Skip to content
This repository has been archived by the owner on Dec 2, 2024. It is now read-only.

Commit

Permalink
fix some TOTP codes not working when combined with password
Browse files Browse the repository at this point in the history
  • Loading branch information
@tnix100
tnix100 authored Aug 8, 2024
1 parent f1c353f commit 9fc6096
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
5 changes: 3 additions & 2 deletions rest_api/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,12 @@ async def login(data: AuthRequest):
password_valid = security.check_password_hash(data.password, account["pswd"])
elif not data.totp_code:
try:
data.totp_code = int(data.password[-6:])
data.totp_code = data.password[-6:]
data.password = data.password[:-6]
except: pass
else:
password_valid = security.check_password_hash(data.password, account["pswd"])
if re.fullmatch(security.TOTP_REGEX, data.totp_code):
password_valid = security.check_password_hash(data.password, account["pswd"])

# Abort if password is invalid
if not password_valid:
Expand Down
1 change: 1 addition & 0 deletions security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@


USERNAME_REGEX = "[a-zA-Z0-9-_]{1,20}"
TOTP_REGEX = "[0-9]{6}"
BCRYPT_SALT_ROUNDS = 14
TOKEN_BYTES = 64

Expand Down

0 comments on commit 9fc6096

Please sign in to comment.