Snippet of code containing the login route for 2FA

login.py

@app.route("/login", methods=['GET', 'POST'])
def login():
  form_user = request.form.get("username")
  form_pass = request.form.get("password")
  if request.method == 'POST':
    if form_user == app.config["USER"] and form_pass == app.config["PASS"]:
      session['username'] = form_user
      return redirect(url_for("OTP_auth"))
    else:
      flash("Invalid credentials. Please try again.")
  return redirect(url_for("index"))