Fix: Prevent CAPTCHA token reuse

2025-12-23 00:11:14 -05:00 · 2025-10-10 13:34:24 +00:00
parent 2b395e93d6
commit 44dc677363
1 changed files with 12 additions and 6 deletions
--- a/src/pages/Auth.tsx
+++ b/src/pages/Auth.tsx
@@ -65,6 +65,10 @@ export default function Auth() {
      return;
    }

+    // Consume token immediately to prevent reuse
+    const tokenToUse = signInCaptchaToken;
+    setSignInCaptchaToken(null);
+
    try {
      const {
        data,
@@ -73,7 +77,7 @@ export default function Auth() {
        email: formData.email,
        password: formData.password,
        options: {
-          captchaToken: signInCaptchaToken
+          captchaToken: tokenToUse
        }
      });
      if (error) throw error;
@@ -82,8 +86,7 @@ export default function Auth() {
        description: "You've been signed in successfully."
      });
    } catch (error: any) {
-      // Reset CAPTCHA on error
-      setSignInCaptchaToken(null);
+      // Reset CAPTCHA widget to force fresh token generation
      setSignInCaptchaKey(prev => prev + 1);
      
      toast({
@@ -132,6 +135,10 @@ export default function Auth() {
      return;
    }

+    // Consume token immediately to prevent reuse
+    const tokenToUse = captchaToken;
+    setCaptchaToken(null);
+
    try {
      const {
        data,
@@ -140,7 +147,7 @@ export default function Auth() {
        email: formData.email,
        password: formData.password,
        options: {
-          captchaToken,
+          captchaToken: tokenToUse,
          data: {
            username: formData.username,
            display_name: formData.displayName
@@ -170,8 +177,7 @@ export default function Auth() {
        description: "Please check your email to verify your account."
      });
    } catch (error: any) {
-      // Reset CAPTCHA on error
-      setCaptchaToken(null);
+      // Reset CAPTCHA widget to force fresh token generation
      setCaptchaKey(prev => prev + 1);
      
      toast({