Race Condition with Email OTP
I've been stuck on this issue for a few weeks and I'm really not sure how to proceed, so I thought I'd reach out.
Some users on my platform are commenting that they get
invalid otp when attempting to sign up for the first time. For most users the OTP works successfully, but for a subset of users it doesn't work.
At first I thought maybe the user was just inputting the wrong password, but as this issue keeps coming up, I'm realizing there must be some race condition.Here's some context on my tech stack. I have a Next.js frontend, NestJS backend, and TypeORM.
Attached is my TypeORM adapter and my BetterAuth service. I've included everything that might be even remotely suspicious. I'm sorry there's a lot of context included, but I'm just unsure where to even start.
The only thing I remember from a long time ago was I was getting invalid OTP because my entities were Date instead of timestamps, so BetterAuth was essentially picking a random OTP (no way to order same day) if they clicked resend.
However, I saw this issue once sitting next to someone who signed up for the first time, never resent their OTP and got this invalid otp.
I've personally tried creating 13 accounts this morning on my production site and it worked perfectly - email verified successfully. So I don't think it's like my orm is wrong because most of the time things work!
I'm wondering if there's some race condition when multiple people are signing up at the same time, or I don't even know what.Thanks for taking a look at this. Much appreciated.11 Replies
Did you make the typeorm adapter yourself?
"better-auth": "1.3.16",
Ok, i copied a lot from the community one
but yes, it's my file
this one? https://github.com/Zastinian/better-auth-typeorm/blob/master/package/src/typeorm-adapter.ts
GitHub
better-auth-typeorm/package/src/typeorm-adapter.ts at master · Zas...
A typeorm adapter for better-auth. Contribute to Zastinian/better-auth-typeorm development by creating an account on GitHub.
Yes
It really should be using the
createAdapterFactory
anyway, likely unrelated - though still kind of important 👀
Hmm, I'll look into ityeah techincally you guys don't support typeorm
Thank you I really apperciate it
I FIGURED IT OUT!
IT'S IF A USER USES CAPITAL LETTERS
so the matching doesn't work
the column identifer has
email-verification-otp-asdfsadfsfsdf2@gmail.comwhich doesn't match with email-verification-otp-asdfsadfsfsDF2@gmail.com for example
@Max Thanks! as followup, would you recommend the typeorm package use createAdapterFactory?yeah, feel free to check that same repo since they've updated it already:
https://github.com/Zastinian/better-auth-typeorm/issues/9#event-20797997916
GitHub
Consider using the
createAdapterFactory? · Issue #9 · Zastinian...Hey guys, just saw your repo - looks great! I'm a maintainer for Better-Auth and just came by after someone mentioning an issue while using similar TypeORM adapter code as this repo does. Was w...
So this is a better-auth related bug?
Yeah, I think so. Since we don't lowercase the email before validating they aren't equal. I can put a PR up for it
For now, I'm just lowercasing all emails before sending to better auth but theortically the user shouldn't have to do that
that was so speedy
GitHub
fix: missing email validation (#5593) · better-auth/better-auth@bf...
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
actually looks like it was fixed here