From 3f3a834c0c0ade9e1a5f3c4a26829108c9214202 Mon Sep 17 00:00:00 2001
From: Maxim Devaev <mdevaev@gmail.com>
Date: Thu, 16 Jan 2025 14:57:05 +0200
Subject: pikvm/pikvm#1459: Extended TOTP window with a single step (+30sec)

---
 kvmd/apps/kvmd/auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kvmd/apps/kvmd/auth.py b/kvmd/apps/kvmd/auth.py
index 008e8a4f..bf979836 100644
--- a/kvmd/apps/kvmd/auth.py
+++ b/kvmd/apps/kvmd/auth.py
@@ -95,7 +95,7 @@ class AuthManager:
                 secret = file.read().strip()
             if secret:
                 code = passwd[-6:]
-                if not pyotp.TOTP(secret).verify(code):
+                if not pyotp.TOTP(secret).verify(code, valid_window=1):
                     get_logger().error("Got access denied for user %r by TOTP", user)
                     return False
                 passwd = passwd[:-6]
-- 
cgit v1.2.3