jeans/core
jeans/core
1
0
Fork 0
mirror of https://github.com/home-assistant/core.git synced 2025-07-20 03:37:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add valid_window=1 to TOTP verify (#16625)

Browse Source
This commit is contained in:
Jason Hu 2018-09-15 04:28:25 -07:00 committed by Paulus Schoutsen
parent cc38981a38
commit 34deaf8849
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
homeassistant/auth/mfa_modules/totp.py
View File

@ -149,10 +149,10 @@ class TotpAuthModule(MultiFactorAuthModule):
if ota_secret is None: if ota_secret is None:
# even we cannot find user, we still do verify # even we cannot find user, we still do verify
# to make timing the same as if user was found. # to make timing the same as if user was found.
pyotp.TOTP(DUMMY_SECRET).verify(code) pyotp.TOTP(DUMMY_SECRET).verify(code, valid_window=1)
return False return False
return bool(pyotp.TOTP(ota_secret).verify(code)) return bool(pyotp.TOTP(ota_secret).verify(code, valid_window=1))
class TotpSetupFlow(SetupFlow): class TotpSetupFlow(SetupFlow):