From 867b2ff542ddbd5c171570cc35795b6a4fd7c674 Mon Sep 17 00:00:00 2001
From: Chris Young <chris@unsatisfactorysoftware.co.uk>
Date: Mon, 13 Feb 2023 15:17:54 +0000
Subject: [PATCH] Specify TOTP validity window in settings.py

---
 bookwyrm/forms/landing.py | 3 ++-
 bookwyrm/settings.py      | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/bookwyrm/forms/landing.py b/bookwyrm/forms/landing.py
index 132f3ba71..1da4fc4f1 100644
--- a/bookwyrm/forms/landing.py
+++ b/bookwyrm/forms/landing.py
@@ -8,6 +8,7 @@ import pyotp
 
 from bookwyrm import models
 from bookwyrm.settings import DOMAIN
+from bookwyrm.settings import TWO_FACTOR_LOGIN_VALIDITY_WINDOW
 from .custom_form import CustomForm
 
 
@@ -108,7 +109,7 @@ class Confirm2FAForm(CustomForm):
         otp = self.data.get("otp")
         totp = pyotp.TOTP(self.instance.otp_secret)
 
-        if not totp.verify(otp, valid_window=2):
+        if not totp.verify(otp, valid_window=TWO_FACTOR_LOGIN_VALIDITY_WINDOW):
 
             if self.instance.hotp_secret:
                 # maybe it's a backup code?
diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py
index 61240dbfa..d8c554742 100644
--- a/bookwyrm/settings.py
+++ b/bookwyrm/settings.py
@@ -369,6 +369,7 @@ OTEL_EXPORTER_OTLP_HEADERS = env("OTEL_EXPORTER_OTLP_HEADERS", None)
 OTEL_SERVICE_NAME = env("OTEL_SERVICE_NAME", None)
 
 TWO_FACTOR_LOGIN_MAX_SECONDS = 60
+TWO_FACTOR_LOGIN_VALIDITY_WINDOW = 2
 
 HTTP_X_FORWARDED_PROTO = env.bool("SECURE_PROXY_SSL_HEADER", False)
 if HTTP_X_FORWARDED_PROTO: