def test_get_provisioning_uri(self, backend):
secret = b"12345678901234567890"
totp = TOTP(secret, 6, hashes.SHA1(), 30, backend=backend)
assert totp.get_provisioning_uri("Alice Smith", None) == (
"otpauth://totp/Alice%20Smith?digits=6&secret=GEZDGNBVG"
"Y3TQOJQGEZDGNBVGY3TQOJQ&algorithm=SHA1&period=30")
assert totp.get_provisioning_uri("Alice Smith", 'World') == (
"otpauth://totp/World:Alice%20Smith?digits=6&secret=GEZ"
"DGNBVGY3TQOJQGEZDGNBVGY3TQOJQ&algorithm=SHA1&issuer=World"
"&period=30")
def generate_totp_uri(secret, email):
""" Generate a Google authenticator compatible QR provisioning URI
Args:
secret: 16 character base32 secret
email: Authenticator email address
Return:
URI for QR code: otpauth://totp/[email protected]?secret=JBSWY3DPEHPK3PXP&issuer=FrostyWeb
"""
if isinstance(secret, unicode):
secret = secret.encode('utf-8')
try:
key = base64.b32decode(secret)
totp = TOTP(key, 8, SHA1(), 30, backend=default_backend(), enforce_key_length=False)
return totp.get_provisioning_uri(email, 'FrostyWeb')
except TypeError:
pass
return None
def get_provisioning_uri(self, user_id, cred_type='totp-draft'):
class_conf = settings.TASK_SETTINGS.get(self.task_type, {})
id_manager = user_store.IdentityManager()
creds = id_manager.list_credentials(user_id, cred_type)
# NOTE(amelia): There will only be one as the action checks for
# other cases and marks them invalid
secret = json.loads(creds[0].blob)['secret']
user_name = id_manager.get_user(user_id).name
if isinstance(secret, six.text_type):
secret = secret.encode('utf-8')
while len(secret) % 8 != 0:
secret = secret + b'='
decoded = base64.b32decode(secret)
totp = TOTP(decoded, 6, SHA1(), 30, backend=default_backend())
cloud_name = class_conf.get('cloud_name')
return totp.get_provisioning_uri(user_name, cloud_name)
from cryptography.hazmat.primitives.twofactor.totp import TOTP
from cryptography.hazmat.primitives.hashes import SHA1
from cryptography.hazmat.primitives.twofactor import InvalidToken
import pyqrcode
key = os.urandom(16)
counter = 1
time_value = time.time()
issuer = 'GruPyPR'
account_name = input('Your name: ')
totp = TOTP(key, 6, SHA1(), 30, backend=default_backend())
uri = totp.get_provisioning_uri(account_name, issuer)
url = pyqrcode.create(uri)
print('Scan this!\n')
url.svg('totp.svg', scale=8)
webbrowser.open('totp.svg')
while True:
try:
totp_value = bytes(input('Two factor password: '******'utf-8')
totp.verify(totp_value, time.time())
print('You are authenticated!\n')
except InvalidToken:
print('You shall not pass!')
continue
except KeyboardInterrupt:
#!/usr/bin/env python3 """ Genera un QR TOTP compatible con Google Authenticator """ import webbrowser from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.hashes import SHA1 from cryptography.hazmat.primitives.twofactor.totp import TOTP google_url = 'http://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=' cuenta = '*****@*****.**' expedida_por = None key = b'abcdefghij' totp = TOTP(key, 8, SHA1(), 30, backend=default_backend()) uri = totp.get_provisioning_uri(cuenta, expedida_por) url = '%s%s' % (google_url, uri) webbrowser.open(url)
