From 02ee37b50d5990b1ef13182979b3772d40943b4e Mon Sep 17 00:00:00 2001
From: "Vitor M. A. da Cruz" <vitor.mazzi@myfreecomm.com.br>
Date: Tue, 3 Jun 2014 20:07:07 -0300
Subject: [PATCH] Fixed #60 -- Always cast the token to an int before
 verification

---
 tests/tests.py       | 9 +++++++++
 two_factor/models.py | 5 +++++
 2 files changed, 14 insertions(+)

diff --git a/tests/tests.py b/tests/tests.py
index 2ba939d8c..123158a2c 100644
--- a/tests/tests.py
+++ b/tests/tests.py
@@ -792,6 +792,15 @@ def test_verify(self):
         self.assertFalse(device.verify_token(-1))
         self.assertTrue(device.verify_token(totp(device.bin_key)))
 
+    def test_verify_token_as_string(self):
+        """
+        The field used to read the token may be a CharField,
+        so the PhoneDevice must be able to validate tokens
+        read as strings
+        """
+        device = PhoneDevice(key=random_hex().decode())
+        self.assertTrue(device.verify_token(str(totp(device.bin_key))))
+
     def test_unicode(self):
         device = PhoneDevice(name='unknown')
         self.assertEqual('unknown (None)', str(device))
diff --git a/two_factor/models.py b/two_factor/models.py
index d2a7e7b5b..c55cd5e2c 100644
--- a/two_factor/models.py
+++ b/two_factor/models.py
@@ -89,6 +89,11 @@ def bin_key(self):
         return unhexlify(self.key.encode())
 
     def verify_token(self, token):
+        try:
+            token = int(token)
+        except ValueError:
+            return False
+
         for drift in range(-5, 1):
             if totp(self.bin_key, drift=drift) == token:
                 return True