From 9fc6096c198bab7b7ae09fad7393f635999286d3 Mon Sep 17 00:00:00 2001
From: Tnix <hi@tnix.dev>
Date: Fri, 9 Aug 2024 00:32:26 +1200
Subject: [PATCH] fix some TOTP codes not working when combined with password

---
 rest_api/auth.py | 5 +++--
 security.py      | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/rest_api/auth.py b/rest_api/auth.py
index 5297d53..ead9fc3 100644
--- a/rest_api/auth.py
+++ b/rest_api/auth.py
@@ -60,11 +60,12 @@ async def login(data: AuthRequest):
                     password_valid = security.check_password_hash(data.password, account["pswd"])
             elif not data.totp_code:
                 try:
-                    data.totp_code = int(data.password[-6:])
+                    data.totp_code = data.password[-6:]
                     data.password = data.password[:-6]
                 except: pass
                 else:
-                    password_valid = security.check_password_hash(data.password, account["pswd"])
+                    if re.fullmatch(security.TOTP_REGEX, data.totp_code):
+                        password_valid = security.check_password_hash(data.password, account["pswd"])
 
         # Abort if password is invalid
         if not password_valid:
diff --git a/security.py b/security.py
index 52e92f2..6f5db22 100644
--- a/security.py
+++ b/security.py
@@ -38,6 +38,7 @@
 
 
 USERNAME_REGEX = "[a-zA-Z0-9-_]{1,20}"
+TOTP_REGEX = "[0-9]{6}"
 BCRYPT_SALT_ROUNDS = 14
 TOKEN_BYTES = 64