Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Wrong "auth failed" log message with two factor auth enabled #965
If two factor authentication is enabled (and enforced), the user first has to enter his username and password, then press "Sign In" which triggers two things:
Once the user has entered a correct OTP, he's properly logged into Rainloop.
This behaviour is obviously wrong since the authentication is not finished yet and you get a false positive "auth failed" message.
It is then impossible to create a proper fail2ban rules if a correct login triggers an "auth failed" message.