commit c9f09a221962ab92c4465064746e2353c4bc010c
Author: Merel van Empel <m.vanempel@septembermultimedia.nl>
Date:   Sat Sep 29 12:39:08 2018 +0200

    Patch Patch 2989985-14.

diff --git a/webroot/modules/user/user.module b/webroot/modules/user/user.module
index 136cbf3..12ca280 100644
--- a/webroot/modules/user/user.module
+++ b/webroot/modules/user/user.module
@@ -2225,12 +2225,10 @@ function user_login_final_validate($form, &$form_state) {
     if (isset($form_state['flood_control_triggered'])) {
       if ($form_state['flood_control_triggered'] == 'user') {
         form_set_error('name', format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'))));
-        watchdog('user', 'Flood control blocked login attempt for %user from %ip.', array('%user' => $form_state['values']['name'], '%ip' =>isset($form_state['flood_control_user_identifier']) ? $form_state['flood_control_user_identifier'] : ip_address()));
       }
       else {
         // We did not find a uid, so the limit is IP-based.
         form_set_error('name', t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'))));
-        watchdog('user', 'Flood control blocked login attempt from %ip.', array('%ip' =>isset($form_state['flood_control_user_identifier']) ? $form_state['flood_control_user_identifier'] : ip_address()));
       }
     }
     else {
@@ -2241,7 +2239,6 @@ function user_login_final_validate($form, &$form_state) {
       form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password', array('query' => $query)))));
       watchdog('user', 'Login attempt failed for %user.', array('%user' => $form_state['values']['name']));
     }
-    drupal_access_denied();
   }
   elseif (isset($form_state['flood_control_user_identifier'])) {
     // Clear past failures for this user so as not to block a user who might
diff --git a/webroot/modules/user/user.test b/webroot/modules/user/user.test
index 31a7817..0875e0a 100644
--- a/webroot/modules/user/user.test
+++ b/webroot/modules/user/user.test
@@ -437,20 +437,15 @@ class UserLoginTestCase extends DrupalWebTestCase {
     $this->drupalPost('user', $edit, t('Log in'));
     $this->assertNoFieldByXPath("//input[@name='pass' and @value!='']", NULL, 'Password value attribute is blank.');
     if (isset($flood_trigger)) {
-      $this->assertResponse(403);
-      $last_log = db_query_range('SELECT message FROM {watchdog} WHERE type = :type ORDER BY wid DESC', 0, 1, array(':type' => 'user'))->fetchField();
       if ($flood_trigger == 'user') {
-        $this->assertRaw(t('Too many failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'))));
-        $this->assertEqual('Flood control blocked login attempt for %user from %ip.', $last_log, 'A watchdog message was logged for the login attempt blocked by flood control per user');
+        $this->assertRaw(format_plural(variable_get('user_failed_login_user_limit', 5), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'))));
       }
       else {
         // No uid, so the limit is IP-based.
         $this->assertRaw(t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => url('user/password'))));
-        $this->assertEqual('Flood control blocked login attempt from %ip.', $last_log, 'A watchdog message was logged for the login attempt blocked by flood control per IP');
       }
     }
     else {
-      $this->assertResponse(200);
       $this->assertText(t('Sorry, unrecognized username or password. Have you forgotten your password?'));
     }
   }