def ologin(): if request.method == 'GET': if 'otpusername' not in session and 'username'in session : if User.otpchk(str(session['username'])) == "0": print("hellop") import pyotp key = pyotp.random_base32() totp = pyotp.TOTP(key) optsct = totp.provisioning_uri(session['username']) User.optnew(str(session['username']),optsct,key) return render_template('admin/otpset.html',otpurl=str(User.otpchk(str(session['username'])))) else: return render_template('admin/otplogin.html',name=str(session['username'])) else: return redirect(url_for('admin.index')) else: if 'username' in session: import pyotp passd = request.form['otppass'] otpkey = User.otpkeychk(str(session['username'])) totp = pyotp.TOTP(otpkey) if totp.verify(passd) is True: session['otpusername'] = str(session['username'])+str(passd) return redirect(url_for('admin.index')) else: return redirect(url_for('login.ologin'))
def adduser(request): """ Method to insert new username, generate secret""" messages = None session = request.getSession() user = IUser(session) if not user.is_admin: request.setResponseCode(403) returnValue('Permission Denied') if request.method == 'POST': username = request.args.get("username", None)[0] if username is not None: # Generate Secret secret = pyotp.random_base32() # Insert user into db try: yield dbpool.runOperation('INSERT into users (username, secret) values (?, ?);', (username, secret)) # generate QRCODE totp = pyotp.TOTP(secret) img = qrcode.make(totp.provisioning_uri("Unlab:{}".format(username))) page = webapp.templates.get_template('show_qrcode.html') returnValue(page.render(username=username, img=make_datauri(img))) except sqlite3.IntegrityError, e: messages = "User {} already exists".format(username) else: messages = "Failed to create user"
def create(cls, email, key, password): u = cls(email=email, key=key, password=password) if u.key is None: u.key = pyotp.random_base32() return u
def test_activate(): user_id = db_utils.create_user() tfa_secret = pyotp.random_base32() totp = pyotp.TOTP(tfa_secret) # Failed validation between tfa_secret/tfa_response assert not tfa.activate(user_id, tfa_secret, "000000") # Verify 2FA is not active assert not d.engine.scalar(""" SELECT twofa_secret FROM login WHERE userid = %(userid)s """, userid=user_id) # Validation successful, and tfa_secret written into user's `login` record tfa_response = totp.now() assert tfa.activate(user_id, tfa_secret, tfa_response) # The stored twofa_secret must not be plaintext stored_secret = d.engine.scalar(""" SELECT twofa_secret FROM login WHERE userid = %(userid)s """, userid=user_id) assert tfa_secret != stored_secret # The stored secret must be decryptable to the generated tfa_secret assert tfa_secret == tfa._decrypt_totp_secret(stored_secret)
def register(request): if request.method == 'POST': form = RegisterForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] password = form.cleaned_data['password'] seed = pyotp.TOTP(pyotp.random_base32()) # The parameter below is used as the label for the auth app interface. uri = seed.provisioning_uri(username) secret = urlparse.parse_qs(urlparse.urlparse(uri).query)['secret'][0] # This can fail if username is not unique. TODO: wrap in try newUser = User(username=username, password=password, tfaEnabled=True, tfaSecret=secret) newUser.save() request.session['username'] = username request.session['password'] = password request.session['tfaUri'] = uri return redirect(reverse('tfaSetup')) else: return render(request, 'tfa/register.html', {'form': RegisterForm()}) else: return render(request, 'tfa/register.html', {'form': RegisterForm()})
