From 5644d5f3f770ba3973a2a1b7741c3f3edf7194d0 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 14 May 2022 19:57:00 +0200
Subject: [PATCH] stages/authenticator_totp: fix key error

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/stages/authenticator_totp/stage.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/authentik/stages/authenticator_totp/stage.py b/authentik/stages/authenticator_totp/stage.py
index 4c6250b87..f21bee407 100644
--- a/authentik/stages/authenticator_totp/stage.py
+++ b/authentik/stages/authenticator_totp/stage.py
@@ -40,10 +40,11 @@ class AuthenticatorTOTPChallengeResponse(ChallengeResponse):
 
     def validate_code(self, code: int) -> int:
         """Validate totp code"""
-        if self.device is not None:
-            if not self.device.verify_token(code):
-                self.device.confirmed = False
-                raise ValidationError(_("Code does not match"))
+        if not self.device:
+            raise ValidationError(_("Code does not match"))
+        if not self.device.verify_token(code):
+            self.device.confirmed = False
+            raise ValidationError(_("Code does not match"))
         return code
 
 
@@ -65,7 +66,7 @@ class AuthenticatorTOTPStageView(ChallengeStageView):
 
     def get_response_instance(self, data: QueryDict) -> ChallengeResponse:
         response = super().get_response_instance(data)
-        response.device = self.request.session[SESSION_TOTP_DEVICE]
+        response.device = self.request.session.get(SESSION_TOTP_DEVICE)
         return response
 
     def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse: