Fixed User's IP is not recorded after password authentication, but before 2FA completes

[Xon]

Affected version

2.1.7

If a user has 2FA enabled, the IP is only recorded after 2FA completes and not after the username/passwords has been entered.

This makes detecting from log when a user's password is compromised but 2FA prevents the login very hard.

Finally, as these are separate requests; it could be over multiple/seperate IPs.

 

[XF Bug Bot]

Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.1.10).

Change log:

Log IP when TFA check is triggered

There may be a delay before changes are rolled out to the XenForo Community.