From 34deaf88496b2c7f8db88c918ae1f8be2570462c Mon Sep 17 00:00:00 2001
From: Jason Hu <awarecan@users.noreply.github.com>
Date: Sat, 15 Sep 2018 04:28:25 -0700
Subject: [PATCH] Add valid_window=1 to TOTP verify (#16625)

---
 homeassistant/auth/mfa_modules/totp.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/homeassistant/auth/mfa_modules/totp.py b/homeassistant/auth/mfa_modules/totp.py
index 0914658a655..50cd9d33466 100644
--- a/homeassistant/auth/mfa_modules/totp.py
+++ b/homeassistant/auth/mfa_modules/totp.py
@@ -149,10 +149,10 @@ class TotpAuthModule(MultiFactorAuthModule):
         if ota_secret is None:
             # even we cannot find user, we still do verify
             # to make timing the same as if user was found.
-            pyotp.TOTP(DUMMY_SECRET).verify(code)
+            pyotp.TOTP(DUMMY_SECRET).verify(code, valid_window=1)
             return False
 
-        return bool(pyotp.TOTP(ota_secret).verify(code))
+        return bool(pyotp.TOTP(ota_secret).verify(code, valid_window=1))
 
 
 class TotpSetupFlow(SetupFlow):
-- 
GitLab