Fix OTP time window

2025-02-02 14:18:43 +08:00 · 2024-05-06 15:02:14 -04:00 · 2024-05-06 15:02:14 -04:00 · a628358c9f
commit a628358c9f
parent 918eb3bb67
3 changed files with 6 additions and 4 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -13,7 +13,6 @@
        "packages/*"
      ],
      "dependencies": {
-        "otpauth": "9.2.4",
        "uuid": "^9.0.1"
      },
      "devDependencies": {
--- a/package.json
+++ b/package.json
@ -43,7 +43,6 @@
    ]
  },
  "dependencies": {
-    "otpauth": "9.2.4",
    "uuid": "^9.0.1"
  }
 }
--- a/packages/backend/src/services/auth/OTPService.js
+++ b/packages/backend/src/services/auth/OTPService.js
@ -48,8 +48,12 @@ class OTPService extends BaseService {
            secret,
        });

-        const ok = totp.validate({ token: code });
-        return ok;
+        const allowed = [-1, 0, 1];
+
+        const delta = totp.validate({ token: code });
+        if ( delta === null ) return false;
+        if ( ! allowed.includes(delta) ) return false;
+        return true;
    }

    gen_otp_secret_ () {