fix: guard mfa login with ip tracker#12365
Conversation
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d4e90147b7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if global.IPTracker.NeedCaptcha(ip) { | ||
| helper.BadAuth(c, "ErrMFA", nil) | ||
| return |
There was a problem hiding this comment.
This early return makes /core/auth/mfalogin reject all requests from a tracked IP with ErrMFA before verifying the submitted code. Because this same handler now sets NeedCaptcha after one wrong MFA code, a user who mistypes once cannot complete MFA on the current screen anymore: the frontend MFA handler (frontend/src/views/login/components/login-form.vue, mfaLogin) treats every 401 as a generic MFA error and does not expose captcha or route back to password login, so even a correct second code is rejected until the user manually restarts the whole login flow.
Useful? React with 👍 / 👎.
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wanghe-fit2cloud The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
3 participants
No description provided.