Merge pull request #11 from tobiasmboelz/totp-valid-window

TOTP_VALID_WINDOW setting
xi · Jun 23, 2022 · f55050f · f55050f
2 parents b11147b + 72ddc03
commit f55050f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/mfa/methods/totp.py b/mfa/methods/totp.py
@@ -30,7 +30,8 @@ def authenticate_complete(state, user, request_data):
     keys = user.mfakey_set.filter(method=name)
     for key in keys:
         totp = pyotp.TOTP(key.secret)
-        if totp.verify(request_data) and request_data != key.last_code:
+        if (totp.verify(request_data, valid_window=settings.TOTP_VALID_WINDOW)
+                and request_data != key.last_code):
             key.last_code = request_data
             key.save()
             return

diff --git a/mfa/settings.py b/mfa/settings.py
@@ -9,3 +9,7 @@
 
 # Available authentication methods in order of relevance
 METHODS = getattr(settings, 'MFA_METHODS', ['FIDO2', 'TOTP', 'recovery'])
+
+# `valid_window` parameter passed to PyOTP's verify method
+# See https://pyauth.github.io/pyotp/#pyotp.totp.TOTP.verify
+TOTP_VALID_WINDOW = getattr(settings, 'MFA_TOTP_VALID_WINDOW', 0)