From 5d40c42bbf08ebec1844ae86f03a2e1b65384998 Mon Sep 17 00:00:00 2001 From: Thomas M Steenholdt Date: Wed, 6 Jun 2018 09:17:26 -0200 Subject: [PATCH] Fix OTP validation The result from the form is never an int but rather a string of digits, so that's what we should be checking for. This fixes OTP validation (cherry picked from commit 5fe3c8b9f92665db54d74dc6b2334666c318bf0c) --- app/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views.py b/app/views.py index 1c65ca1..4ca679c 100644 --- a/app/views.py +++ b/app/views.py @@ -365,7 +365,7 @@ def login(): # check if user enabled OPT authentication if user.otp_secret: - if otp_token and isinstance(otp_token, int): + if otp_token and otp_token.isdigit(): good_token = user.verify_totp(otp_token) if not good_token: return render_template('login.html', error='Invalid credentials',