OpenAtlas

Ferat Aydin from SEC4YOU reported that our login error messages are not confirming to a security guideline because usernames can be found out.

Although I (Alex) am not convinced that the seemingly security improvement justifies sacrificing usability, it was decided in our last developer meeting to follow this guideline.
So in future we won't tell users at login if their username or password was incorrect but instead will give a generic "Invalid user or password" error message.