[Koha-bugs] [Bug 21311] Remove locked message from opac-auth.tt

bugzilla-daemon Thu, 11 Oct 2018 01:21:20 -0700

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21311


Marcel de Rooy <m.de.r...@rijksmuseum.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #80352|0                           |1
        is obsolete|                            |

--- Comment #6 from Marcel de Rooy <m.de.r...@rijksmuseum.nl> ---
Created attachment 80388
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80388&action=edit
Bug 21311: Remove locked message from opac-auth.tt

We should not expose more information than needed when someone tries
to login with invalid credentials. Saying that an account is locked
reveals that the account exists (or perhaps an email address).

Trivial fix. Keeping the var too_many_login_attempts for staff.
Note: We do not remove this distinction for the staff client here (in the
assumption that a library may well have additional security measures in
place for staff client). But it could be done too (on another report).

Test plan:
Enable lockout feature.
Enter invalid credentials until account locks out (on OPAC !!)
Note that message does no longer change to 'Account is locked'.

Signed-off-by: Marcel de Rooy <m.de.r...@rijksmuseum.nl>

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 21311] Remove locked message from opac-auth.tt

Reply via email to