Fix bug where OTP wasn't validated.
This fixes a bug where OTP wasn't validated. This happened because the code depended on the error being set for an invalid OTP. This error was only set when the OTP was formatted incorrectly, not when the OTP was invalid. This patch makes it so the code checks the validity response as well.
The patch also includes tests.