From e9e5e55e84624b36f317940eabb816d48612743d Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Wed, 10 Oct 2018 16:04:38 +0200 Subject: [PATCH] Bug 21311: Remove locked message from opac-auth.tt We should not expose more information than needed when someone tries to login with invalid credentials. Saying that an account is locked reveals that the account exists (or perhaps an email address). Trivial fix. Keeping the var too_many_login_attempts for staff. Note: We do not remove this distinction for the staff client here (in the assumption that a library may well have additional security measures in place for staff client). But it could be done too (on another report). Test plan: Enable lockout feature. Enter invalid credentials until account locks out (on OPAC !!) Note that message does no longer change to 'Account is locked'. Signed-off-by: Marcel de Rooy Signed-off-by: Mark Tompsett Signed-off-by: Nick Clemens (cherry picked from commit 716301d6f5bb149e963c5547d69d4019c20953db) Signed-off-by: Martin Renvoize (cherry picked from commit 55d687f3a7002439c6d27fb35af83333b8dfcdc4) Signed-off-by: Fridolin Somers --- .../opac-tmpl/bootstrap/en/modules/opac-auth.tt | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt index cfcc57d3ed..c313d082a1 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt @@ -54,19 +54,10 @@ [% END %] - [% IF too_many_login_attempts %] + [% IF invalid_username_or_password || too_many_login_attempts %] +
- This account has been locked! - [% IF Koha.Preference('OpacResetPassword') %] - You must reset your password. - [% ELSE %] - Please contact a library staff member. - [% END %] -
- [% ELSIF invalid_username_or_password %] - -
-

You entered an incorrect username or password. Please try again! And remember, passwords are case sensitive.

+

You entered an incorrect username or password. Please try again! And remember, passwords are case sensitive. Please contact a library staff member if you continue to have problems.

[% END %] -- 2.39.5