Extend validity of totp tokens for up to a minute. (#1494)
* Feat: Allow TOTP for up to one minute in the future and in the past * Feat: Allow TOTP for up to one minute in the future and in the past Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
parent
5e48d86efa
commit
3f84a63e6d
|
@ -55,7 +55,7 @@ def auth_mfa():
|
|||
)
|
||||
|
||||
totp = pyotp.TOTP(user.otp_secret)
|
||||
if not totp.verify(mfa_token):
|
||||
if not totp.verify(mfa_token, valid_window=2):
|
||||
send_invalid_totp_login_email(user, "TOTP")
|
||||
return jsonify(error="Wrong TOTP Token"), 400
|
||||
|
||||
|
|
|
@ -67,7 +67,7 @@ def mfa():
|
|||
|
||||
token = otp_token_form.token.data.replace(" ", "")
|
||||
|
||||
if totp.verify(token) and user.last_otp != token:
|
||||
if totp.verify(token, valid_window=2) and user.last_otp != token:
|
||||
del session[MFA_USER_ID]
|
||||
user.last_otp = token
|
||||
Session.commit()
|
||||
|
|
Loading…
Reference in New Issue