def register_device(request): if request.method == 'POST': secret_key = request.POST['secret_key'] otp = request.POST['otp'] totp = pyotp.TOTP(secret_key) if totp.verify(otp) is False: logout(request) return HttpResponseRedirect('/login') otpuser = OtpUser.objects.get(user__username=request.user.username) otpuser.secret_key = secret_key otpuser.save() logout(request) return HttpResponseRedirect('/login') secret_key = pyotp.random_base32() username = request.user.username key_uri = 'otpauth://totp/appname:'+username+'?secret='+secret_key+'&issuer=appname' qr = pyqrcode.create(key_uri) qr_name = secret_key+'.svg' qr_file = os.path.join(BASE_DIR, 'static')+'/'+qr_name qr.svg(qr_file) return render_to_response('register_device.html', {'qr_file':qr_name, 'secret_key': secret_key}, context_instance=RequestContext(request))
def generate_token(self, ip, duration): """ takes an ip to generate an AccessToken for and a duration that the remote device will be granted control of the ip once the token is used """ totp_dict = self._ip_to_totp_map.get(ip) if totp_dict is None: # Timeout changed to 60 seconds from the default 30 as it may take # more than 30 sec to get the code, go to other client and enter it totp = AtcdTOTP( interval=self.ACCESS_TOKEN_INTERVAL, s=pyotp.random_base32() ) self._ip_to_totp_map[ip] = { 'totp': totp, 'duration': duration } else: totp = totp_dict.get('totp') if duration != totp_dict.get('duration'): totp_dict['duration'] = duration self._ip_to_totp_map[ip] = totp_dict timestamp = datetime.datetime.now() return AccessToken( token=totp.at(timestamp), interval=self.ACCESS_TOKEN_INTERVAL, # valid_until returns time as a datetime.datetime object # this converts it to a float time valid_until=time.mktime(totp.valid_until(timestamp).timetuple()) )
def otp_validate(): print request.json if request.json.get('mobile') is None or request.json.get('otp') is None : abort(400) else: user_id = request.json.get('mobile') otp = request.json.get('otp') try: act_rec = Account.query.filter_by(user_id=user_id).first() if act_rec and act_rec.otp == otp: time_difference = datetime.strptime(ctime(), "%a %b %d %H:%M:%S %Y") - act_rec.last_updated_on if time_difference.seconds > 600: return make_response(jsonify({'result': 'otp expired'}), 502) access_token = pyotp.random_base32() act_rec.access_token = access_token act_rec.last_updated_on = ctime() session_commit() #map_products(user_id, request.json.get('products')) products = Product.query.all() res= {'products' : [product.as_dict() for product in products], 'access_token': access_token} return make_response(jsonify(res), 200) else: return make_response(jsonify({'result': 'invalid otp'}), 501) except Exception, e: logging.error(str(e)) abort(404)
def new_google_authentication(): new_token = pyotp.random_base32() g.settings.secret_key = new_token db.session.commit() totp = pyotp.TOTP(g.settings.secret_key) uri = totp.provisioning_uri("admin") return uri
def startup(): # db initializations db.create_all() settings = Settings(secret_key=pyotp.random_base32()) db.session.add(settings) db.session.commit()
def test_2fa_invalid_totp(self): mary = User.query.filter(User.uid == "urn:mary").first() mary.second_factor_auth = pyotp.random_base32() db.session.merge(mary) db.session.commit() self.login("urn:mary") self.post("/api/mfa/verify2fa", {"totp": "123456"}, with_basic_auth=False, response_status_code=400)
def addotp(user): unverifiedkey = "unverified_{}".format(user.username) otphash = r.get(unverifiedkey) if not otphash: otphash = pyotp.random_base32() r.set(unverifiedkey, otphash) totp = pyotp.TOTP(otphash) return totp.provisioning_uri(user.username, COOKIE_DOMAIN)
def init_2fa_totp(self): if self._data.get('mfa_enabled'): return None self._data['_2fa_totp'] = pyotp.random_base32() self._set_modified(True) self.save() totp = pyotp.TOTP(self._data['_2fa_totp']) return totp.provisioning_uri(self.email, 'EPManage')
