fix: fix captcha/otp times on login - fix #57

app/client/src/modules/login/login.component.tsx

@@ -5,9 +5,10 @@ import styles from "./login.module.scss";
 import { useNavigate } from "react-router-dom";
 export const LoginComponent: React.FC = () => {
   const [submittedAt, setSubmittedAt] = useState<number>();
-  const [captchaId, setCaptchaId] = useState<string>();
+  const [captchaId, setCaptchaId] = useState<string>(null);
   const [loaded, setLoaded] = useState<boolean>(false);
   const [showOTP, setShowOTP] = useState<boolean>(false);
+  const [showCaptcha, setShowCaptcha] = useState<boolean>(false);
 
   const { login, refreshSession, getTicketId } = useApi();
   let navigate = useNavigate();
@@ -42,7 +43,8 @@ export const LoginComponent: React.FC = () => {
           window.location.href = redirectUrl;
         })
         .catch(({ status }) => {
-          if (status === 441) setShowOTP(true);
+          if (status === 461 || status === 451) setShowCaptcha(true);
+          if (status === 461 || status === 441) setShowOTP(true);
           setSubmittedAt(performance.now());
         });
     },
@@ -56,7 +58,12 @@ export const LoginComponent: React.FC = () => {
       <form className={styles.form} onSubmit={onSubmit}>
         <input name="email" placeholder="email" />
         <input name="password" placeholder="password" type="password" />
-        <CaptchaComponent submittedAt={submittedAt} onResolve={setCaptchaId} />
+        {showCaptcha && (
+          <CaptchaComponent
+            submittedAt={submittedAt}
+            onResolve={setCaptchaId}
+          />
+        )}
         {showOTP && <input name="otpToken" placeholder="otp" maxLength={6} />}
         <button type="submit">Login</button>
       </form>

app/server/src/modules/api/v2/account/login.request.ts

@@ -16,7 +16,7 @@ export const loginRequest: RequestType = {
     const { ticketId, email, password, captchaId, otpToken } =
       await request.json();
 
-    if (!(await System.captcha.verify(captchaId)) || !email || !password)
+    if (!email || !password)
       return Response.json(
         { status: 403 },
         {
@@ -85,23 +85,29 @@ export const loginRequest: RequestType = {
       account.accountId,
     ]);
 
-    if (accountOTP.verified) {
-      if (!otpToken)
-        return Response.json(
-          { status: 441, message: "OTP secret is needed!" },
-          {
-            status: 441,
-          },
-        );
+    let isValidOTP = true;
 
-      if (!System.otp.verify(accountOTP.secret, otpToken))
-        return Response.json(
-          { status: 441, message: "OTP is not valid!" },
-          {
-            status: 441,
-          },
-        );
-    }
+    if (
+      accountOTP.verified &&
+      (!otpToken || !System.otp.verify(accountOTP.secret, otpToken))
+    )
+      isValidOTP = false;
+
+    if (!(await System.captcha.verify(captchaId)))
+      return Response.json(
+        { status: isValidOTP ? 451 : 461, message: "Captcha is not valid!" },
+        {
+          status: isValidOTP ? 451 : 461,
+        },
+      );
+
+    if (!isValidOTP)
+      return Response.json(
+        { status: 441, message: "OTP is not valid!" },
+        {
+          status: 441,
+        },
+      );
 
     if (account.sessionId) {
       await System.db.delete(["accountsBySession", account.sessionId]);

app/server/src/system/captcha.ts

@@ -2,6 +2,8 @@ import { System } from "system/main.ts";
 
 export const captcha = () => {
   const verify = async (sessionId: string): Promise<boolean> => {
+    if (!sessionId) return false;
+
     const { enabled, id, token, url } = System.getConfig().captcha;
     if (!enabled || !id || !token || !url) return true;