From b14533981f6aff6dbbfc7aacf99c0ee625dc70ed Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 11 Apr 2026 13:37:20 +0000
Subject: [PATCH 1/2] fix: return otpInvalid for any server error when 2FA OTP
 is submitted

Agent-Logs-Url: https://github.com/ninocss/UntisPlus/sessions/20db486e-0a71-4998-80ba-20d37545d7b7

Co-authored-by: ninocss <108231535+ninocss@users.noreply.github.com>
---
 lib/main.dart | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/main.dart b/lib/main.dart
index b3aed1a..8a2b1ba 100644
--- a/lib/main.dart
+++ b/lib/main.dart
@@ -195,6 +195,17 @@ Future<Map<String, dynamic>?> _authenticateUntis({
         'errorMessage': message,
       };
     }
+
+    // If an OTP was provided, any server error means the code is wrong or
+    // expired – surface it as an invalid-OTP result instead of returning null
+    // (which would show the generic "check your credentials" error).
+    if (otpCode != null && otpCode.isNotEmpty) {
+      return {
+        'otpInvalid': true,
+        'errorCode': err['code'],
+        'errorMessage': message,
+      };
+    }
   }
 
   return null;

From a8efdef452314856e7dd8682c02e5ac6dd132ea6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 11 Apr 2026 13:38:06 +0000
Subject: [PATCH 2/2] fix: simplify invalidOtp check - any error with OTP
 provided is treated as invalid OTP

Agent-Logs-Url: https://github.com/ninocss/UntisPlus/sessions/20db486e-0a71-4998-80ba-20d37545d7b7

Co-authored-by: ninocss <108231535+ninocss@users.noreply.github.com>
---
 lib/main.dart | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/lib/main.dart b/lib/main.dart
index 8a2b1ba..d59574d 100644
--- a/lib/main.dart
+++ b/lib/main.dart
@@ -182,12 +182,15 @@ Future<Map<String, dynamic>?> _authenticateUntis({
       };
     }
 
+    // Treat any server error as an invalid OTP when a code was provided, so
+    // the caller can show the 2FA-specific error instead of the generic
+    // "check your credentials" message.
     final invalidOtp =
         combined.contains('invalid otp') ||
         combined.contains('invalid verification') ||
         combined.contains('wrong otp') ||
         combined.contains('otp invalid') ||
-        (contains2faHint && otpCode != null && otpCode.isNotEmpty);
+        (otpCode != null && otpCode.isNotEmpty);
     if (invalidOtp) {
       return {
         'otpInvalid': true,
@@ -195,17 +198,6 @@ Future<Map<String, dynamic>?> _authenticateUntis({
         'errorMessage': message,
       };
     }
-
-    // If an OTP was provided, any server error means the code is wrong or
-    // expired – surface it as an invalid-OTP result instead of returning null
-    // (which would show the generic "check your credentials" error).
-    if (otpCode != null && otpCode.isNotEmpty) {
-      return {
-        'otpInvalid': true,
-        'errorCode': err['code'],
-        'errorMessage': message,
-      };
-    }
   }
 
   return null;