Follow up: Issue #3292974 by Mingsong, Grevil, Anybody, jlscott: Correctly detect invalid username/password or blocked account login errors
Changes:
- Preventing 403 error response that exposes valid username.
- Consistent message for failed login attempt to prevent username enumeration.
- Preventing blank error message for blocking user or IP.
- A new test for messages.
Edited by Mingsong