Allow TOTP to be reused (within its lifetime)

diff --git a/server/auth/local/local.py b/server/auth/local/local.py
index f413806c515efe42f2b1dbc041babbd4e60c8f8b..672d4452eb78f6e880f70f9fbc0151f27c0b1bac 100644 (file)
--- a/server/auth/local/local.py
+++ b/server/auth/local/local.py
@@ -37,7 +37,6 @@ class LocalAuth(BaseAuth):
             self.totp_key = get_env("FLATNOTES_TOTP_KEY", mandatory=True)\r
             self.totp_key = b32encode(self.totp_key.encode("utf-8"))\r
             self.totp = TOTP(self.totp_key)\r
-            self.last_used_totp = None\r
             self._display_totp_enrolment()\r
 \r
     def login(self, data: Login) -> Token:\r
@@ -49,8 +48,7 @@ class LocalAuth(BaseAuth):
         # Check Password & TOTP\r
         expected_password = self.password\r
         if self.is_totp_enabled:\r
-            current_totp = self.totp.now()\r
-            expected_password += current_totp\r
+            expected_password += self.totp.now()\r
         password_correct = secrets.compare_digest(\r
             expected_password, data.password\r
         )\r
@@ -59,15 +57,8 @@ class LocalAuth(BaseAuth):
         if not (\r
             username_correct\r
             and password_correct\r
-            # Prevent TOTP from being reused\r
-            and (\r
-                self.is_totp_enabled is False\r
-                or current_totp != self.last_used_totp\r
-            )\r
         ):\r
             raise ValueError("Incorrect login credentials.")\r
-        if self.is_totp_enabled:\r
-            self.last_used_totp = current_totp\r
 \r
         # Create Token\r
         access_token = self._create_access_token(data={"sub": self.username})\r