From 061a07120cb5834bed0793a41570503fae489d9e Mon Sep 17 00:00:00 2001
From: Abdullah Atta <abdullahatta@streetwriters.co>
Date: Tue, 14 Feb 2023 18:02:17 +0500
Subject: [PATCH] fix: mfa recovery codes not working due to dual otp &
 recovery code checks

---
 .../Validation/MFAGrantValidator.cs              | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/Streetwriters.Identity/Validation/MFAGrantValidator.cs b/Streetwriters.Identity/Validation/MFAGrantValidator.cs
index 1ee0bc8..f4af01d 100644
--- a/Streetwriters.Identity/Validation/MFAGrantValidator.cs
+++ b/Streetwriters.Identity/Validation/MFAGrantValidator.cs
@@ -118,14 +118,16 @@ namespace Streetwriters.Identity.Validation
                     return;
                 }
             }
-
-            var provider = mfaMethod == MFAMethods.Email || mfaMethod == MFAMethods.SMS ? TokenOptions.DefaultPhoneProvider : UserManager.Options.Tokens.AuthenticatorTokenProvider;
-            var isMFACodeValid = await MFAService.VerifyOTPAsync(user, mfaCode, mfaMethod);
-            if (!isMFACodeValid)
+            else
             {
-                await UserManager.AccessFailedAsync(user);
-                await EmailSender.SendFailedLoginAlertAsync(user.Email, httpContext.GetClientInfo(), client).ConfigureAwait(false);
-                return;
+                var provider = mfaMethod == MFAMethods.Email || mfaMethod == MFAMethods.SMS ? TokenOptions.DefaultPhoneProvider : UserManager.Options.Tokens.AuthenticatorTokenProvider;
+                var isMFACodeValid = await MFAService.VerifyOTPAsync(user, mfaCode, mfaMethod);
+                if (!isMFACodeValid)
+                {
+                    await UserManager.AccessFailedAsync(user);
+                    await EmailSender.SendFailedLoginAlertAsync(user.Email, httpContext.GetClientInfo(), client).ConfigureAwait(false);
+                    return;
+                }
             }
 
             context.Result.IsError = false;