Gracefully handle error when user login code is expired

src/interface/web/app/components/loginPrompt/loginPrompt.tsx

@@ -261,6 +261,8 @@ function EmailSignInContext({
                 } else if (res.status === 429) {
                     setOTPError("Too many failed attempts. Please try again tomorrow.");
                     setNumFailures(ALLOWED_OTP_ATTEMPTS);
+                } else if (res.status === 403) {
+                    setOTPError("OTP expired. Please request a new one.");
                 } else {
                     throw new Error("Failed to verify OTP");
                 }

src/khoj/database/adapters/__init__.py

@@ -269,19 +269,19 @@ async def astart_trial_subscription(user: KhojUser) -> Subscription:
     return subscription
 
 
-async def aget_user_validated_by_email_verification_code(code: str, email: str) -> KhojUser:
+async def aget_user_validated_by_email_verification_code(code: str, email: str) -> tuple[Optional[KhojUser], bool]:
     user = await KhojUser.objects.filter(email_verification_code=code, email=email).afirst()
     if not user:
-        return None
+        return None, False
 
     if user.email_verification_code_expiry < datetime.now(tz=timezone.utc):
-        return None
+        return None, True
 
     user.email_verification_code = None
     user.verified_email = True
     await user.asave()
 
-    return user
+    return user, False
 
 
 async def create_user_by_google_token(token: dict) -> KhojUser:

src/khoj/routers/auth.py

@@ -111,8 +111,13 @@ async def sign_in_with_magic_link(
         EmailVerificationApiRateLimiter(requests=10, window=60 * 60 * 24, slug="magic_link_verification")
     ),
 ):
-    user = await aget_user_validated_by_email_verification_code(code, email)
+    user, code_is_expired = await aget_user_validated_by_email_verification_code(code, email)
+
     if user:
+        if code_is_expired:
+            request.session["user"] = {}
+            return Response(status_code=403)
+
         id_info = {
             "email": user.email,
         }