From 0edc7d05635c2e1c03ef65e2c7006d2b00e1f49f Mon Sep 17 00:00:00 2001
From: Jez Caudle <jez@hiddenagenda.ltd.uk>
Date: Wed, 22 May 2024 06:30:10 +0100
Subject: [PATCH] Only create the opt_secret once. If created leave alone.

---
 app/controllers/mfas_controller.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/controllers/mfas_controller.rb b/app/controllers/mfas_controller.rb
index 87a0c2e..5676c0d 100644
--- a/app/controllers/mfas_controller.rb
+++ b/app/controllers/mfas_controller.rb
@@ -2,8 +2,10 @@ class MfasController < ApplicationController
     def new
         issuer = "Hidden Agenda Email"
         label = "#{issuer}:#{current_user.email}"
-        current_user.otp_secret = User.generate_otp_secret
-        current_user.save!
+        if current_user.otp_secret.to_s.length == 0
+            current_user.otp_secret = User.generate_otp_secret
+            current_user.save!
+        end
 
         qrcode = RQRCode::QRCode.new([{ data: current_user.otp_provisioning_uri(label, issuer: issuer), mode: :byte_8bit }])