From ffc05e2fed18dba9478486b650ea50fd2690e5cb Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Thu, 22 Feb 2018 12:46:06 +0100
Subject: [PATCH] don't try login with the same name that just failed

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---
 core/Controller/LoginController.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index d3659a1c48..d0a91320e1 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -264,13 +264,15 @@ class LoginController extends Controller {
 			$users = $this->userManager->getByEmail($user);
 			// we only allow login by email if unique
 			if (count($users) === 1) {
+				$previousUser = $user;
 				$user = $users[0]->getUID();
-				$loginResult = $this->userManager->checkPassword($user, $password);
-			} else {
-				$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
+				if($user !== $previousUser) {
+					$loginResult = $this->userManager->checkPassword($user, $password);
+				}
 			}
 		}
 		if ($loginResult === false) {
+			$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
 			// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
 			$args = !is_null($user) ? ['user' => $originalUser] : [];
 			if (!is_null($redirect_url)) {