Follow up: Issue #3292974 by Mingsong, Grevil, Anybody, jlscott: Correctly detect invalid username/password or blocked account login errors (!21) · Merge requests · project / login_security · GitLab

Mingsong requested to merge issue/login_security-3292974:3292974-2 into 2.x Feb 14, 2023

Changes:

Preventing 403 error response that exposes valid username.
Consistent message for failed login attempt to prevent username enumeration.
Preventing blank error message for blocking user or IP.
A new test for messages.

Edited Feb 15, 2023 by Mingsong