Hi, I am developing a Federation Provider, and I have a question...

Why the method () checks if the user "is enabled" after validate the password instead of before of the password validation?

AbstractUsernameFormAuthenticator.validateUserAndPassword: line 141/151
...
        if (invalidUser(context, user)){
            return false;
        }

        if (!validatePassword(context, user, inputData)){
            return false;
        }

        if(!enabledUser(context, user)){
            return false;
        }
...

If the user is disabled... why validate his password and return a password validation error message?

--
Ariel Carrera