Fix: Prevent CAPTCHA token reuse

src/pages/Auth.tsx

@@ -65,6 +65,10 @@ export default function Auth() {
       return;
     }
 
+    // Consume token immediately to prevent reuse
+    const tokenToUse = signInCaptchaToken;
+    setSignInCaptchaToken(null);
+
     try {
       const {
         data,
@@ -73,7 +77,7 @@ export default function Auth() {
         email: formData.email,
         password: formData.password,
         options: {
-          captchaToken: signInCaptchaToken
+          captchaToken: tokenToUse
         }
       });
       if (error) throw error;
@@ -82,8 +86,7 @@ export default function Auth() {
         description: "You've been signed in successfully."
       });
     } catch (error: any) {
-      // Reset CAPTCHA on error
+      // Reset CAPTCHA widget to force fresh token generation
-      setSignInCaptchaToken(null);
       setSignInCaptchaKey(prev => prev + 1);
       
       toast({
@@ -132,6 +135,10 @@ export default function Auth() {
       return;
     }
 
+    // Consume token immediately to prevent reuse
+    const tokenToUse = captchaToken;
+    setCaptchaToken(null);
+
     try {
       const {
         data,
@@ -140,7 +147,7 @@ export default function Auth() {
         email: formData.email,
         password: formData.password,
         options: {
-          captchaToken,
+          captchaToken: tokenToUse,
           data: {
             username: formData.username,
             display_name: formData.displayName
@@ -170,8 +177,7 @@ export default function Auth() {
         description: "Please check your email to verify your account."
       });
     } catch (error: any) {
-      // Reset CAPTCHA on error
+      // Reset CAPTCHA widget to force fresh token generation
-      setCaptchaToken(null);
       setCaptchaKey(prev => prev + 1);
       
       toast({