Implement 2FA TOTP tolerance

[brawaru]

Please confirm the following.

• I checked the existing issues for duplicate feature requests
• I have checked that this feature request is not on our roadmap

What parts of Modrinth is your feature request related too?

No response

Is your suggested feature related to a problem? Please describe.

Currently, Modrinth only accepts codes generated within the current 30 seconds frame on its servers.

However, as we learnt from Modrinth App, a lot of people have their device time out of sync—often by dozen minutes, sometimes by hours. This should be less of a problem with mobile devices where TOTP codes are generated, but it might still be out of sync by seconds, which, as pointed above, is crucial.

There's also an accessibility concern: sometimes people may need time to enter the code, and by the time they are done and press Enter (or worse, move cursor to the Continue button to click it), the code might've already expired.

Describe the solution you'd like

To improve user experience and combat slight time differences, many services implement what's called TOTP tolerance. This this is done by generating three TOTP candidates (current_frame - 1, current_frame, current_frame + 1) and accepting any of them. For the user, this means their code is active for 1 minute, rather than 30 seconds, which is plenty of time to use the code.

This doesn't compromise the security of TOTP authentication, but will reduce the number of people using 2FA who are confused or frustrated by the Invalid Credentials error (e.g., me).

Describe alternatives you've considered

• Calling John Time and telling him to fix people's clocks. Actually I did that. He said the experience of time is the subjective experience of everyone, and he will not interfere with it. Coward.

Additional context

No response