Account logs in without validating the 2FA code

[gorkapernas]

Description:

After restoring a purchase, if the account restored has 2FA enabled, it is possible to login without entering the 2FA code. The user is logged in, but the subscription information is wrong. Sometimes the account appears as inactive or with a date in the past as Active Until 1970-01-01, but in this case, connecting to the VPN does not work.

Furthermore, the user no longer will be able to logout, both regular logout, and logout and clear settings are not working, so the user must delete the app and reinstall it in order to restore the app normal behaviour.

Steps to reproduce:

1. Make sure the app can restore an account ID.
2. Enable 2FA for this account.
3. Proceed to the IVPN app v2.12.3(4).
4. Tap on "Restore Purchases".
5. When app attempts to login and presents the 2FA, cancel the 2FA.
6. Proceed to the account screen and observe that the account is logged in.
7. Attempt to logout and observe that it is not possible.

Expected result:

The user must validate the 2FA code in order to login, the app should never log the user in automatically.

Environment:

IVPN: 2.12.3 (4) Device: iPad 10, iPhone XR OS: iPadOS 17.5.1, iOS 18 Beta