diff --git a/.yarn/versions/e5a5f7a7.yml b/.yarn/versions/e5a5f7a7.yml
new file mode 100644
index 0000000..85ee0e5
--- /dev/null
+++ b/.yarn/versions/e5a5f7a7.yml
@@ -0,0 +1,3 @@
+releases:
+  "@aoi-js/frontend": patch
+  "@aoi-js/server": patch
diff --git a/apps/frontend/src/pages/login/mail.vue b/apps/frontend/src/pages/login/mail.vue
index c58731a..30f3b63 100644
--- a/apps/frontend/src/pages/login/mail.vue
+++ b/apps/frontend/src/pages/login/mail.vue
@@ -11,7 +11,7 @@
         @click:append="preLogin"
       />
 
-      <VOtpInput v-if="emailSent" v-model="code" />
+      <VOtpInput v-if="emailSent" v-model.trim="code" />
     </VCardText>
 
     <VCardActions v-if="emailSent">
diff --git a/apps/server/src/auth/mail.ts b/apps/server/src/auth/mail.ts
index 7809796..36e7bf1 100644
--- a/apps/server/src/auth/mail.ts
+++ b/apps/server/src/auth/mail.ts
@@ -124,9 +124,9 @@ export class MailAuthProvider extends BaseAuthProvider {
     const { code } = payload
     const key = this.userKey(userId)
     const value = await cache.getx<{ code: string; mail: string }>(key)
-    await cache.del(key)
     if (!value) throw httpErrors.forbidden('Invalid code')
     if (value.code !== code) throw httpErrors.forbidden('Invalid code')
+    await cache.del(key)
     await users.updateOne(
       { _id: userId },
       {
@@ -151,9 +151,9 @@ export class MailAuthProvider extends BaseAuthProvider {
     const { code } = payload
     const key = this.userKey(userId)
     const value = await cache.getx<{ code: string; mail: string }>(key)
-    await cache.del(key)
     if (!value) throw httpErrors.forbidden('Invalid code')
     if (value.code !== code) throw httpErrors.forbidden('Invalid code')
+    await cache.del(key)
     return true
   }
 
@@ -176,9 +176,9 @@ export class MailAuthProvider extends BaseAuthProvider {
     if (this.allowSignupFromLogin) {
       const key = this.mailKey(email)
       const value = await cache.getx<{ code: string; mail: string }>(key)
-      await cache.del(key)
       if (!value) throw httpErrors.forbidden('Invalid code')
       if (value.code !== code) throw httpErrors.forbidden('Invalid code')
+      await cache.del(key)
       const user = await users.findOne({ 'authSources.mail': email }, { projection: { _id: 1 } })
       if (user) return [user._id]
       const { insertedId } = await users.insertOne({
@@ -199,9 +199,9 @@ export class MailAuthProvider extends BaseAuthProvider {
       if (!user) throw httpErrors.notFound('User not found')
       const key = this.userKey(user._id)
       const value = await cache.getx<{ code: string; mail: string }>(key)
-      await cache.del(key)
       if (!value) throw httpErrors.forbidden('Invalid code')
       if (value.code !== code) throw httpErrors.forbidden('Invalid code')
+      await cache.del(key)
       return [user._id]
     }
   }