From 44dc67736309bba0de6a547dc18a3a1c109e45e2 Mon Sep 17 00:00:00 2001 From: "gpt-engineer-app[bot]" <159125892+gpt-engineer-app[bot]@users.noreply.github.com> Date: Fri, 10 Oct 2025 13:34:24 +0000 Subject: [PATCH] Fix: Prevent CAPTCHA token reuse --- src/pages/Auth.tsx | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/pages/Auth.tsx b/src/pages/Auth.tsx index 0e6f081a..c15349f0 100644 --- a/src/pages/Auth.tsx +++ b/src/pages/Auth.tsx @@ -65,6 +65,10 @@ export default function Auth() { return; } + // Consume token immediately to prevent reuse + const tokenToUse = signInCaptchaToken; + setSignInCaptchaToken(null); + try { const { data, @@ -73,7 +77,7 @@ export default function Auth() { email: formData.email, password: formData.password, options: { - captchaToken: signInCaptchaToken + captchaToken: tokenToUse } }); if (error) throw error; @@ -82,8 +86,7 @@ export default function Auth() { description: "You've been signed in successfully." }); } catch (error: any) { - // Reset CAPTCHA on error - setSignInCaptchaToken(null); + // Reset CAPTCHA widget to force fresh token generation setSignInCaptchaKey(prev => prev + 1); toast({ @@ -132,6 +135,10 @@ export default function Auth() { return; } + // Consume token immediately to prevent reuse + const tokenToUse = captchaToken; + setCaptchaToken(null); + try { const { data, @@ -140,7 +147,7 @@ export default function Auth() { email: formData.email, password: formData.password, options: { - captchaToken, + captchaToken: tokenToUse, data: { username: formData.username, display_name: formData.displayName @@ -170,8 +177,7 @@ export default function Auth() { description: "Please check your email to verify your account." }); } catch (error: any) { - // Reset CAPTCHA on error - setCaptchaToken(null); + // Reset CAPTCHA widget to force fresh token generation setCaptchaKey(prev => prev + 1); toast({