How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Steps to reproduce

1. Under Administration/Security/Password Policy: set "Number of login attempts before the user account is blocked" to e.g. 3.
2. Logout and try to login as an exisiting user, using the user name (not the email address) and a wrong password. The user account gets blocked after above set number of tries.
3. After re-enabling the account, try to login using the email address (not the user name) and a wrong password. The user account does not get blocked after above set number of tries

Expected behaviour

The account should get blocked, no matter if the user name or its email address is used.

Actual behaviour

The account does not get blocked if the email address is used.

Server configuration

Nextcloud version: 21.0.5

Updated from an older Nextcloud/ownCloud or fresh install: updated