Extend validity of totp tokens for up to a minute. (#1494)

* Feat: Allow TOTP for up to one minute in the future and in the past

* Feat: Allow TOTP for up to one minute in the future and in the past

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
Adrià Casajús 2022-12-16 17:54:46 +01:00 committed by GitHub
parent 5e48d86efa
commit 3f84a63e6d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions

View file

@ -55,7 +55,7 @@ def auth_mfa():
)
totp = pyotp.TOTP(user.otp_secret)
if not totp.verify(mfa_token):
if not totp.verify(mfa_token, valid_window=2):
send_invalid_totp_login_email(user, "TOTP")
return jsonify(error="Wrong TOTP Token"), 400

View file

@ -67,7 +67,7 @@ def mfa():
token = otp_token_form.token.data.replace(" ", "")
if totp.verify(token) and user.last_otp != token:
if totp.verify(token, valid_window=2) and user.last_otp != token:
del session[MFA_USER_ID]
user.last_otp = token
Session.commit()