🐛 Re-encrypt OTP key on account password change

lib/account.js

@@ -23,7 +23,8 @@ const account = username => {
         verifyPassword: async password => await argon2.verify(fs.readFileSync(userPasswordFile(), 'utf8'), password),
         createOrUpdatePassword: async password => fs.writeFileSync(userPasswordFile(), await argon2.hash(password), 'utf8'),
         isOtpEnabled: () => fs.existsSync(userKeyFile()),
-        verifyOtp: (password, code) => otp.verify(code, aes.decrypt(fs.readFileSync(userKeyFile(), 'utf8'), password)),
+        getOtpKey: password => aes.decrypt(fs.readFileSync(userKeyFile(), 'utf8'), password),
+        verifyOtp: (password, code) => otp.verify(code, _account.getOtpKey(password)),
         setOtpKey: (password, key) => fs.writeFileSync(userKeyFile(), aes.encrypt(key, password)),
         disableOtp: () => fs.unlinkSync(userKeyFile()),
         unregister: () => {
@@ -126,6 +127,7 @@ const Account = function(username, password){
         _requireOtp(code, true);
         await _account.createOrUpdatePassword(newPassword);
         try { _account.setData(newPassword, _getData()); } catch(_){}
+        try { _account.setOtpKey(newPassword, _account.getOtpKey(password)) } catch(_){}
         password = newPassword;
         return true;
     };