mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
Fix #1994 Lockable no longer leaks account existence
This commit is contained in:
parent
00e8841e93
commit
00a01c2bc4
1 changed files with 5 additions and 1 deletions
|
@ -105,7 +105,11 @@ module Devise
|
|||
end
|
||||
|
||||
def unauthenticated_message
|
||||
if lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
|
||||
# If set to paranoid mode, do not show the locked message because it
|
||||
# leaks the existence of an account.
|
||||
if Devise.paranoid
|
||||
super
|
||||
elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
|
||||
:locked
|
||||
else
|
||||
super
|
||||
|
|
Loading…
Reference in a new issue