Login Failed event fires twice if you attempt to sign in using invalid password for an existing user

[mvarblow]

Describe the bug

If you enable the user audit trail events and then attempt to sign in but type the wrong password you'll notice that three events are recorded:

1. A user updated event (the AccessFailedCount was incremented)
2. A login failed event that includes the user ID
3. A duplicate login failed event that does not include the user ID

Within the AccountController.Login method you can see that the LoggingInFailedAsync handler fires twice if the user is found (or just once if the user was not found).

Orchard Core version

1.8.3

To Reproduce

See above.

Expected behavior

The LoggingInFailedAsync handler should fire once and the audit trail event should be recorded once (with the user ID included).

[github-actions]

We triaged this issue and set the milestone according to the priority we think is appropriate (see the docs on how we triage and prioritize issues).

This indicates when the core team may start working on it. However, if you'd like to contribute, we'd warmly welcome you to do that anytime. See our guide on contributions here.