QA Note

Suggested reviewers

• shubham1g5
• Jignesh-dimagi

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: updating an error message for wrong backup code entry with improved wording about account locking.
Description check	✅ Passed	The description includes most required sections (Product Description, Technical Summary, Feature Flag, Safety Assurance with safety story, test coverage, and QA plan) and adequately covers the straightforward nature of this localization change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch wrong_code_message_fix

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0dcdc43 and 0ce239a.

📒 Files selected for processing (7)

• app/res/values-es/strings.xml
• app/res/values-fr/strings.xml
• app/res/values-hi/strings.xml
• app/res/values-pt/strings.xml
• app/res/values-sw/strings.xml
• app/res/values-ti/strings.xml
• app/res/values/strings.xml

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: OrangeAndGreen
Repo: dimagi/commcare-android PR: 3108
File: app/src/org/commcare/activities/StandardHomeActivityUIController.java:0-0
Timestamp: 2025-06-20T13:21:20.908Z
Learning: User OrangeAndGreen prefers to handle code issues in separate PRs rather than immediately fixing them in the current PR when they are not directly related to the main changes.

Learnt from: OrangeAndGreen
Repo: dimagi/commcare-android PR: 3248
File: app/src/org/commcare/connect/network/ApiPersonalId.java:0-0
Timestamp: 2025-07-29T14:56:40.681Z
Learning: User OrangeAndGreen prefers to defer ApiPersonalId refactoring (specifically InputStream resource management improvements) to separate PRs rather than mixing them with Connect feature work, even when the code is already in master.

📚 Learning: 2025-05-22T14:32:53.133Z

Learnt from: OrangeAndGreen
Repo: dimagi/commcare-android PR: 3121
File: app/res/values-ti/strings.xml:350-350
Timestamp: 2025-05-22T14:32:53.133Z
Learning: PersonalID and Connect features haven't been translated to Spanish, Lithuanian, or Norwegian yet, so users with those language settings see the English strings by default.

Applied to files:

• app/res/values-es/strings.xml
• app/res/values-pt/strings.xml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Lint Code Base

🔇 Additional comments (6)

app/res/values-ti/strings.xml (1)

469-469: Tigrinya backup‑code warning matches base behavior and keeps placeholder intact

The updated message correctly describes the account being locked after %d further incorrect attempts, and the %d placeholder is preserved and positioned appropriately. Looks good.

app/res/values-fr/strings.xml (1)

478-478: French string correctly updates to account lock and preserves %d

The new French text accurately reflects that the account will be blocked after %d additional incorrect attempts, and the placeholder usage matches the base string.

app/res/values-pt/strings.xml (1)

484-484: Portuguese backup‑code message aligned and placeholder‑safe

The Portuguese text now communicates that the account will be blocked after %d incorrect attempts, and the %d placeholder is preserved correctly. This is consistent enough with the English base.

app/res/values-sw/strings.xml (1)

483-483: Swahili string correctly reflects lockout after further attempts

The Swahili translation keeps the %d placeholder and clearly states the account will be locked after %d more incorrect attempts. No issues spotted.

app/res/values-hi/strings.xml (1)

471-471: Hindi backup‑code text matches new behavior and formatting

The Hindi message now says the account will be locked after %d more wrong attempts, with the %d placeholder preserved and placed naturally. Looks good.

app/res/values/strings.xml (1)

635-635: Base English string correctly updated to describe lockout

The base personalid_wrong_backup_message now reflects that the account will be locked after %d more incorrect attempts, with the existing %d placeholder unchanged. This aligns with the PR intent and is safe for all callers.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use consistent terminology: "código de respaldo" instead of "código de seguridad".

The updated message uses "código de seguridad" (security code), but all other related strings in this file consistently use "código de respaldo" (backup code):

• Line 473: personalid_recovery_lockout_message
• Line 472: personalid_recovery_failed_message
• Line 441: connect_backup_code_message
• Line 440: connect_backup_code_message_title

Since the string key is personalid_wrong_backup_message, it should refer to the backup code, not security code. Using inconsistent terminology for the same concept can confuse users.

🔎 Proposed fix

-    <string name="personalid_wrong_backup_message">Ha introducido el código de seguridad incorrecto. Inténtelo de nuevo. Su cuenta se bloqueará después de %d intentos incorrectos más.</string>
+    <string name="personalid_wrong_backup_message">Ha introducido el código de respaldo incorrecto. Inténtelo de nuevo. Su cuenta se bloqueará después de %d intentos incorrectos más.</string>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<string name="personalid_wrong_backup_message">Ha introducido el código de seguridad incorrecto. Inténtelo de nuevo. Su cuenta se bloqueará después de %d intentos incorrectos más.</string>
	<string name="personalid_wrong_backup_message">Ha introducido el código de respaldo incorrecto. Inténtelo de nuevo. Su cuenta se bloqueará después de %d intentos incorrectos más.</string>

🤖 Prompt for AI Agents

In app/res/values-es/strings.xml around line 474, the message uses "código de
seguridad" but the rest of the file and the string key
(personalid_wrong_backup_message) refer to the same concept as "código de
respaldo"; update the string to replace "código de seguridad" with "código de
respaldo" so the wording matches other related strings and avoids user
confusion, keeping the rest of the sentence and the %d placeholder intact.

[conroy-ricketts]

I'm a bit confused here. If a user sees this message, I thought their only option was to create a new account unless they contact support?

[conroy-ricketts]

Unless what we're doing here is making the message more generic?

[avazirna]

The new message doesn't seem to provide a way forward. Do users know that in these situations they are supposed to reach out to Support or a supervisor of some sort?

[OrangeAndGreen]

@conroy-ricketts There was a change in behavior here. For a short time we had it such that a user's account would automatically be orphaned and a new one created if they failed the backup code too many times. Instead, now accounts are locked in this scenario, and the user has to contact an admin to eventually get a web dev to unlock their account and assign them a new backup code.

@avazirna The message being modified here is shown before they've entered the wrong code too many times, so indicates the path forward simply as "Please try again" with the hope that they'll enter the correct code next time. However, the message that gets shown once their account actually gets locked is on the line above, and it indeed does not provide any guidance on what the user should do next. Perhaps it's worth adding something like "Please contact support to unlock your account"?

[conroy-ricketts]

Ah ok thanks for the context!

Perhaps it's worth adding something like "Please contact support to unlock your account"?

I like that idea!

[OrangeAndGreen]

Added the extra text: fb2ed91