It was incorrect to reuse a single TOTP secret for resets across all users. This update generates a new secret for each auth method when a code is requested.
This update also removes the VerificationCode table and moves the relevant fields into the AuthMethod table.
Rather than create a new migration, this update edits the existing migration for lucia auth. If you have already run that migration, then connect to your D1 and local sqlite databases and run the following sql:
DROP TABLE VerificationCode;
ALTER TABLE AuthMethod ADD `totp_secret` text;
ALTER TABLE AuthMethod ADD `totp_expires` integer;
ALTER TABLE AuthMethod ADD `timeout_until` integer;
ALTER TABLE AuthMethod ADD `timeout_seconds` integer;
It was incorrect to reuse a single TOTP secret for resets across all users. This update generates a new secret for each auth method when a code is requested.
This update also removes the VerificationCode table and moves the relevant fields into the AuthMethod table.
Rather than create a new migration, this update edits the existing migration for lucia auth. If you have already run that migration, then connect to your D1 and local sqlite databases and run the following sql: