Overview: after several failed authentication attempts, /auth/login returns a 500 instead of a 422.
Steps to Reproduce:
- In any environment running mod-authtoken >= 2.6.0, create a user and assign a password
- Attempt to sign in with invalid credentials several times.
Expected Results: 422/password.incorrect followed by a 422/account.locked or something similar.
Actual Results: After a few attempts, the error code changes to password.incorrect.warn.user. After a few more, the response changes to 500 and