GUACAMOLE-96: Allow users to enter either the current or previous TOTP codes.

extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/UserVerificationService.java

@@ -142,7 +142,7 @@ public class UserVerificationService {
             // Verify provided TOTP against value produced by generator
             byte[] key = BASE32.decode(encodedKey);
             TOTPGenerator totp = new TOTPGenerator(key, TOTPGenerator.Mode.SHA1, 6);
-            if (code.equals(totp.generate()))
+            if (code.equals(totp.generate()) || code.equals(totp.previous()))
                 return;
 
         }

extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/totp/TOTPGenerator.java

@@ -399,4 +399,33 @@ public class TOTPGenerator {
         return generate(System.currentTimeMillis() / 1000);
     }
 
+    /**
+     * Returns the TOTP code which would have been generated immediately prior
+     * to the code returned by invoking generate() with the given timestamp.
+     *
+     * @param time
+     *     The absolute timestamp to use to generate the TOTP code, in seconds
+     *     since midnight, 1970-01-01, UTC (UNIX epoch).
+     *
+     * @return
+     *     The TOTP code which would have been generated immediately prior to
+     *     the the code returned by invoking generate() with the given
+     *     timestamp.
+     */
+    public String previous(long time) {
+        return generate(Math.max(startTime, time - timeStep));
+    }
+
+    /**
+     * Returns the TOTP code which would have been generated immediately prior
+     * to the code currently being returned by generate().
+     *
+     * @return
+     *     The TOTP code which would have been generated immediately prior to
+     *     the code currently being returned by generate().
+     */
+    public String previous() {
+        return previous(System.currentTimeMillis() / 1000);
+    }
+
 }