From 71f4449741523378b164f20ea986b0fd7a1cdc00 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Fri, 10 Apr 2026 15:45:26 +0800 Subject: [PATCH 1/3] Fixed quotation marks --- src/modules/AmneziaPeer.py | 2 +- src/modules/Peer.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/AmneziaPeer.py b/src/modules/AmneziaPeer.py index 509f4305..392f009d 100644 --- a/src/modules/AmneziaPeer.py +++ b/src/modules/AmneziaPeer.py @@ -116,5 +116,5 @@ class AmneziaPeer(Peer): self.configuration.getPeers() return True, None except subprocess.CalledProcessError as exc: - current_app.logger.error(f"Subprocess call failed:\n{exc.output.decode("UTF-8")}") + current_app.logger.error(f"Subprocess call failed:\n{exc.output.decode('UTF-8')}") return False, "Internal server error" diff --git a/src/modules/Peer.py b/src/modules/Peer.py index 93ee3122..1fc4e65d 100644 --- a/src/modules/Peer.py +++ b/src/modules/Peer.py @@ -151,7 +151,7 @@ class Peer: ) return True, None except subprocess.CalledProcessError as exc: - current_app.logger.error(f"Subprocess call failed:\n{exc.output.decode("UTF-8")}") + current_app.logger.error(f"Subprocess call failed:\n{exc.output.decode('UTF-8')}") return False, "Internal server error" def downloadPeer(self) -> dict[str, str]: From 42f94603692d1165f5ebd4f0bed069b047aa2060 Mon Sep 17 00:00:00 2001 From: Donald Zou Date: Fri, 10 Apr 2026 16:18:12 +0800 Subject: [PATCH 2/3] Update wgd.sh --- src/wgd.sh | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/src/wgd.sh b/src/wgd.sh index 29dc60db..9736d7cc 100755 --- a/src/wgd.sh +++ b/src/wgd.sh @@ -247,27 +247,19 @@ _checkWireguard(){ _checkPythonVersion(){ - version_pass=$($pythonExecutable -c 'import sys; print("1") if (sys.version_info.major == 3 and sys.version_info.minor >= 10) else print("0");') + version_pass=$($pythonExecutable -c 'import sys; print("1") if (sys.version_info.major == 3 and sys.version_info.minor >= 12) else print("0");') version=$($pythonExecutable --version) if [ $version_pass == "1" ] then printf "[WGDashboard] %s Found compatible version of Python. Will be using %s to install WGDashboard.\n" "$heavy_checkmark" "$($pythonExecutable --version)" return; - elif python3.10 --version > /dev/null 2>&1 - then - printf "[WGDashboard] %s Found Python 3.10. Will be using [python3.10] to install WGDashboard.\n" "$heavy_checkmark" - pythonExecutable="python3.10" - elif python3.11 --version > /dev/null 2>&1 - then - printf "[WGDashboard] %s Found Python 3.11. Will be using [python3.11] to install WGDashboard.\n" "$heavy_checkmark" - pythonExecutable="python3.11" elif python3.12 --version > /dev/null 2>&1 then printf "[WGDashboard] %s Found Python 3.12. Will be using [python3.12] to install WGDashboard.\n" "$heavy_checkmark" pythonExecutable="python3.12" else printf "[WGDashboard] %s Could not find a compatible version of Python. Current Python is %s.\n" "$heavy_crossmark" "$version" - printf "[WGDashboard] WGDashboard required Python 3.10, 3.11 or 3.12. Halting install now.\n" + printf "[WGDashboard] WGDashboard required Python 3.12 or above. Halting install now.\n" kill $TOP_PID fi } From 91de807557358e06f1cbb8c6bbd81b14928ffa02 Mon Sep 17 00:00:00 2001 From: sneds91 Date: Sat, 2 May 2026 10:54:21 +0000 Subject: [PATCH 3/3] Fix TOTP verification with valid window --- src/dashboard.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/dashboard.py b/src/dashboard.py index e4d4eefb..34d721c9 100644 --- a/src/dashboard.py +++ b/src/dashboard.py @@ -318,7 +318,10 @@ def API_AuthenticateLogin(): totpEnabled = DashboardConfig.GetConfig("Account", "enable_totp")[1] totpValid = False if totpEnabled: - totpValid = pyotp.TOTP(DashboardConfig.GetConfig("Account", "totp_key")[1]).now() == data['totp'] + totp_code = str(data.get("totp", "")).strip() + totpValid = pyotp.TOTP( + DashboardConfig.GetConfig("Account", "totp_key")[1] + ).verify(totp_code, valid_window=1) if (valid and data['username'] == DashboardConfig.GetConfig("Account", "username")[1] @@ -1415,11 +1418,15 @@ def API_Welcome_GetTotpLink(): @app.post(f'{APP_PREFIX}/api/Welcome_VerifyTotpLink') def API_Welcome_VerifyTotpLink(): data = request.get_json() - totp = pyotp.TOTP(DashboardConfig.GetConfig("Account", "totp_key")[1]).now() - if totp == data['totp']: + totp_code = str(data.get("totp", "")).strip() + totpValid = pyotp.TOTP( + DashboardConfig.GetConfig("Account", "totp_key")[1] + ).verify(totp_code, valid_window=1) + + if totpValid: DashboardConfig.SetConfig("Account", "totp_verified", "true") DashboardConfig.SetConfig("Account", "enable_totp", "true") - return ResponseObject(totp == data['totp']) + return ResponseObject(totpValid) @app.post(f'{APP_PREFIX}/api/Welcome_Finish') def API_Welcome_Finish():