Sign in with Google and 2FA not working properly
Summary
When sign in with Google account everything works fine until the Two-Factor Authentication page. The code is valid but the alert Invalid Two-Factor code is displayed and after a few refresh of the page the verification succeed with the same code.
Steps to reproduce
- Select Google at the sign in page
- Authenticate with Google account
- At the Two-Factor Authentication insert a code generated by Google Authenticator
- Click on Verify code
What is the current bug behavior?
A message Invalid two factor code is displayed even if the code is valid and after a few refresh of the page the verification succeeds. Sometimes the refresh may lead to block the account which is the expected behavior but suddenly an operation that should take a few seconds takes dozens.
What is the expected correct behavior?
If the code is valid the verification should succeed directly without refreshing the page
Output of checks
This bug happens on GitLab.com. Using Firefox (last version) and Chrome (last version), on Ubuntu 18.04 and MacOS 10.14.
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)