Fixed the logic of the custom password authenticator

security/custom_password_authenticator.rst

@@ -68,29 +68,23 @@ the user::
                 }
             }
 
-            if ($isPasswordValid) {
-                $currentHour = date('G');
-                if ($currentHour < 14 || $currentHour > 16) {
-                    // CAUTION: this message will be returned to the client
-                    // (so don't put any un-trusted messages / error strings here)
-                    throw new CustomUserMessageAuthenticationException(
-                        'You can only log in between 2 and 4!',
-                        array(), // Message Data
-                        412 // HTTP 412 Precondition Failed
-                    );
-                }
-
-                return new UsernamePasswordToken(
-                    $user,
-                    $user->getPassword(),
-                    $providerKey,
-                    $user->getRoles()
+            $currentHour = date('G');
+            if ($currentHour < 14 || $currentHour > 16) {
+                // CAUTION: this message will be returned to the client
+                // (so don't put any un-trusted messages / error strings here)
+                throw new CustomUserMessageAuthenticationException(
+                    'You can only log in between 2 and 4!',
+                    array(), // Message Data
+                    412 // HTTP 412 Precondition Failed
                 );
             }
 
-            // CAUTION: this message will be returned to the client
-            // (so don't put any un-trusted messages / error strings here)
-            throw new CustomUserMessageAuthenticationException('Invalid username or password');
+            return new UsernamePasswordToken(
+                $user,
+                $user->getPassword(),
+                $providerKey,
+                $user->getRoles()
+            );
         }
 
         public function supportsToken(TokenInterface $token, $providerKey)