def _email_two_factor_auth(user): # send email to user that has details on # how to apply TOTP to login to pybossa if user and user.email_addr: msg = dict(subject='One time password generation details for Pybossa', recipients=[user.email_addr]) msg['body'] = render_template('/account/email/otp.md', user=user) otpauths[user.email_addr] = None otpauths[user.email_addr] = OtpAuth( base64.b32encode(os.urandom(10)).decode('utf-8')) otpsecret = otpauths[user.email_addr] if otpsecret is None: flash(gettext("Problem with generating one time password"), 'error') else: otpcode = otpsecret.totp(period=600) # otp valid for 10 mins print '********** OTP code generated before sending email: %r' % otpcode msg['html'] = render_template('/account/email/otp.html', user=user, otpcode=otpcode) mail_queue.enqueue(send_mail, msg) flash( gettext( "An email has been sent to you with one time password"), 'success') else: flash( gettext("We don't have this email in our records. " "You may have signed up with a different " "email or used Twitter, Facebook, or " "Google to sign-in"), 'error')
def register(): if request.method == 'POST': print 'Username: '******'Username'] print 'Password: '******'Password'] # Connect to database db = sqlite3.connect('google_authenticator.db') cursor = db.cursor() # Create secret and add user to database secret = base64.b32encode(os.urandom(10)).decode('utf-8') query = 'INSERT INTO USERS (USER, PASSWORD, GOOGLEAUTH) VALUES (\"' + request.form['Username'] + '\",\"' + request.form['Password'] + '\",\"' + secret + '\");' cursor.execute(query) db.commit() db.close() # Create unique QR code given secret, label, and issuer auth = OtpAuth(secret) secret_uri = auth.to_uri('totp', GALabel, GAIssuer) qr = QRCode() qr.add_data(secret_uri) qr.make() img = qr.make_image() #img.show() # Opens tmp QR code image print 'Secret: ', secret print 'Secret Uri: ', secret_uri # Display QR code in web browser return redirect(getQRCodeGoogleUrl(secret_uri)) return "Nothing to see here."
def post(self, request): """ User login api """ data = request.data user = auth.authenticate(username=data["username"], password=data["password"]) # None is returned if username or password is wrong if user: if user.is_disabled: return self.error("Ваш аккаунт был отключен.") if not user.two_factor_auth: auth.login(request, user) return self.success("Успешно") # `tfa_code` not in post data if user.two_factor_auth and "tfa_code" not in data: return self.error("2фа необходима") if OtpAuth(user.tfa_token).valid_totp(data["tfa_code"]): auth.login(request, user) return self.success("Успешно") else: return self.error("Неверный код 2фа") else: return self.error("Неверное имя пользователя или пароль")
def get_code(secret): secret = base64.b32decode(b32pad(secret.upper())) auth = OtpAuth(secret) # a secret string code = auth.totp() # generate a time based code code = str(code).zfill(6) return code
def post(self, request): """ 用户登录API """ data = request.data user = auth.authenticate(username=data["username"], password=data["password"]) # 如果用户名或者密码错误就什么都没有返回 if user: if user.is_disabled: return self.error("Your account has been disabled") # 如果不需要双因素验证,直接就返回得了,否则向下执行 if not user.two_factor_auth: auth.login(request, user) return self.success("Succeeded") # 来到这里自然说明要双因素验证 # 如果双因素验证码不在tfa_code请求数据里面,就返回错误 if user.two_factor_auth and "tfa_code" not in data: return self.error("tfa_required") # 来到这里,说明需要双因素验证,而且双因素验证码也满足,这里就是判断两码是否一致 # 成功就返回secceeded,错误就返回无效的双因素验证码提示信息 # 传过来的tfa_code不是和数据库保存的数据一致,需要使用OtpAuth的valid_totp再加工一下还原 if OtpAuth(user.tfa_token).valid_totp(data["tfa_code"]): auth.login(request, user) return self.success("Succeeded") else: return self.error("Invalid two factor verification code") else: # 最终如果是用户名或者密码出错就返回响应的信息 return self.error("Invalid username or password")
def post(self, request): """ User login api """ data = request.data user = auth.authenticate(username=data["username"], password=data["password"]) # None is returned if username or password is wrong if user: if user.is_disabled: return self.error("Your account has been disabled") if not user.two_factor_auth: auth.login(request, user) return self.success("Succeeded") # `tfa_code` not in post data if user.two_factor_auth and "tfa_code" not in data: return self.error("tfa_required") if OtpAuth(user.tfa_token).valid_totp(data["tfa_code"]): auth.login(request, user) return self.success("Succeeded") else: return self.error("Invalid two factor verification code") else: if '@' in data["username"]: return self.error("Don't use email, use your username") return self.error("Invalid username or password")
