Extract TOTPStrategy class to totp.py

* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp` * reduce `pyotp.validate#valid_window` from `2` to `1`
2026-03-13 17:17:23 +01:00 · 2020-09-03 11:19:19 +02:00
parent 6594e19a1f
commit ce70f44c58
3 changed files with 47 additions and 31 deletions
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -40,10 +40,10 @@ def authorized_personnel_only(viewfunc):
 		error = None
 		try:
 			email, privs = auth_service.authenticate(request, env)
-		except auth.MissingTokenError as e:
+		except totp.MissingTokenError as e:
 			privs = []
 			error = str(e)
-		except auth.BadTokenError as e:
+		except totp.BadTokenError as e:
 			# Write a line in the log recording the failed login
 			log_failed_login(request)

@@ -128,7 +128,7 @@ def me():
 	# Is the caller authorized?
 	try:
 		email, privs = auth_service.authenticate(request, env)
-	except auth.MissingTokenError as e:
+	except totp.MissingTokenError as e:
 		# Log the failed login
 		log_failed_login(request)

@@ -136,7 +136,7 @@ def me():
 			"status": "missing_token",
 			"reason": str(e),
 		})
-	except auth.BadTokenError as e:
+	except totp.BadTokenError as e:
 		# Log the failed login
 		log_failed_login(request)