Login bugs

[GoogleCodeExporter]

Logging in doesn't work properly:

1.  If you log in with an invalid user id, there is no failure message, instead 
from then on the login link is a no-op/page forward.

2.  If you log in with a valid user id but incorrect password, it succeeds.  
(should fail/give an error message).

3.  There is no way to log out short of restarting the browser.

Original issue reported on code.google.com by james.ch...@gmail.com on 16 Mar 2012 at 9:59

[GoogleCodeExporter]

It appears that when a user logs in using username/password then the password 
is only checked when the login was initiated because of an authorization check. 
 When you just click login you can use any password to log in as any user.

We should always check whether the username/password is correct before checking 
whether the user is authorized to do something.

Original comment by james.ch...@gmail.com on 28 Apr 2012 at 12:18