From 27a3990472df47108700002d18707470d0a2a493 Mon Sep 17 00:00:00 2001
From: Marco <marco1@live.de>
Date: Sat, 9 Jul 2016 00:58:04 +0200
Subject: [PATCH] Only throttle login attempts that have wrong credentials

---
 src/Auth.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/Auth.php b/src/Auth.php
index 135f17e..2f31917 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -266,9 +266,6 @@ class Auth {
 	 * @throws AuthError if an internal problem occurred (do *not* catch)
 	 */
 	public function login($email, $password, $remember = false) {
-		$this->throttle(self::THROTTLE_ACTION_LOGIN);
-		$this->throttle(self::THROTTLE_ACTION_LOGIN, $email);
-
 		$email = isset($email) ? trim($email) : null;
 		if (empty($email)) {
 			throw new InvalidEmailException();
@@ -308,10 +305,16 @@ class Auth {
 					}
 				}
 				else {
+					$this->throttle(self::THROTTLE_ACTION_LOGIN);
+					$this->throttle(self::THROTTLE_ACTION_LOGIN, $email);
+
 					throw new InvalidPasswordException();
 				}
 			}
 			else {
+				$this->throttle(self::THROTTLE_ACTION_LOGIN);
+				$this->throttle(self::THROTTLE_ACTION_LOGIN, $email);
+
 				throw new InvalidEmailException();
 			}
 		}