Improve OTP code to handle session data in OneTimePasswordVerifyTrait not in LoginTrait
rochamarcelo opened this issue · 1 comments
rochamarcelo commented
This is related to #988 and more items.
- Move session delete
$this->getRequest()->getSession()->delete(AuthenticationService::TWO_FACTOR_VERIFY_SESSION_KEY);
from LoginTrait::login to OneTimePasswordVerifyTrait - On verification page instead of redirecting to login after invalid code submit we should ask the code again