diff --git a/trifid-api/src/auth_tokens.rs b/trifid-api/src/auth_tokens.rs
index 167b3cd..efb48c4 100644
--- a/trifid-api/src/auth_tokens.rs
+++ b/trifid-api/src/auth_tokens.rs
@@ -1,5 +1,6 @@
 use std::error::Error;
 use actix_web::HttpRequest;
+use log::debug;
 use sea_orm::{ColumnTrait, Condition, DatabaseConnection, EntityTrait, QueryFilter};
 use crate::tokens::get_token_type;
 use trifid_api_entities::entity::{auth_token, session_token};
@@ -45,7 +46,7 @@ pub async fn enforce_session(req: &HttpRequest, db: &DatabaseConnection) -> Resu
     }
     let tokens = &authorization_split[1..];
 
-    let sess_token = tokens.iter().find(|i| get_token_type(**i).unwrap_or("n-sess") == "sess").copied().ok_or("Missing session token")?;
+    let sess_token = tokens.iter().find(|i| get_token_type(i).unwrap_or("n-sess") == "sess").copied().ok_or("Missing session token")?;
 
     let token: session_token::Model = session_token::Entity::find().filter(session_token::Column::Id.eq(sess_token)).one(db).await?.ok_or("Invalid session token")?;
 
diff --git a/trifid-api/src/routes/v1/auth/verify_magic_link.rs b/trifid-api/src/routes/v1/auth/verify_magic_link.rs
index 0e08582..cbd8240 100644
--- a/trifid-api/src/routes/v1/auth/verify_magic_link.rs
+++ b/trifid-api/src/routes/v1/auth/verify_magic_link.rs
@@ -1,7 +1,7 @@
 use actix_web::{HttpResponse, post};
 use actix_web::web::{Data, Json};
 use log::error;
-use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter};
+use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, QueryFilter};
 use serde::{Serialize, Deserialize};
 use crate::AppState;
 use trifid_api_entities::entity::magic_link;
@@ -78,9 +78,27 @@ pub async fn verify_magic_link_request(db: Data<AppState>, req: Json<VerifyMagic
         })
     }
 
+    let user = link.user.clone();
+
+    match link.delete(&db.conn).await {
+        Ok(_) => (),
+        Err(e) => {
+            error!("database error: {}", e);
+            return HttpResponse::InternalServerError().json(APIErrorsResponse {
+                errors: vec![
+                    APIError {
+                        code: "ERR_DB_ERROR".to_string(),
+                        message: "There was an error with the database request, please try again later.".to_string(),
+                        path: None,
+                    }
+                ],
+            })
+        }
+    }
+
     let model = session_token::Model {
         id: random_token("sess"),
-        user: link.user,
+        user,
         expires_on: expires_in_seconds(CONFIG.tokens.session_token_expiry_time_seconds) as i64,
     };
     let token = model.id.clone();
diff --git a/trifid-api/src/routes/v1/totp_authenticators.rs b/trifid-api/src/routes/v1/totp_authenticators.rs
index 8df66d2..a24e66b 100644
--- a/trifid-api/src/routes/v1/totp_authenticators.rs
+++ b/trifid-api/src/routes/v1/totp_authenticators.rs
@@ -2,7 +2,7 @@ use serde::{Serialize, Deserialize};
 use actix_web::{HttpRequest, HttpResponse, post};
 use actix_web::web::{Data, Json};
 use log::error;
-use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, QueryFilter};
+use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, IntoActiveModel, ModelTrait, QueryFilter};
 use totp_rs::{Algorithm, Secret, TOTP};
 use crate::AppState;
 use crate::auth_tokens::{enforce_2fa, enforce_session, TokenInfo};
@@ -72,16 +72,33 @@ pub async fn totp_authenticators_request(db: Data<AppState>, req_data: HttpReque
             });
         }
     };
-    if auther.is_some() {
-        return HttpResponse::BadRequest().json(APIErrorsResponse {
-            errors: vec![
-                APIError {
-                    code: "ERR_ALREADY_HAS_TOTP".to_string(),
-                    message: "This user already has a totp authenticator".to_string(),
-                    path: None,
-                }
-            ]
-        });
+    if let Some(auther) = auther {
+        if auther.verified {
+            return HttpResponse::BadRequest().json(APIErrorsResponse {
+                errors: vec![
+                    APIError {
+                        code: "ERR_ALREADY_HAS_TOTP".to_string(),
+                        message: "This user already has a totp authenticator".to_string(),
+                        path: None,
+                    }
+                ]
+            });
+        }
+        match auther.delete(&db.conn).await {
+            Ok(_) => (),
+            Err(e) => {
+                error!("database error: {}", e);
+                return HttpResponse::InternalServerError().json(APIErrorsResponse {
+                    errors: vec![
+                        APIError {
+                            code: "ERR_DB_ERROR".to_string(),
+                            message: "There was an error with the database request, please try again later.".to_string(),
+                            path: None,
+                        }
+                    ],
+                })
+            }
+        }
     }
 
     let secret = Secret::generate_secret();
diff --git a/trifid-api/src/timers.rs b/trifid-api/src/timers.rs
index 522cd4c..5a77b83 100644
--- a/trifid-api/src/timers.rs
+++ b/trifid-api/src/timers.rs
@@ -5,5 +5,5 @@ pub fn expires_in_seconds(seconds: u64) -> u64 {
 }
 
 pub fn expired(time: u64) -> bool {
-    UNIX_EPOCH + Duration::from_secs(time) > SystemTime::now()
+    UNIX_EPOCH + Duration::from_secs(time) < SystemTime::now()
 }
\ No newline at end of file