diff --git a/openstack_auth/tests/unit/test_auth.py b/openstack_auth/tests/unit/test_auth.py
index 142bd88255..b1f6863420 100644
--- a/openstack_auth/tests/unit/test_auth.py
+++ b/openstack_auth/tests/unit/test_auth.py
@@ -1477,6 +1477,10 @@ class OpenstackAuthTestsTOTP(test.TestCase):
 
         self.data = data_v3.generate_test_data()
 
+        session = self.client.session
+        session['receipt'] = 'fake-receipt'
+        session.save()
+
     def get_form_data(self, user):
         return {'region': "default",
                 'domain': DEFAULT_DOMAIN,
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index 55fc9b2fb2..dafd5b13e7 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -500,7 +500,7 @@ class TotpView(edit_views.FormView):
     template_name = 'auth/totp.html'
     form_class = forms.TimeBasedOneTimePassword
     success_url = settings.LOGIN_REDIRECT_URL
-    fail_url = "/login/"
+    fail_url = settings.LOGIN_URL
 
     def get_initial(self):
         return {
@@ -511,6 +511,14 @@ class TotpView(edit_views.FormView):
             'domain': self.request.session.get('domain'),
         }
 
+    def get(self, request, *args, **kwargs):
+        if request.user.is_authenticated:
+            return django_http.HttpResponseRedirect(self.success_url)
+        receipt = request.session.get('receipt')
+        if not receipt:
+            return django_http.HttpResponseRedirect(self.fail_url)
+        return super().get(request, *args, **kwargs)
+
     def form_valid(self, form):
         auth.login(self.request, form.user_cache)
         res = django_http.HttpResponseRedirect(self.success_url)