Mirrors/WGDashboard
1
0
Fork 0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2026-05-13 14:56:18 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix TOTP verification with valid window

Browse Source
This commit is contained in:
sneds91
2026-05-02 10:54:21 +00:00
parent cdd85b659c
commit 91de807557
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/dashboard.py
View File

@@ -318,7 +318,10 @@ def API_AuthenticateLogin():
totpEnabled = DashboardConfig.GetConfig("Account", "enable_totp")[1]
totpValid = False
if totpEnabled:
totpValid = pyotp.TOTP(DashboardConfig.GetConfig("Account", "totp_key")[1]).now() == data['totp']
totp_code = str(data.get("totp", "")).strip()
totpValid = pyotp.TOTP(
DashboardConfig.GetConfig("Account", "totp_key")[1]
).verify(totp_code, valid_window=1)
if (valid
and data['username'] == DashboardConfig.GetConfig("Account", "username")[1]
@@ -1415,11 +1418,15 @@ def API_Welcome_GetTotpLink():
@app.post(f'{APP_PREFIX}/api/Welcome_VerifyTotpLink')
def API_Welcome_VerifyTotpLink():
data = request.get_json()
totp = pyotp.TOTP(DashboardConfig.GetConfig("Account", "totp_key")[1]).now()
if totp == data['totp']:
totp_code = str(data.get("totp", "")).strip()
totpValid = pyotp.TOTP(
DashboardConfig.GetConfig("Account", "totp_key")[1]
).verify(totp_code, valid_window=1)
if totpValid:
DashboardConfig.SetConfig("Account", "totp_verified", "true")
DashboardConfig.SetConfig("Account", "enable_totp", "true")
return ResponseObject(totp == data['totp'])
return ResponseObject(totpValid)
@app.post(f'{APP_PREFIX}/api/Welcome_Finish')
def API_Welcome_Finish():