From 08335cdedc846270dd149fc1ffad92826b5f8cb1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Dekkers?= <rene@dekkers.biz>
Date: Mon, 7 May 2018 15:32:15 +0200
Subject: [PATCH] Fail when non-numeric otp token was inserted

---
 app/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views.py b/app/views.py
index 35d3f79..0f0d2ab 100644
--- a/app/views.py
+++ b/app/views.py
@@ -276,7 +276,7 @@ def login():
 
         # check if user enabled OPT authentication
         if user.otp_secret:
-            if otp_token:
+            if otp_token and isinstance(otp_token, int):
                 good_token = user.verify_totp(otp_token)
                 if not good_token:
                     return render_template('login.html', error='Invalid credentials', ldap_enabled=LDAP_ENABLE, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED)