[2.x] Add a check for blocked users and show proper error message.

@greggles perhaps you overlooked the "!" (NOT) in the if?

@cassioalmeida you're still assigned, planning to work on this any further?

andypost → closed merge request !1

Maybe it should be none of both, as it might be a username enumeration attack vector?
See ✨ Add Username Enumeration Attack Prevention Test Active

Thanks @cassioalmeida I added a comment. Generally the implementation LGTM!

Here's the implementation in core:

/**
   * Sets an error if supplied username has been blocked.
   */
  public function validateName(array &$form, FormStateInterface $form_state) {
    if (!$form_state->isValueEmpty('name') && user_is_blocked($form_state->getValue('name'))) {
      // Blocked in user administration.
      $form_state->setErrorByName('name', $this->t('The username %name has not been activated or is blocked.', ['%name' => $form_state->getValue('name')]));
    }
  }

https://api.drupal.org/api/drupal/core%21modules%21user%21src%21Form%21U...

So displaying this message seems fine and not considered an enumeration attack.

Hey, sorry for the delay and thanks for the comment.

I'll work on that later today.

Thanks, left some feedback again. After that I think it would be nice if @Grevil did the final review and merge, as he recently worked a lot in this module.

Thanks @cassioalmeida! :)

LGTM so far, let @Grevil do the final review.

You're welcome!

Just tag me if you need anything else.

@Grevil is out of office for some months, so I've reviewed this again and think it's fine! RTBC!

Automatically closed - issue fixed for 2 weeks with no activity.