From 5d40c42bbf08ebec1844ae86f03a2e1b65384998 Mon Sep 17 00:00:00 2001
From: Thomas M Steenholdt <tsteenholdt@cascadetechnologypartners.com>
Date: Wed, 6 Jun 2018 09:17:26 -0200
Subject: [PATCH] Fix OTP validation

The result from the form is never an int but rather a string of digits, so that's what we should be checking for.

This fixes OTP validation

(cherry picked from commit 5fe3c8b9f92665db54d74dc6b2334666c318bf0c)
---
 app/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views.py b/app/views.py
index 1c65ca1..4ca679c 100644
--- a/app/views.py
+++ b/app/views.py
@@ -365,7 +365,7 @@ def login():
 
         # check if user enabled OPT authentication
         if user.otp_secret:
-            if otp_token and isinstance(otp_token, int):
+            if otp_token and otp_token.isdigit():
                 good_token = user.verify_totp(otp_token)
                 if not good_token:
                     return render_template('login.html', error='Invalid credentials',