azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 12:21:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-557] Fix MfaLoginTests AC1/AC2/AC7 seed ordering

Browse Source 
UserService.ValidateUser calls RegisterSuccessfulLogin on a successful
password verify, which resets FailedLoginCount=0 even on the MFA path
(the reset happens inside ValidateUser before the MFA branch returns
the step-1 token). Seeding the counter before /login was therefore a
no-op — the threshold-1 seed was wiped before the wrong-TOTP request
got a chance to trip the lockout.

Move SetLockoutUntil to AFTER step 1 succeeds in AC1, AC2, AC7. AC7
now also genuinely exercises MfaService's own counter reset on a
correct TOTP, instead of being satisfied by the password-success reset.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-14 10:13:23 +03:00
parent 8b7d8a4275
commit 5224a12589
2 changed files with 27 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/_autodev_state.md
+4 -4
View File
@@ -4,11 +4,11 @@
flow: existing-code
step: 11
name: Run Tests
status: not_started
status: in_progress
sub_step:
phase: 0
name: awaiting-invocation
detail: ""
phase: 2
name: run
detail: "scripts/run-tests.sh (docker-compose, ~6 min)"
leftovers_to_replay:
- _docs/_process_leftovers/2026-05-14_suite_infra_jwt_secret_drift.md
retry_count: 0