def googleScan(inputStr): from otpauth import OtpAuth auth = OtpAuth(inputStr) # a secret string # to_google(self, type, label, issuer, counter=None) s = auth.to_google(type='totp', issuer="PyPI", label='SHA1', counter='6') print(s) return s
def controle_otp(): auth = OtpAuth(db_auth) print(auth) controle = auth.valid_totp(int(input('Voer code in'))) if controle == True: print('Code geaccepteerd') else: print('Helaas de code is onjuist')
def create_tsa(username, user_hash): print str(user_hash) auth = OtpAuth(str(user_hash)) # a secret string s = auth.to_uri('totp', 'User:'******'Kuorra') img = qrcode.make(s) f = open("static/qr/output.png", "wb") img.save(f) f.close()
def test_totp(): auth = OtpAuth('python') code = auth.totp() assert auth.valid_totp(code) # false assert auth.valid_totp(1234567) is False assert auth.valid_totp(123456) is False
def _get_tfa_code(self): # 获得验证码 # 先查找数据库对应的用户,生成一个二维码 user = User.objects.first() code = OtpAuth(user.tfa_token).totp() if len(str(code)) < 6: code = (6 - len(str(code))) * "0" + str(code) return code
def _get_tfa_code(self): # 获取双因素代码 # 正向查询:一对多,查找第一条 user = User.objects.first() code = OtpAuth(user.tfa_token).totp() if len(str(code)) < 6: code = (6 - len(str(code))) * "0" + str(code) return code
def test_hotp(): auth = OtpAuth('python') code = auth.hotp(4) assert auth.valid_hotp(code) == 4 # false assert auth.valid_hotp(1234567) is False assert auth.valid_hotp(123456) is False assert auth.valid_hotp('123456') is False
def controle_otp(response, pincode): auth = OtpAuth(response) controle = auth.valid_totp(int(pincode)) if controle == True: print('Code geaccepteerd') return True else: print('Helaas de code is onjuist') return False
def nieuwe_gebruiker(): global db_auth Random = str( (''.join(random.choice('ABDJFHE34543234') for _ in range(16)))) db_auth = Random print(Random) auth = OtpAuth(Random) # Moet 16 lang zijn s = auth.to_uri('totp', 'Jelle Huisman', 'NS Fietsenstalling') import qrcode img = qrcode.make(s) img.show()
def put(self, request): code = request.data["code"] user = request.user if not user.two_factor_auth: return self.error("2FA is already turned off") if OtpAuth(user.tfa_token).valid_totp(code): user.two_factor_auth = False user.save() return self.success("Succeeded") else: return self.error("Invalid code")
def put(self, request): code = request.data["code"] user = request.user if not user.two_factor_auth: return self.error("2ФА уже выключена") if OtpAuth(user.tfa_token).valid_totp(code): user.two_factor_auth = False user.save() return self.success("Успешно") else: return self.error("Неверный код")
def qrCoderValid(inputStr): auth = OtpAuth(inputStr) hotp_code = auth.hotp(6) valid = auth.valid_hotp(hotp_code) # hotp_code = auth.hotp(6) # valid = auth.valid_hotp(hotp_code) totp_code = auth.totp(period=30, ) print(totp_code) if auth.valid_totp(totp_code): return totp_code return totp_code
def put(self, user_id): """ This is the endpoint that creates the user 2fa --- tags: - users 2fa parameters: - in: body name: body schema: id: 2fa_in properties: twoFACode: type: string description: code for 2fa twoFASecret: type: integer description: secret key for user responses: 201: description: user 2fa secret schema: id: success properties: success: type: boolean value: true 400: description: invalid 2fa secret or code schema: id: error 404: description: invalid user schema: id: error """ if user_id is None: return jsonify(error="invalid user id"), 404 user = User.query.filter_by(id=user_id).first() if user is None: return jsonify(error="invalid user"), 404 user2fa_secret = request.json.get('twoFASecret', None) if not user2fa_secret: return jsonify(error="invalid 2fa secret"), 400 user2fa_code = request.json.get('twoFACode', None) if user2fa_code is None: return jsonify(error="invalid 2fa code"), 400 auth = OtpAuth(user2fa_secret) if auth.valid_totp(user2fa_code): user.secure_id = user2fa_secret db.session.commit() return jsonify(success=True), 201 return jsonify(error="wrong code"), 400
def post(self, request): """ Open 2FA """ code = request.data["code"] user = request.user if OtpAuth(user.tfa_token).valid_totp(code): user.two_factor_auth = True user.save() return self.success("Succeeded") else: return self.error("Invalid code")
