2 files changed, 13 insertions, 13 deletions

diff --git a/VNLib.Plugins.Essentials.Accounts/Endpoints/LoginEndpoint.cs b/VNLib.Plugins.Essentials.Accounts/Endpoints/LoginEndpoint.cs
index a4254de..4100620 100644
--- a/VNLib.Plugins.Essentials.Accounts/Endpoints/LoginEndpoint.cs
+++ b/VNLib.Plugins.Essentials.Accounts/Endpoints/LoginEndpoint.cs
@@ -68,9 +68,6 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints
         private readonly uint MaxFailedLogins;
         private readonly TimeSpan FailedCountTimeout;
 
-        ///<inheritdoc/>
-        protected override ProtectionSettings EndpointProtectionSettings { get; } = new();
-
         public LoginEndpoint(PluginBase pbase, IReadOnlyDictionary<string, JsonElement> config)
         {
             string? path = config["path"].GetString();
@@ -298,15 +295,19 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints
                 return VfReturnType.VirtualSkip;
             }
 
-            //Wipe session signature
-            entity.Session.MfaUpgradeSignature(null);
+            bool locked = UserLoginLocked(user);
 
             //Make sure the account has not been locked out
-            if (!webm.Assert(!UserLoginLocked(user), LOCKED_ACCOUNT_MESSAGE))
+            if (!webm.Assert(locked == false, LOCKED_ACCOUNT_MESSAGE))
             {
                 //process mfa login
                 LoginMfa(entity, user, request, upgrade, webm);
             }
+            else
+            {
+                //Locked, so clear stored signature
+                entity.Session.MfaUpgradeSignature(null);
+            }
       
             //Update user on clean process
             await user.ReleaseAsync();
@@ -338,7 +339,7 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints
                         //Valid, complete                         
                     }
                     break;
-                case MFAType.GPG:
+                case MFAType.PGP:
                     { }
                     break;
                 default:
@@ -347,6 +348,10 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints
                     }
                     return;
             }
+
+            //Wipe session signature
+            entity.Session.MfaUpgradeSignature(null);
+
             //build login message from upgrade
             LoginMessage loginMessage = new()
             {
diff --git a/VNLib.Plugins.Essentials.Accounts/Endpoints/LogoutEndpoint.cs b/VNLib.Plugins.Essentials.Accounts/Endpoints/LogoutEndpoint.cs
index f5d12ec..cc36609 100644
--- a/VNLib.Plugins.Essentials.Accounts/Endpoints/LogoutEndpoint.cs
+++ b/VNLib.Plugins.Essentials.Accounts/Endpoints/LogoutEndpoint.cs
@@ -34,12 +34,7 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints
 {
     [ConfigurationName("logout_endpoint")]
     internal class LogoutEndpoint : ProtectedWebEndpoint
-    {        
-        //Use default ep protection (most strict)
-        
-        ///<inheritdoc/>
-        protected override ProtectionSettings EndpointProtectionSettings { get; } = new();
-
+    {
         
         public LogoutEndpoint(PluginBase pbase, IReadOnlyDictionary<string, JsonElement> config)
         {