def revoke(self): """ Revoke secret MFA for this user. This method generate a new secret_key for this user. """ self.secret_key = pyotp.random_base32() self.save()
def _add_ota_secret(self, user_id: str, secret: Optional[str] = None) -> str: """Create a ota_secret for user.""" import pyotp ota_secret: str = secret or pyotp.random_base32() self._users[user_id] = ota_secret # type: ignore return ota_secret
def reset_mfa(self, length=16): """ Sets the user's `mfa_secret` value to a random value and marks the user as not having setup two-factor authentication. :return: None """ self.mfa_secret = pyotp.random_base32(length) self.mfa_enabled = False
def _add_ota_secret(self, user_id: str, secret: str | None = None) -> str: """Create a ota_secret for user.""" import pyotp # pylint: disable=import-outside-toplevel ota_secret: str = secret or pyotp.random_base32() self._users[user_id] = ota_secret # type: ignore return ota_secret
def generate_otp(self): if self.otp_enabled: raise ValueError('otp already set') self.otp_seed = pyotp.random_base32() db.session.commit() return pyotp.totp.TOTP(self.otp_seed).provisioning_uri( self.username, issuer_name="SARNA")
def new_password(algo): "Generate a password." if algo == ALGO_TOTP: # Generate a proper/compatible password for most TOTP apps return pyotp.random_base32().encode() # Stick to printable characters. return ''.join(chr(random.randint(33, 126)) for _ in range(PASSWORD_LEN)).encode()
def generate_key(): global totp otp = pyotp.random_base32() totp = pyotp.TOTP(otp, interval=300) password = totp.now() if is_unique(otp): return password
def addotp(username): if username in unverifiedotp: otphash = unverifiedotp[username] else: otphash = pyotp.random_base32() unverifiedotp[username] = otphash totp = pyotp.TOTP(otphash) return totp.provisioning_uri(username, COOKIE_DOMAIN)
def generate(id): #128 bit is 8 HEX and 4 base32 with open("users.txt", "a") as f: f.write(str("\n" + id)) key = pyotp.random_base32(length=8) print("GENERATED KEY", key, "FOR USER", id) with open(id, "w") as f: f.write(key)
def generateOTP(): global totp secret = pyotp.random_base32() totp = pyotp.TOTP( secret, interval=300 ) #set interval(time of the otp expiration) according to your need in seconds. one_time = totp.now() return one_time
def get(self, request, *args, **kwargs): profile = self.profile if profile.is_contest_account: raise Http404() if not profile.totp_key: profile.totp_key = pyotp.random_base32(length=32) profile.save() return self.render_to_response(self.get_context_data())
def get(self, request): meth = "GET" auth_key = pyotp.random_base32() QR = f'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl= \ {pyotp.totp.TOTP(auth_key).provisioning_uri(self.request.user.username, issuer_name="CyberRage")}' context = {"meth": meth, "KEY": auth_key, "QR": QR} return render(request, "accounts/mfa.html", context)
def get(self, request, *args, **kwargs): profile = self.profile if not profile.totp_key: profile.totp_key = pyotp.random_base32(length=32) profile.save(update_fields=['totp_key']) if not profile.scratch_codes: profile.generate_scratch_codes() return self.render_to_response(self.get_context_data())
def create(self, country_code: str, phone_number: int): secret = self._create_secret(secret=pyotp.random_base32(length=32)) counter = self._create_counter() hotp = pyotp.HOTP(secret, digits=self._digits) self._send_sms(sms_code=hotp.at(counter), country_code=country_code, phone_number=phone_number)
def get(self): key = pyotp.random_base32() return ApiResponse({ "key": key, "url": pyotp.TOTP(key).provisioning_uri(request.host, Config.OTP_NAME) })
def create_key(self): """Enter the key generated into your 2fa authenticator app, to start generating keys""" key = pyotp.random_base32() with open("2fa.txt", "w+") as f: f.write(key) print("Key created!")
