From 599844b2fb5038abe3d083c49cea43e09162c084 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Wed, 12 Sep 2018 21:45:08 -0600
Subject: [PATCH] Update AccountController, fix #456

---
 app/Http/Controllers/AccountController.php | 5 ++++-
 app/User.php                               | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php
index dad177f46..b7f567d7e 100644
--- a/app/Http/Controllers/AccountController.php
+++ b/app/Http/Controllers/AccountController.php
@@ -295,7 +295,10 @@ class AccountController extends Controller
         if(password_verify($password, $user->password) === true) {
             $request->session()->put('sudoMode', time());
             return redirect($next);
+        } else {
+            return redirect()
+                ->back()
+                ->withErrors(['password' => __('auth.failed')]);
         }
-        return redirect($next);
     }
 }
diff --git a/app/User.php b/app/User.php
index 3060cabd3..4e014f046 100644
--- a/app/User.php
+++ b/app/User.php
@@ -33,7 +33,9 @@ class User extends Authenticatable
      * @var array
      */
     protected $hidden = [
-        'password', 'remember_token',
+        'email', 'password', 'is_admin', 'remember_token', 
+        'email_verified_at', '2fa_enabled', '2fa_secret', 
+        '2fa_backup_codes', '2fa_setup_at',
     ];
 
     public function profile()