Update AccountController, fix #456

app/Http/Controllers/AccountController.php

@@ -295,7 +295,10 @@ class AccountController extends Controller
         if(password_verify($password, $user->password) === true) {
             $request->session()->put('sudoMode', time());
             return redirect($next);
+        } else {
+            return redirect()
+                ->back()
+                ->withErrors(['password' => __('auth.failed')]);
         }
-        return redirect($next);
     }
 }

app/User.php

@@ -33,7 +33,9 @@ class User extends Authenticatable
      * @var array
      */
     protected $hidden = [
-        'password', 'remember_token',
+        'email', 'password', 'is_admin', 'remember_token', 
+        'email_verified_at', '2fa_enabled', '2fa_secret', 
+        '2fa_backup_codes', '2fa_setup_at',
     ];
 
     public function profile()