From a878478d81d964c6103f98146126f75526e44f6e Mon Sep 17 00:00:00 2001
From: Glenn Rice <grice1@missouriwestern.edu>
Date: Sat, 16 Mar 2024 05:46:00 -0500
Subject: [PATCH] Increase the tolerance when checking OTP codes.

This makes two factor authentication work more reliably for DUO.
---
 lib/WeBWorK/Authen.pm | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/WeBWorK/Authen.pm b/lib/WeBWorK/Authen.pm
index 1d4a689a33..e3781b6af0 100644
--- a/lib/WeBWorK/Authen.pm
+++ b/lib/WeBWorK/Authen.pm
@@ -483,8 +483,12 @@ sub verify_normal_user {
 			my $otp_code = trim($c->param('otp_code'));
 			if (defined $otp_code && $otp_code ne '') {
 				my $password = $c->db->getPassword($user_id);
-				if (WeBWorK::Utils::TOTP->new(secret => $self->session->{otp_secret} // $password->otp_secret)
-					->validate_otp($otp_code))
+				if (
+					WeBWorK::Utils::TOTP->new(
+						secret    => $self->session->{otp_secret} // $password->otp_secret,
+						tolerance => 1
+					)->validate_otp($otp_code)
+					)
 				{
 					delete $self->session->{two_factor_verification_needed};