From 72ddc03a9ba35d0e2c35de64b92bd6ed5d8561a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20B=C3=B6lz?= Date: Wed, 22 Jun 2022 07:51:08 +0200 Subject: [PATCH] TOTP_VALID_WINDOW setting --- mfa/methods/totp.py | 3 ++- mfa/settings.py | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/mfa/methods/totp.py b/mfa/methods/totp.py index 3d605f7..8d1240d 100644 --- a/mfa/methods/totp.py +++ b/mfa/methods/totp.py @@ -30,7 +30,8 @@ def authenticate_complete(state, user, request_data): keys = user.mfakey_set.filter(method=name) for key in keys: totp = pyotp.TOTP(key.secret) - if totp.verify(request_data) and request_data != key.last_code: + if (totp.verify(request_data, valid_window=settings.TOTP_VALID_WINDOW) + and request_data != key.last_code): key.last_code = request_data key.save() return diff --git a/mfa/settings.py b/mfa/settings.py index 27102c9..1c1c006 100644 --- a/mfa/settings.py +++ b/mfa/settings.py @@ -9,3 +9,7 @@ # Available authentication methods in order of relevance METHODS = getattr(settings, 'MFA_METHODS', ['FIDO2', 'TOTP', 'recovery']) + +# `valid_window` parameter passed to PyOTP's verify method +# See https://pyauth.github.io/pyotp/#pyotp.totp.TOTP.verify +TOTP_VALID_WINDOW = getattr(settings, 'MFA_TOTP_VALID_WINDOW', 0)