Before reporting an issue

[X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

login/ui

Describe the bug

The OTP form does not have multiple 'submit form' protection (onsubmit="login.disabled = true; return true;"), like the username form does.

themes\src\main\resources\theme\keycloak.v2\login\login-username.ftl
themes\src\main\resources\theme\base\login\login-username.ftl
```
<form id="kc-form-login" onsubmit="login.disabled = true; return true;" action="${url.loginAction}"

method="post">

```

themes\src\main\resources\theme\keycloak.v2\login\login-otp.ftl
themes\src\main\resources\theme\base\login\login-otp.ftl
```
<form id="kc-otp-login-form" class="${properties.kcFormClass!}" action="${url.loginAction}"

method="post">

```

Submitting the form a second time will cancel the first attempt. Keycloak does not like this, and throws a variety of errors.

Version

26.0.7

Regression

[ ] The issue is a regression

Expected behavior

Like the username form, it should not allow secondary submits.

Actual behavior

The form can be submitted multiple times, causing a variety of errors based on how far the initial request manages to get

"Action expired. Please continue with login now"
"Your login attemp timed out. Login will start form the beginning"
"Invalid authenticator code"

or you are already logged in.

How to Reproduce?

Setup OTP on a user account.

• On Chrome (Firefox seems to disallow multiple submit)
• Open Developer Tools > Network tab > Set throttling to Fast 4G or Slow 4G. Leave open (enable throttling once you want to submit the OTP form)
• Go to keycloak's account console (get a login form)
• Click 'sign in' button
• Enter username/password. Submit.
• Enter otp code.
• While in the otp input field, press ENTER multiple times.

Anything else?

I pulled the source before submitting. The submit protection is not there in the login-otp.ftl files.