Code is sent to locked users

[fonji]

Hello and thank you for this gem!

If a user makes too many login attempts, goes back to the login page and logs in again, send_two_factor_authentication_code is still called, so the user gets a code although he can't enter it. This can be easily avoided in send_two_factor_authentication_code but I think it shouldn't be called at all.

I created a test case and offer a solution here. I sadly can't make a PR as I already forked a fork of this repository (...), and that means I can't fork the root repository.

[Houdini]

Hello, thanks, I'll merge it

[rgerard]

I also ran into this issue today. It doesn't appear that this was ever merged. Want me to open a PR with @fonji's solution?