diff --git a/app/controllers/user/sessions_controller.rb b/app/controllers/user/sessions_controller.rb index 2a88612a..cd8d96bf 100644 --- a/app/controllers/user/sessions_controller.rb +++ b/app/controllers/user/sessions_controller.rb @@ -18,7 +18,7 @@ class User::SessionsController < Devise::SessionsController warden.lock! render 'auth/two_factor_authentication' else - if resource.authenticate_otp(params[:user][:otp_attempt]) + if resource.authenticate_otp(params[:user][:otp_attempt], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i) continue_sign_in(resource, resource_name) else sign_out(resource) diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 544ede5f..b2fc4b7c 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -189,7 +189,7 @@ class UserController < ApplicationController req_params = params.require(:user).permit(:otp_validation) current_user.otp_module = :enabled - if current_user.authenticate_otp(req_params[:otp_validation]) + if current_user.authenticate_otp(req_params[:otp_validation], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i) flash[:success] = t('views.auth.2fa.setup.success') current_user.save! else diff --git a/config/justask.yml.example b/config/justask.yml.example index 57ce7c8a..280b871d 100644 --- a/config/justask.yml.example +++ b/config/justask.yml.example @@ -68,3 +68,6 @@ hcaptcha: enabled: false site_key: '' secret_key: '' + +# TOTP Drift period in seconds +otp_drift_period: 30