diff options
| author | Maxim Devaev <[email protected]> | 2025-01-15 02:49:10 +0200 |
|---|---|---|
| committer | Maxim Devaev <[email protected]> | 2025-01-15 02:49:10 +0200 |
| commit | da4da975ef54dac6c17699e2d1e4addefbec6d73 (patch) | |
| tree | 3c8e599573336748073283bfc378930fbbc8af4c | |
| parent | b6c73aceb74cf6f3a376fc1223e9cc701a8f6ee5 (diff) | |
Revert "pikvm/pikvm#1459: TOTP valid_window=5"
This reverts commit b6c73aceb74cf6f3a376fc1223e9cc701a8f6ee5.
| -rw-r--r-- | kvmd/apps/__init__.py | 1 | ||||
| -rw-r--r-- | kvmd/apps/kvmd/__init__.py | 1 | ||||
| -rw-r--r-- | kvmd/apps/kvmd/auth.py | 6 | ||||
| -rw-r--r-- | testenv/tests/apps/kvmd/test_auth.py | 2 |
4 files changed, 2 insertions, 8 deletions
diff --git a/kvmd/apps/__init__.py b/kvmd/apps/__init__.py index 845da35a..091319ca 100644 --- a/kvmd/apps/__init__.py +++ b/kvmd/apps/__init__.py @@ -370,7 +370,6 @@ def _get_config_scheme() -> dict: }, "totp": { - "valid_window": Option(1, type=functools.partial(valid_number, min=0, max=5)), "secret": { "file": Option("/etc/kvmd/totp.secret", type=valid_abs_path, if_empty=""), }, diff --git a/kvmd/apps/kvmd/__init__.py b/kvmd/apps/kvmd/__init__.py index 800e5f5c..088a62ef 100644 --- a/kvmd/apps/kvmd/__init__.py +++ b/kvmd/apps/kvmd/__init__.py @@ -86,7 +86,6 @@ def main(argv: (list[str] | None)=None) -> None: external_kwargs=(config.auth.external._unpack(ignore=["type"]) if config.auth.external.type else {}), totp_secret_path=config.auth.totp.secret.file, - totp_valid_window=config.auth.totp.valid_window, ), info_manager=InfoManager(global_config), log_reader=(LogReader() if config.log_reader.enabled else None), diff --git a/kvmd/apps/kvmd/auth.py b/kvmd/apps/kvmd/auth.py index 33beb5a6..008e8a4f 100644 --- a/kvmd/apps/kvmd/auth.py +++ b/kvmd/apps/kvmd/auth.py @@ -34,7 +34,7 @@ from ...htserver import HttpExposed # ===== -class AuthManager: # pylint: disable=too-many-instance-attributes +class AuthManager: def __init__( self, enabled: bool, @@ -47,7 +47,6 @@ class AuthManager: # pylint: disable=too-many-instance-attributes external_type: str, external_kwargs: dict, - totp_valid_window: int, totp_secret_path: str, ) -> None: @@ -71,7 +70,6 @@ class AuthManager: # pylint: disable=too-many-instance-attributes self.__external_service = get_auth_service_class(external_type)(**external_kwargs) get_logger().info("Using external auth service %r", self.__external_service.get_plugin_name()) - self.__totp_valid_window = totp_valid_window self.__totp_secret_path = totp_secret_path self.__tokens: dict[str, str] = {} # {token: user} @@ -97,7 +95,7 @@ class AuthManager: # pylint: disable=too-many-instance-attributes secret = file.read().strip() if secret: code = passwd[-6:] - if not pyotp.TOTP(secret).verify(code, valid_window=self.__totp_valid_window): + if not pyotp.TOTP(secret).verify(code): get_logger().error("Got access denied for user %r by TOTP", user) return False passwd = passwd[:-6] diff --git a/testenv/tests/apps/kvmd/test_auth.py b/testenv/tests/apps/kvmd/test_auth.py index cef16399..4fa1c8ae 100644 --- a/testenv/tests/apps/kvmd/test_auth.py +++ b/testenv/tests/apps/kvmd/test_auth.py @@ -69,7 +69,6 @@ async def _get_configured_manager( external_type=("htpasswd" if external_path else ""), external_kwargs=(_make_service_kwargs(external_path) if external_path else {}), - totp_valid_window=0, totp_secret_path="", ) @@ -201,7 +200,6 @@ async def test_ok__disabled() -> None: external_type="", external_kwargs={}, - totp_valid_window=0, totp_secret_path="", ) |