Extend validity of totp tokens for up to a minute. (#1494)
* Feat: Allow TOTP for up to one minute in the future and in the past * Feat: Allow TOTP for up to one minute in the future and in the past Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
parent
5e48d86efa
commit
3f84a63e6d
|
@ -55,7 +55,7 @@ def auth_mfa():
|
||||||
)
|
)
|
||||||
|
|
||||||
totp = pyotp.TOTP(user.otp_secret)
|
totp = pyotp.TOTP(user.otp_secret)
|
||||||
if not totp.verify(mfa_token):
|
if not totp.verify(mfa_token, valid_window=2):
|
||||||
send_invalid_totp_login_email(user, "TOTP")
|
send_invalid_totp_login_email(user, "TOTP")
|
||||||
return jsonify(error="Wrong TOTP Token"), 400
|
return jsonify(error="Wrong TOTP Token"), 400
|
||||||
|
|
||||||
|
|
|
@ -67,7 +67,7 @@ def mfa():
|
||||||
|
|
||||||
token = otp_token_form.token.data.replace(" ", "")
|
token = otp_token_form.token.data.replace(" ", "")
|
||||||
|
|
||||||
if totp.verify(token) and user.last_otp != token:
|
if totp.verify(token, valid_window=2) and user.last_otp != token:
|
||||||
del session[MFA_USER_ID]
|
del session[MFA_USER_ID]
|
||||||
user.last_otp = token
|
user.last_otp = token
|
||||||
Session.commit()
|
Session.commit()
|
||||||
|
|
Loading…
Reference in New Issue