Add valid_window=1 to TOTP verify (#16625)

2025-07-19 11:17:21 +00:00 · 2018-09-15 04:28:25 -07:00 · 2018-09-15 04:28:25 -07:00 · 34deaf8849
commit 34deaf8849
parent cc38981a38
1 changed files with 2 additions and 2 deletions
--- a/homeassistant/auth/mfa_modules/totp.py
+++ b/homeassistant/auth/mfa_modules/totp.py
@ -149,10 +149,10 @@ class TotpAuthModule(MultiFactorAuthModule):
        if ota_secret is None:
            # even we cannot find user, we still do verify
            # to make timing the same as if user was found.
-            pyotp.TOTP(DUMMY_SECRET).verify(code)
+            pyotp.TOTP(DUMMY_SECRET).verify(code, valid_window=1)
            return False

-        return bool(pyotp.TOTP(ota_secret).verify(code))
+        return bool(pyotp.TOTP(ota_secret).verify(code, valid_window=1))


 class TotpSetupFlow(SetupFlow):