From 18eefd11746a2fa203e5e9406e51e893039c4749 Mon Sep 17 00:00:00 2001
From: shuaiplus <2327005759@qq.com>
Date: Sat, 23 May 2026 02:22:04 +0800
Subject: [PATCH] fix: simplify login identifier construction in two-factor
 recovery and token handling

---
 src/handlers/accounts.ts | 2 +-
 src/handlers/identity.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/handlers/accounts.ts b/src/handlers/accounts.ts
index 5635c5e..44e027f 100644
--- a/src/handlers/accounts.ts
+++ b/src/handlers/accounts.ts
@@ -731,7 +731,7 @@ export async function handleRecoverTwoFactor(request: Request, env: Env): Promis
   if (!clientIdentifier) {
     return errorResponse('Client IP is required', 403);
   }
-  const recoverLimitKey = `${clientIdentifier}:recover-2fa:${email || 'unknown'}`;
+  const recoverLimitKey = `${clientIdentifier}:recover-2fa`;
 
   const recoverAttemptCheck = await rateLimit.checkLoginAttempt(recoverLimitKey);
   if (!recoverAttemptCheck.allowed) {
diff --git a/src/handlers/identity.ts b/src/handlers/identity.ts
index bea684f..bee9e34 100644
--- a/src/handlers/identity.ts
+++ b/src/handlers/identity.ts
@@ -430,7 +430,7 @@ export async function handleToken(request: Request, env: Env): Promise<Response>
     const scope = body.scope;
     const deviceInfo = readAuthRequestDeviceInfo(body, request);
 
-    const loginIdentifier = `${clientIdentifier}:${clientId}`;
+    const loginIdentifier = clientIdentifier;
     const parmValid = checkClientCredentialsParam(clientId, clientSecret, scope);
     if (!parmValid) {
       return identityErrorResponse('Parameter error', 'invalid_request', 400);