From 0663650d9b0cf746e29ab176b494cf10b1bafd44 Mon Sep 17 00:00:00 2001
From: Jonas Lochmann <git@inkompetenz.org>
Date: Mon, 27 Dec 2021 01:00:00 +0100
Subject: [PATCH] Delete mail login token rows after usage

---
 src/function/authentication/login-by-mail.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/function/authentication/login-by-mail.ts b/src/function/authentication/login-by-mail.ts
index 1d65eac..6497792 100644
--- a/src/function/authentication/login-by-mail.ts
+++ b/src/function/authentication/login-by-mail.ts
@@ -132,6 +132,17 @@ export const signInByMailCode = async ({ mailLoginToken, receivedCode, database
       }
     }
 
+    const counter = await database.mailLoginToken.destroy({
+      where: {
+        mailLoginToken
+      },
+      transaction
+    })
+
+    if (counter !== 1) {
+      throw new Gone()
+    }
+
     const mailAuthToken = await createAuthTokenByMailAddress({ mail: entry.mail, database, transaction })
 
     return { mailAuthToken }