build(deps): bump gunicorn from 25.0.3 to 26.0.0 in /src

Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 25.0.3 to 26.0.0. - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](https://github.com/benoitc/gunicorn/compare/25.0.3...26.0.0) --- updated-dependencies: - dependency-name: gunicorn dependency-version: 26.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #1273 from sgtdeagle/name-attachment-file-after-configname
2026-05-13 14:56:18 +00:00 · 2026-05-12 03:06:01 +00:00 · 2026-05-10 13:34:52 +08:00 · 2026-05-10 13:33:05 +08:00 · 2026-05-10 13:13:59 +08:00 · 2026-05-07 14:27:31 +00:00
2 changed files with 14 additions and 6 deletions
--- a/src/dashboard.py
+++ b/src/dashboard.py
@@ -335,7 +335,10 @@ def API_AuthenticateLogin():
    totpEnabled = DashboardConfig.GetConfig("Account", "enable_totp")[1]
    totpValid = False
    if totpEnabled:
-        totpValid = pyotp.TOTP(DashboardConfig.GetConfig("Account", "totp_key")[1]).now() == data['totp']
+        totp_code = str(data.get("totp", "")).strip()
+        totpValid = pyotp.TOTP(
+	    DashboardConfig.GetConfig("Account", "totp_key")[1]
+        ).verify(totp_code, valid_window=1)

    if (valid
            and data['username'] == DashboardConfig.GetConfig("Account", "username")[1]
@@ -1455,11 +1458,15 @@ def API_Welcome_GetTotpLink():
@app.post(f'{APP_PREFIX}/api/Welcome_VerifyTotpLink')
 def API_Welcome_VerifyTotpLink():
    data = request.get_json()
-    totp = pyotp.TOTP(DashboardConfig.GetConfig("Account", "totp_key")[1]).now()
-    if totp == data['totp']:
+    totp_code = str(data.get("totp", "")).strip()
+    totpValid = pyotp.TOTP(
+	DashboardConfig.GetConfig("Account", "totp_key")[1]
+    ).verify(totp_code, valid_window=1)
+
+    if totpValid:
        DashboardConfig.SetConfig("Account", "totp_verified", "true")
        DashboardConfig.SetConfig("Account", "enable_totp", "true")
-    return ResponseObject(totp == data['totp'])
+    return ResponseObject(totpValid)

@app.post(f'{APP_PREFIX}/api/Welcome_Finish')
 def API_Welcome_Finish():
@@ -1551,7 +1558,8 @@ def API_Email_Send():
                    subject = Template(data.get('Subject', '')).render(peer=p.toJson(), configurationFile=download)
                    if data.get('IncludeAttachment', False):
                        u = str(uuid4())
-                        attachmentName = f'{u}.conf'
+                        peerName = p.toJson().get('name', '').strip()
+                        attachmentName = f'{peerName if peerName else u}.conf'
                        with open(os.path.join('./attachments', attachmentName,), 'w+') as f:
                            f.write(download['file'])   
                        
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -5,7 +5,7 @@ pyotp==2.9.0
 Flask==3.1.2
 flask-cors==6.0.2
 icmplib==3.0.4
-gunicorn==25.0.3
+gunicorn==26.0.0
 requests==2.32.5
 tcconfig==0.30.1
 sqlalchemy==2.0.49
Author	SHA1	Message	Date
dependabot[bot]	8207c1209c	build(deps): bump gunicorn from 25.0.3 to 26.0.0 in /src Bumps [gunicorn](https://github.com/benoitc/gunicorn) from 25.0.3 to 26.0.0. - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](https://github.com/benoitc/gunicorn/compare/25.0.3...26.0.0) --- updated-dependencies: - dependency-name: gunicorn dependency-version: 26.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-12 03:06:01 +00:00
Donald Zou	71077880ad	Merge pull request #1273 from sgtdeagle/name-attachment-file-after-configname Some checks failed Docker Build and Push / docker_build (push) Has been cancelled Details Docker Build and Push / docker_scan (push) Has been cancelled Details change email attachmentname to peerName if not empty	2026-05-10 13:34:52 +08:00
Donald Zou	d51889a222	Merge pull request #1276 from WGDashboard/#1257-fix #1257 fix	2026-05-10 13:33:05 +08:00
Donald Zou	4d20d00631	Merge pull request #1258 from SnedS91/fix-totp-verification Some checks failed Docker Build and Push / docker_build (push) Has been cancelled Details Docker Build and Push / docker_scan (push) Has been cancelled Details Fix TOTP verification with valid window	2026-05-10 13:13:59 +08:00
sgtdeagle	6ec8d2f201	change email attachmentname to peerName if not empty	2026-05-07 14:27:31 +00:00
sneds91	91de807557	Fix TOTP verification with valid window	2026-05-02 10:54:21 +00:00
Mikhail Solovev	fedf7db8a4	Quote table and column identifiers using SQLAlchemy dialect preparer when adding missing columns to avoid SQL injection and syntax errors. (#1237 ) Some checks failed Mark stale issues and pull requests / stale (push) Has been cancelled Details CodeQL / Analyze (javascript) (push) Has been cancelled Details CodeQL / Analyze (python) (push) Has been cancelled Details Docker Build and Push / docker_build (push) Has been cancelled Details Docker Build and Push / docker_scan (push) Has been cancelled Details	2026-04-16 20:56:16 +02:00
Donald Zou	cdd85b659c	Merge pull request #1227 from WGDashboard/v4.3.3-quick-fix Some checks failed CodeQL / Analyze (javascript) (push) Has been cancelled Details CodeQL / Analyze (python) (push) Has been cancelled Details Docker Build and Push / docker_build (push) Has been cancelled Details Docker Build and Push / docker_scan (push) Has been cancelled Details Mark stale issues and pull requests / stale (push) Has been cancelled Details Update wgd.sh	2026-04-10 16:27:04 +08:00
Donald Zou	42f9460369	Update wgd.sh	2026-04-10 16:18:12 +08:00
Donald Zou	ba11a7a355	Merge pull request #1226 from WGDashboard/v4.3.3-quick-fix Fixed quotation marks	2026-04-10 15:50:10 +08:00
Donald Zou	71f4449741	Fixed quotation marks	2026-04-10 15:45:26 +08:00
Donald Zou	081c63cd43	Merge pull request #1197 from WGDashboard/development v4.3.3 Merge	2026-04-10 14:50:10 +08:00