From 2552947894a6cd78cb0bf879f7b083b033583080 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 21 Sep 2025 16:14:14 -0400
Subject: [PATCH 1/3] Fix totp dict size changing on login

---
 app/classes/controllers/totp_controller.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/classes/controllers/totp_controller.py b/app/classes/controllers/totp_controller.py
index 8aa807ee..785bdd0d 100644
--- a/app/classes/controllers/totp_controller.py
+++ b/app/classes/controllers/totp_controller.py
@@ -100,8 +100,8 @@ class TOTPController:
         """clears out totp codes older than 1 minute when one is sent"""
         now = datetime.now(tz=timezone.utc)
         # Clean up expired entries reclaim some memory
-        for key, totp_dict in self.used_totp_codes.items():
-            for item, timestamp in totp_dict.items():
+        for key, totp_dict in list(self.used_totp_codes.items()):
+            for item, timestamp in list(totp_dict.items()):
                 if now - timestamp > timedelta(seconds=60):
                     # needs to ref the self var to remove expired entries
                     del self.used_totp_codes[  # pylint: disable=unnecessary-dict-index-lookup
-- 
GitLab


From 52e239cfce137bd3533a74e4f3196ad3481e901e Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 21 Sep 2025 16:22:17 -0400
Subject: [PATCH 2/3] Add a comment since we have to ignore sonar check

---
 app/classes/controllers/totp_controller.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/classes/controllers/totp_controller.py b/app/classes/controllers/totp_controller.py
index 785bdd0d..057fd004 100644
--- a/app/classes/controllers/totp_controller.py
+++ b/app/classes/controllers/totp_controller.py
@@ -101,6 +101,7 @@ class TOTPController:
         now = datetime.now(tz=timezone.utc)
         # Clean up expired entries reclaim some memory
         for key, totp_dict in list(self.used_totp_codes.items()):
+            # Iterate over copy of dict (list) to prevent size change during iteration
             for item, timestamp in list(totp_dict.items()):
                 if now - timestamp > timedelta(seconds=60):
                     # needs to ref the self var to remove expired entries
-- 
GitLab


From 6dadae17b4fa183d5ad54431d1c731878a593004 Mon Sep 17 00:00:00 2001
From: Zedifus <zedifus@zediverse.gg>
Date: Tue, 7 Oct 2025 00:57:10 +0100
Subject: [PATCH 3/3] Update changelog !899

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 408b28ca..321e802a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ### New features
 TBD
 ### Bug fixes
+- Fix MFA login failure when the totp `dict`'s attempted codes list changes size while being processed ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/899))
 - Resolve additional json being appended to downloaded files ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/902))
 ### Tweaks
 TBD
-- 
GitLab