payloadcms · r1tsuu · Jun 13, 2025
diff --git a/src/operations/login.ts b/src/operations/login.ts
@@ -1,6 +1,7 @@
 import type { PayloadRequest, TypedUser } from 'payload'
 
 import {
+  APIError,
   checkLoginPermission,
   getFieldsToSign,
   incrementLoginAttempts,
@@ -114,10 +115,23 @@ export const loginWithOTP = async ({ type, collection, otp, req, value }: Args)
     dataToUpdate.loginAttempts = 0
   }
 
+  const userData = await payload.db.findOne({
+    collection,
+    joins: false,
+    where: { id: { equals: user.id } },
+  })
+
+  if (!userData) {
+    throw new APIError(`User with ID=${user.id} was not found.`)
+  }
+
   await payload.db.updateOne({
     id: user.id,
     collection,
-    data: dataToUpdate,
+    data: {
+      ...userData,
+      dataToUpdate,
+    },
   })
 
   return { exp, token, user }

diff --git a/src/operations/requestOTP.ts b/src/operations/requestOTP.ts
@@ -43,10 +43,21 @@ export const setOTP = async ({
   const _otpExpiration = new Date(Date.now() + exp * 1000).toISOString()
 
   try {
+    const userData = await payload.db.findOne({
+      collection,
+      joins: false,
+      where: { id: { equals: user.id } },
+    })
+
+    if (!userData) {
+      throw new APIError(`User with ID=${user.id} was not found.`)
+    }
+
     await payload.db.updateOne({
       id: user.id,
       collection,
       data: {
+        ...userData,
         _otp: encrypt({ payload, value: otp }),
         _otpExpiration,
       },