Wrong "auth failed" log message with two factor auth enabled #965
If two factor authentication is enabled (and enforced), the user first has to enter his username and password, then press "Sign In" which triggers two things:
Once the user has entered a correct OTP, he's properly logged into Rainloop.
This behaviour is obviously wrong since the authentication is not finished yet and you get a false positive "auth failed" message.
It is then impossible to create a proper fail2ban rules if a correct login triggers an "auth failed" message.
The text was updated successfully, but these errors were encountered: