Hi, I am developing a Federation Provider, and I have a question...
Why the method () checks if the user "is enabled" after validate the password instead of before of the password validation?
AbstractUsernameFormAuthenticator.validateUserAndPassword: line 141/151
...
if (invalidUser(context, user)){
return false;
}
if (!validatePassword(context, user, inputData)){
return false;
}
if(!enabledUser(context, user)){
return false;
}
...
If the user is disabled... why validate his password and return a password validation error message?