fixed!

obl-ong · Oct 25, 2023 · 7caeaaf · 7caeaaf
1 parent b33be7d
commit 7caeaaf
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 18 deletions.
diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb
@@ -18,21 +18,27 @@ def login
   end
 
   def email
-    u = User::User.find_by(email: params[:email])
+    user = User::User.find_by(email: params[:email])
 
-    if(u.blank?)
+    if(user.blank?)
       redirect_to(controller: "users", action: "register")
-    elsif(u.disable_email_auth?)
+    elsif(user.disable_email_auth?)
       flash[:notice] = "Email login codes are disabled"
       redirect_to(controller: "auth", action: "login")
     end
 
-    User::Mailer.with(user: u).verification_email.deliver_later
+
+    if !(Time.now.to_i <= user.otp_last_minted + 600) || params[:resend] == "true" then
+      User::Mailer.with(user: user).verification_email.deliver_later
+    end
+
   end
 
   def verify_code
+
     u = User::User.find_by(email: params[:email])
-    if u.use_otp(params[:otp].to_s) == true
+
+    if u.use_otp(params[:code]) == true
       session[:authenticated] = true
       session[:current_user_id] = u.id
 

diff --git a/app/models/user/user.rb b/app/models/user/user.rb
@@ -3,29 +3,29 @@ class User::User < ApplicationRecord
   has_many :user_credentials
 
 
+  after_initialize do
+    @hotp = ROTP::HOTP.new(self.hotp_token)
+  end
+
   def mint_otp
-    self.otp_last_minted = nil
-    self.otp_counter = self.otp_counter.to_i + 1
-    self.save
-
-    hotp = ROTP::HOTP.new(self.hotp_token)
-    otp = hotp.at(self.otp_counter)
+    otp = @hotp.at(self.otp_counter)
     self.otp_last_minted = Time.now.to_i
     self.save
 
     otp
   end 
 
   def use_otp(token)
-    hotp = ROTP::HOTP.new(self.hotp_token)
-    hotp.verify(token, self.otp_counter)
+    if @hotp.verify(token.to_s, self.otp_counter.to_i) != nil && 
+      Time.now.to_i <= self.otp_last_minted + 600 then
 
-    now = Time.now.to_i
-
-    if self.otp_last_minted != nil && now <= self.otp_last_minted + 600
       self.otp_last_minted = nil
-      self.save
+      self.otp_counter += 1
       true
+
+    else
+
+      false
     end
   end 
 

diff --git a/app/views/auth/email.html.erb b/app/views/auth/email.html.erb
@@ -9,7 +9,9 @@
         <%= form.hidden_field :email, value: params[:email] %>
         <%= form.submit "Verify" %>
     <% end %>
-    <%= link_to "Resend Code" %>
+	<p id="error" class="error"></p>
+
+    <%= link_to "Resend Code", params: { resend: true, email: params[:email] } %>
     <div>
         <p>Having trouble? <a href="mailto:[email protected]">[email protected]</a></p>
         <p><a href="https://obl.ong">What's Obl.ong?</a></p>