Redirection problem to the login page after locking an account
Hi team,
We are trying to upgrade lemonldap version 2.09 to version 2.0.13.
We are currently working on the non regression application component tests to ensure that everything still meets our business process.
We noticed a problem when an account is locked after X failed attempts.
Description of the current process running on version 2.09 :
- When a user locks their account, they want to go back to the login page to try out the password recovery feature.
We display the corresponding error message in the error.tpl : (See Attach file)
When we want to return to the authentication page with the button «Return to authentification». The redirect work (login.tpl template is called). However, the login form is not displayed and we lost the reference url to the virtual host application.
Note : We use vanilla vesion of lemonldap. We only customized the templates styles. Also, the behavior works correctly for error 403 (<TMPL_IF ERROR403> </TMPL_IF>). The user is redirected to the login page as defined in the rules access manager.
In version 2.0.9, all work great.
Could you tell me if it's a bug or a new approach of security and if it is a new approach, how do you suggest to respond to the business process of my company?
Thank you for your assistance.