At the moment, there is no OTP update function in the database behaviour or the openmaize_ecto generated file. We need to add one for the following reasons:
care needs to be taken, when updating a HOTP token, that an attacker is not able to query the database in between a valid user's query for the otp_last value and validating the token.
it is more user friendly
One solution is to add an update function to the database behaviour and the openmaize_ecto file, and in this function use a lock to prevent any other user making a similar query at the same time.
At the moment, there is no OTP update function in the database behaviour or the
openmaize_ecto
generated file. We need to add one for the following reasons:otp_last
value and validating the token.One solution is to add an update function to the database behaviour and the
openmaize_ecto
file, and in this function use a lock to prevent any other user making a similar query at the same time.