From 42407a0543bb492a6a9a0488bf21e02e0f2456f3 Mon Sep 17 00:00:00 2001
From: george <george@fozzie.dev>
Date: Thu, 20 Jan 2022 16:44:15 +0000
Subject: [PATCH] Send the email after the local error.

---
 app/auth/views/mfa.py      | 8 ++++----
 app/auth/views/recovery.py | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/auth/views/mfa.py b/app/auth/views/mfa.py
index 9af158ab..14414f1c 100644
--- a/app/auth/views/mfa.py
+++ b/app/auth/views/mfa.py
@@ -92,6 +92,10 @@ def mfa():
             return response
 
         else:
+            flash("Incorrect token", "warning")
+            # Trigger rate limiter
+            g.deduct_limit = True
+            otp_token_form.token.data = None
             send_email_with_rate_control(
                 user,
                 ALERT_INVALID_TOTP_LOGIN,
@@ -107,10 +111,6 @@ def mfa():
                 ),
                 1,
             )
-            flash("Incorrect token", "warning")
-            # Trigger rate limiter
-            g.deduct_limit = True
-            otp_token_form.token.data = None
 
     return render_template(
         "auth/mfa.html",
diff --git a/app/auth/views/recovery.py b/app/auth/views/recovery.py
index d72672fe..371a3ebf 100644
--- a/app/auth/views/recovery.py
+++ b/app/auth/views/recovery.py
@@ -68,6 +68,7 @@ def recovery_route():
         else:
             # Trigger rate limiter
             g.deduct_limit = True
+            flash("Incorrect code", "error")
             send_email_with_rate_control(
                 user,
                 ALERT_INVALID_TOTP_LOGIN,
@@ -83,6 +84,5 @@ def recovery_route():
                 ),
                 1,
             )
-            flash("Incorrect code", "error")
 
     return render_template("auth/recovery.html", recovery_form=recovery_form)