From 391500bdacab69afec9520f0503e1c97f87fd791 Mon Sep 17 00:00:00 2001 From: DW <36347199+chocological00@users.noreply.github.com> Date: Sat, 1 Feb 2020 21:50:15 -0500 Subject: [PATCH] Allow wider window for totp verification (#5811) As server time and client time may not necessarily match --- src/server/api/private/signin.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/server/api/private/signin.ts b/src/server/api/private/signin.ts index 43928a6b44..734758d63d 100644 --- a/src/server/api/private/signin.ts +++ b/src/server/api/private/signin.ts @@ -89,7 +89,8 @@ export default async (ctx: Koa.Context) => { const verified = (speakeasy as any).totp.verify({ secret: profile.twoFactorSecret, encoding: 'base32', - token: token + token: token, + window: 2 }); if (verified) {