From a83e0d259e24e560548688b5ef8c54f2e4c374b4 Mon Sep 17 00:00:00 2001
From: shuaiplus <2327005759@qq.com>
Date: Fri, 20 Feb 2026 18:53:10 +0800
Subject: [PATCH] fix: increase max login attempts and improve two-factor token
 error response

---
 src/config/limits.ts     | 2 +-
 src/handlers/identity.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/config/limits.ts b/src/config/limits.ts
index 3676db0..4a1481a 100644
--- a/src/config/limits.ts
+++ b/src/config/limits.ts
@@ -22,7 +22,7 @@
   rateLimit: {
     // Max failed login attempts before temporary lock.
     // 触发临时锁定前允许的最大登录失败次数。
-    loginMaxAttempts: 5,
+    loginMaxAttempts: 10,
     // Login lock duration in minutes.
     // 登录锁定时长（分钟）。
     loginLockoutMinutes: 2,
diff --git a/src/handlers/identity.ts b/src/handlers/identity.ts
index a2fa7e3..8d73c02 100644
--- a/src/handlers/identity.ts
+++ b/src/handlers/identity.ts
@@ -145,7 +145,7 @@ export async function handleToken(request: Request, env: Env): Promise<Response>
               429
             );
           }
-          return twoFactorRequiredResponse();
+          return identityErrorResponse('Invalid two-factor token', 'invalid_grant', 400);
         }
       }