jeremyevans
commented
2 years ago Thanks for the patch. This also looks good. I agree that setting the error reason is the way to go in this case.
Closed janko closed 2 years ago
jeremyevans
commented
2 years ago Thanks for the patch. This also looks good. I agree that setting the error reason is the way to go in this case.
In #177 I missed another place in verify_account where error status should be set, which is when an unverified account exists when attempting to create an account.
I've switched to using
#set_response_error_reason_status, as that's used in most other places. I've also added a test for the lockout feature that asserts that a 4xx response status is set when showing the lockout page.