From b51ed259b4561fa0e797268485768983b32d050a Mon Sep 17 00:00:00 2001
From: Son NK <nguyenkims@hotmail.com>
Date: Sun, 29 Dec 2019 15:32:27 +0100
Subject: [PATCH] fix cancel MFA: the secret needs to be reset too

---
 app/dashboard/views/mfa_cancel.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/dashboard/views/mfa_cancel.py b/app/dashboard/views/mfa_cancel.py
index b3b659a7..6dd940fe 100644
--- a/app/dashboard/views/mfa_cancel.py
+++ b/app/dashboard/views/mfa_cancel.py
@@ -27,6 +27,7 @@ def mfa_cancel():
 
         if totp.verify(token):
             current_user.enable_otp = False
+            current_user.otp_secret = None
             db.session.commit()
             flash("MFA is now disabled", "warning")
             return redirect(url_for("dashboard.index"))