From 71cafa26d23d517023c897e1f7ab5fbd03a315b1 Mon Sep 17 00:00:00 2001
From: Dmitry Petrov <dpetrov67@gmail.com>
Date: Mon, 23 Jun 2025 09:33:59 -0400
Subject: [PATCH 1/2] fix: Correctly set error message coming from TOTP check

---
 login.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/login.php b/login.php
index 27a62c4f..794a8816 100644
--- a/login.php
+++ b/login.php
@@ -160,25 +160,28 @@ function _addAnchor($url, $type, $vars, $url_anchor = null)
     // TODO: Factor out into login handler class
     // First check if we need to validate the second factor.
     $authUser = Horde_Util::getPost('horde_user') ?? '';
-    $passSecondFactor = true;
+    $errorSecondFactor = false;
     if ($loginHandler->secondFactorSupported) {
+        $message = null;
         try {
             $authSecondFactor = (string) Horde_Util::getPost('horde_secondfactor');
-            $errorSecondFactor = $registry->call('secondfactor/blockLogin', [
+            $message = $registry->call('secondfactor/blockLogin', [
                 $authUser,
                 $authSecondFactor,
             ]);
+            if ($message) {
+                $errorSecondFactor = Horde_Auth::REASON_MESSAGE;
+            }
         } catch (Horde_Exception $e) {
             $errorSecondFactor = Horde_Auth::REASON_BADLOGIN;
         }
 
         if ($errorSecondFactor) {
-            $passSecondFactor = false;
-            $auth->setError($errorSecondFactor);
+            $auth->setError($errorSecondFactor, $message);
         }
     }
 
-    if ($passSecondFactor && $auth->authenticate($authUser, $auth_params)) {
+    if (!$errorSecondFactor && $auth->authenticate($authUser, $auth_params)) {
         Horde::log(
             sprintf(
                 'Login success for %s to %s (%s)%s',

From 6050af66fee3f3c07f04814acd0aabdb5ccb8227 Mon Sep 17 00:00:00 2001
From: Dmitry Petrov <dpetrov67@gmail.com>
Date: Mon, 23 Jun 2025 22:26:58 -0400
Subject: [PATCH 2/2] fix: Do not set the value of the second factor input box
 (Dmitry)

---
 src/Login.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Login.php b/src/Login.php
index d548c210..7df660fa 100644
--- a/src/Login.php
+++ b/src/Login.php
@@ -40,7 +40,8 @@ public function buildLoginParams(): array
             $loginparams['horde_secondfactor'] = [
                 'label' => _("Second Factor"),
                 'type' => 'password',
-                'value' => $this->vars->horde_secondfactor,
+                // 'value' => $this->vars->horde_secondfactor,
+                'extra' => [ 'autocomplete' => 'off' ],
             ];
         }
         return $loginparams;