fix #1405: fake invalid credentials when a blocked user tries to login

pull/267/head
Philipp Tessenow 11 years ago
parent 278aeb74ad
commit 7aeb2fc979
  1. 3
      app/controllers/account_controller.rb
  2. 1
      doc/CHANGELOG.md

@ -174,7 +174,8 @@ class AccountController < ApplicationController
user = User.find_by_login(username)
if user and user.check_password?(password)
if not user.active?
inactive_account
return inactive_account if user.registered?
invalid_credentials
elsif user.force_password_change
return if redirect_if_password_change_not_allowed(user)
render_force_password_change

@ -1,5 +1,6 @@
# Changelog
* `#1405` Incorrect message when trying to login with a permanently blocked account
* `#1409` Changing pagination limit on members view looses members tab
* `#1371` Changing pagination per_page_param does not change page
* `#1314` Always set last activity timestamp and check session expiry if ttl-setting is enabled

Loading…
Cancel
Save