From 7caeaafcb2bc1224ce0da6db309fc0bca8b18bdb Mon Sep 17 00:00:00 2001
From: reesericci <me@reeseric.ci>
Date: Wed, 25 Oct 2023 14:01:46 -0500
Subject: [PATCH] fixed!

---
 app/controllers/auth_controller.rb | 16 +++++++++++-----
 app/models/user/user.rb            | 24 ++++++++++++------------
 app/views/auth/email.html.erb      |  4 +++-
 3 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb
index 823ba6f..d3a454f 100644
--- a/app/controllers/auth_controller.rb
+++ b/app/controllers/auth_controller.rb
@@ -18,21 +18,27 @@ def login
   end
 
   def email
-    u = User::User.find_by(email: params[:email])
+    user = User::User.find_by(email: params[:email])
 
-    if(u.blank?)
+    if(user.blank?)
       redirect_to(controller: "users", action: "register")
-    elsif(u.disable_email_auth?)
+    elsif(user.disable_email_auth?)
       flash[:notice] = "Email login codes are disabled"
       redirect_to(controller: "auth", action: "login")
     end
 
-    User::Mailer.with(user: u).verification_email.deliver_later
+
+    if !(Time.now.to_i <= user.otp_last_minted + 600) || params[:resend] == "true" then
+      User::Mailer.with(user: user).verification_email.deliver_later
+    end
+
   end
   
   def verify_code
+
     u = User::User.find_by(email: params[:email])
-    if u.use_otp(params[:otp].to_s) == true
+
+    if u.use_otp(params[:code]) == true
       session[:authenticated] = true
       session[:current_user_id] = u.id
         
diff --git a/app/models/user/user.rb b/app/models/user/user.rb
index 0810b6f..7a15f8d 100644
--- a/app/models/user/user.rb
+++ b/app/models/user/user.rb
@@ -3,13 +3,12 @@ class User::User < ApplicationRecord
   has_many :user_credentials
 
 
+  after_initialize do
+    @hotp = ROTP::HOTP.new(self.hotp_token)
+  end
+
   def mint_otp
-    self.otp_last_minted = nil
-    self.otp_counter = self.otp_counter.to_i + 1
-    self.save
-    
-    hotp = ROTP::HOTP.new(self.hotp_token)
-    otp = hotp.at(self.otp_counter)
+    otp = @hotp.at(self.otp_counter)
     self.otp_last_minted = Time.now.to_i
     self.save
     
@@ -17,15 +16,16 @@ def mint_otp
   end 
 
   def use_otp(token)
-    hotp = ROTP::HOTP.new(self.hotp_token)
-    hotp.verify(token, self.otp_counter)
+    if @hotp.verify(token.to_s, self.otp_counter.to_i) != nil && 
+      Time.now.to_i <= self.otp_last_minted + 600 then
 
-    now = Time.now.to_i
-
-    if self.otp_last_minted != nil && now <= self.otp_last_minted + 600
       self.otp_last_minted = nil
-      self.save
+      self.otp_counter += 1
       true
+
+    else
+
+      false
     end
   end 
   
diff --git a/app/views/auth/email.html.erb b/app/views/auth/email.html.erb
index a24b8f6..1427c02 100644
--- a/app/views/auth/email.html.erb
+++ b/app/views/auth/email.html.erb
@@ -9,7 +9,9 @@
         <%= form.hidden_field :email, value: params[:email] %>
         <%= form.submit "Verify" %>
     <% end %>
-    <%= link_to "Resend Code" %>
+	<p id="error" class="error"></p>
+
+    <%= link_to "Resend Code", params: { resend: true, email: params[:email] } %>
     <div>
         <p>Having trouble? <a href="mailto:support@obl.ong">support@obl.ong</a></p>
         <p><a href="https://obl.ong">What's Obl.ong?</a></p>