LoginAsync() saves "Success" in ABPLoginAttempts table before verifying 2FA code #11878

MellowoodMedical created 2 months ago

Hello,

When 2-factor authentication is enabled, the user enters their Username and Password and then completes 2-factor authentication.

Now, the issue is that the LoginAsync() method in AbpLogInManager, saves the success records in the ABPLoginAttempts table before verifying the 2FA code entered by the user.

So in the case where the username and Password are correct, but the 2FA code is incorrect, a user fails to log in, but the ABPLoginAttempts table shows success.

Here it just checks the Username/Password and saves the attempt as Success.

3 Answer(s)

0

ismcagdas created 2 months ago
Support Team

Hi,

Could you create an issue on https://github.com/aspnetzero/aspnet-zero-core ? We will test this and solve the problem.

1
0

MellowoodMedical created 2 months ago

https://github.com/aspnetzero/aspnet-zero-core/issues/5135
0

ismcagdas created 2 months ago
Support Team

Thanks a lot, I have added it to next milestone. We will look into this.

Have an answer to this question? Log in and write your answer.