From 96fd114c25ff8a762690173d671f70048b46d7db Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Fri, 25 Oct 2024 10:41:48 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E4=BB=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/handler/link_auth_otp.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/handler/link_auth_otp.go b/server/handler/link_auth_otp.go
index 683c577..91ef5b3 100644
--- a/server/handler/link_auth_otp.go
+++ b/server/handler/link_auth_otp.go
@@ -172,6 +172,8 @@ func LinkAuth_otp(w http.ResponseWriter, r *http.Request) {
 
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
+		base.Error(err)
+		SessStore.DeleteAuthSession(sessionID)
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
@@ -181,6 +183,7 @@ func LinkAuth_otp(w http.ResponseWriter, r *http.Request) {
 	err = xml.Unmarshal(body, &cr)
 	if err != nil {
 		base.Error(err)
+		SessStore.DeleteAuthSession(sessionID)
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
@@ -193,6 +196,7 @@ func LinkAuth_otp(w http.ResponseWriter, r *http.Request) {
 	// 动态码错误
 	if !dbdata.CheckOtp(username, otp, otpSecret) {
 		if sessionData.AddOtpErrCount(1) > maxOtpErrCount {
+			SessStore.DeleteAuthSession(sessionID)
 			http.Error(w, "TooManyError, please login again", http.StatusBadRequest)
 			return
 		}