github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-06-03 12:57:09 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

fix(two-factor): verification deletion on otp should use the correct ID (#2425)

Browse Source
This commit is contained in:
Bereket Engida
2025-04-24 18:13:41 +03:00
committed by GitHub
parent 20bb862814
commit b9823cd75b
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
packages/better-auth/src/plugins/two-factor/otp/index.ts
View File

@@ -255,9 +255,11 @@ export const otp2fa = (options?: OTPOptions) => {
);
const [otp, counter] = toCheckOtp?.value?.split("!") ?? [];
if (!toCheckOtp || toCheckOtp.expiresAt < new Date()) {
await ctx.context.internalAdapter.deleteVerificationValue(
`2fa-otp-${key}`,
);
if (toCheckOtp) {
await ctx.context.internalAdapter.deleteVerificationValue(
toCheckOtp.id,
);
}
throw new APIError("BAD_REQUEST", {
message: TWO_FACTOR_ERROR_CODES.OTP_HAS_EXPIRED,
});
@@ -265,7 +267,7 @@ export const otp2fa = (options?: OTPOptions) => {
const allowedAttempts = options?.allowedAttempts || 5;
if (parseInt(counter) >= allowedAttempts) {
await ctx.context.internalAdapter.deleteVerificationValue(
`2fa-otp-${key}`,
toCheckOtp.id,
);
throw new APIError("BAD_REQUEST", {
message: TWO_FACTOR_ERROR_CODES.TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE,