Hi, I am developing a Federation Provider, and I have a
question...
Why the method () checks if the user "is enabled" after
validate the password instead of before of the password
validation?
AbstractUsernameFormAuthenticator.validateUserAndPassword:
line 141/151
...
if (invalidUser(context, user)){
return false;
}
if (!validatePassword(context, user,
inputData)){
return false;
}
if(!enabledUser(context, user)){
return false;
}
...
If the user is disabled... why validate his password and
return a password validation error message?