Commit 283441b1 authored by ale's avatar ale

Apply blacklists even on unknown users

IP-based blacklists should run anyway in that case. The change
simplifies the doAuthenticate() flow, and the ratelimit API.

Add a test for this case too.
parent 40fbc768
Pipeline #5909 passed with stages
in 1 minute and 33 seconds