def test_tfa_login(self): token = self._set_tfa() code = OtpAuth(token).totp() if len(str(code)) < 6: code = (6 - len(str(code))) * "0" + str(code) response = self.client.post(self.login_url, data={"username": self.username, "password": self.password, "tfa_code": code}) self.assertDictEqual(response.data, {"error": None, "data": "Succeeded"}) user = auth.get_user(self.client) self.assertTrue(user.is_authenticated)
def post(self, request): """ 开启 2FA 模式 """ code = request.data["code"] user = request.user # 从数据库查找出对应的code和传过来的code比较,成功就设置双因素验证为True if OtpAuth(user.tfa_token).valid_totp(code): user.two_factor_auth = True user.save() return self.success("Succeeded") else: return self.error("Invalid code")
def get(self, request): """ Get QR code """ user = request.user if user.two_factor_auth: return self.error("2FA is already turned on") token = rand_str() user.tfa_token = token user.save() label = f"{SysOptions.website_name_shortcut}:{user.username}" image = qrcode.make(OtpAuth(token).to_uri("totp", label, SysOptions.website_name)) return self.success(img2base64(image))
def nieuwe_gebruiker(): global db_auth Random = str( (''.join(random.choice('ABDJFHE34543234') for _ in range(16)))) db_auth = Random print('test' + db_auth) auth = OtpAuth(Random) s = auth.to_uri('totp', 'NS', 'NS Fietsenstalling') qr = QRCode(version=1, error_correction=ERROR_CORRECT_L) qr.add_data(s) qr.make() img = qr.make_image() img.save("qrcode.png") return db_auth
def create_qr(self): id = str(self.id) auth = OtpAuth(app.config['SECRET_KEY'] + id) # a secret string email = self.email s = auth.to_uri('totp', email, 'Unit963') qr = qrcode.QRCode( version=1, error_correction=qrcode.constants.ERROR_CORRECT_L, box_size=15, border=5, ) qr.add_data(s) img = qr.make_image(fill_color="#05528a", back_color="white") img.save('./MFA/static/QR/' + id + '.png')
def POST_TSA(username, **k): message = None # Error message form = config.web.input() # get form data result = config.model.get_users(username) # search for username data user_hash = str(result.user_hash) auth = OtpAuth(user_hash) if auth.valid_totp(form.authenticator): app.session.loggedin = True raise config.web.seeother('/') else: message = "Two Step Authenticator not valid" # Error message result = config.model.get_users( username) # search for username data result.username = config.make_secure_val(str( result.username)) # apply HMAC for username return config.render.tsa(result, message) # render tsa.html
def post(self, request): data = request.data user = auth.authenticate(username=request.user.username, password=data["password"]) if user: if user.two_factor_auth: if "tfa_code" not in data: return self.error("tfa_required") if not OtpAuth(user.tfa_token).valid_totp(data["tfa_code"]): return self.error("Invalid two factor verification code") data["new_email"] = data["new_email"].lower() if User.objects.filter(email=data["new_email"]).exists(): return self.error("The email is owned by other account") user.email = data["new_email"] user.save() return self.success("Succeeded") else: return self.error("Wrong password")
def test_tfa_login(self): # 测试使用双因素验证登录,调用_set_tfa()生成双因素验证码 token = self._set_tfa() # 使用一次性验证工具加工一下 code = OtpAuth(token).totp() # code字符串化之后的长度若小于6,不足的长度就用0补齐,最后再次拼接字符串化的code,就保证验证码大于6位数 if len(str(code)) < 6: code = (6 - len(str(code))) * "0" + str(code) # 直接请求,因为双因素验证码已经保存到数据库里面了 response = self.client.post(self.login_url, data={"username": self.username, "password": self.password, "tfa_code": code}) self.assertDictEqual(response.data, {"error": None, "data": "Succeeded"}) user = auth.get_user(self.client) self.assertTrue(user.is_authenticated())
def segundo_fator(self, metodo, chave): """ Calcula e retorna one-time passwords para uso como segundo fator de autenticação baseados em tempo ou hashes criptografados. ARGS: - metodo (string): pode ser 'time' ou 'hmac'. - chave (string): a chave privada usada para gerar os códigos. """ au = OtpAuth(chave) if metodo == 'time': return au.totp() elif metodo == 'hmac': return au.hotp() else: raise ValueError('método não identificado')
def post(self, request): """ User change password api """ data = request.data username = request.user.username user = auth.authenticate(username=username, password=data["old_password"]) if user: if user.two_factor_auth: if "tfa_code" not in data: return self.error("tfa_required") if not OtpAuth(user.tfa_token).valid_totp(data["tfa_code"]): return self.error("Invalid two factor verification code") user.set_password(data["new_password"]) user.save() return self.success("Succeeded") else: return self.error("Invalid old password")