def run(): config = configparser.ConfigParser() config.read('/data/config.ini') if not config.has_option('totp', 'code'): eprint("No TOTP code found. Generating one.") if not config.has_section('totp'): config.add_section('totp') config['totp']['code'] = pyotp.random_base32() write_config(config) if not config.has_section('reverse_proxy'): config.add_section('reverse_proxy') config['reverse_proxy']['domain_name'] = "" config['reverse_proxy']['backend'] = "" config['reverse_proxy']['allowed_ips'] = "127.0.0.1" write_config(config) eprint("Configuration missing! Please edit /data/config.ini.") exit(2) if len(sys.argv) > 1 and sys.argv[1] == "provisioning-uri": totp = pyotp.TOTP(config['totp']['code']) print(totp.provisioning_uri("Main", issuer_name="TOTP ACL")) exit(0) elif len(sys.argv) > 1 and sys.argv[1] == "config-setup": create_config(config['reverse_proxy'], restart=False) exit(0) elif len(sys.argv) > 1 and sys.argv[1] == "get-code": totp = pyotp.TOTP(config['totp']['code']) print("TOTP code:", totp.now()) exit(0) elif len(sys.argv) > 1: print("Supported commands:") print("provisioning-uri, config-setup, get-code") exit(1) if os.environ['REQUEST_METHOD'] == 'POST': print("Content-Type: text/html\n") post_data = sys.stdin.read() totp = pyotp.TOTP(config['totp']['code']) if check_code(totp, post_data): # Break string up in IPs and add current IP. new_ips = config['reverse_proxy']['allowed_ips'].split(',') ip = os.environ['REMOTE_ADDR'] new_ips.append(ip) config['reverse_proxy']['allowed_ips'] = ','.join(new_ips) write_config(config) print("""<!DOCTYTPE html> <html><head><!--<meta HTTP-EQUIV="refresh" CONTENT="10;url=/">--!></head> <body>Your IP {} has been allowed. <script>setTimeout(function(){{window.open("/","_self");}}, 5000);</script> </body></html>""".format(ip)) eprint("IP address added as allowed:", ip) create_config(config['reverse_proxy']) else: show_login() elif os.environ['REQUEST_METHOD'] == 'GET': print("Content-Type: text/html\n") show_login() else: eprint("Invalid request method") exit(1)
def confirm(action=None): if flask.ext.security.current_user.has_role('admin'): return flask.redirect(flask.url_for('admin.index')) if not flask.ext.security.current_user.is_anonymous(): return flask.redirect(flask.url_for('manage.actions')) if not (flask.session.get('email') or flask.session.get('phone')): return flask.redirect(flask.url_for('.step_one')) if not flask.session.get('actions'): return flask.redirect(flask.url_for('.step_two')) phone = utils.format_phone(flask.session) if action == 'submit': user = None query = models.User.query email = flask.session.get('email', '') if phone: user = query.filter_by(phone=phone) user = user.first() if email and not user: user = query.filter_by(email=email).first() if not user: user = models.User() user.phone = phone user.email = email for action_id in flask.session['actions']: action = models.Action.query.get(action_id) user.actions.append(action) name = flask.session.get('method_name') if name: method = models.Method.query.filter_by(name=name).first() user.method = method utils.add_schedule(user, flask.session) user.secret = pyotp.random_base32() models.db.session.add(user) models.db.session.commit() redirect = 'index' if user.email and user.email_confirmed_at is None: confirmable = flask.ext.security.confirmable token = confirmable.generate_confirmation_token(user) link = flask.url_for('.confirm_signup', token=token, _external=True) msg = flask.ext.security.utils.get_message('CONFIRM_REGISTRATION', email=user.email) flask.flash(*msg) subject = 'Thank You for Signing Up for Love Touches!' flask.ext.security.utils.send_mail(subject, user.email, 'signup', user=user, confirmation_link=link) redirect = 'index' if user.phone and user.phone_confirmed_at is None: utils.send_code(user) flask.session['_user_id'] = user.id redirect = 'confirm_mobile' for key in (x for x in flask.session.keys() if not x.startswith('_')): del flask.session[key] return flask.redirect(flask.url_for(redirect)) actions = [models.Action.query.get(x) for x in flask.session['actions']] return flask.render_template('confirm.html', actions=actions, phone=phone, days_label=_days_label())
def confirm(action=None): if flask_security.current_user.has_role("admin"): return flask.redirect(flask.url_for("admin.index")) if not flask_security.current_user.is_anonymous: return flask.redirect(flask.url_for("manage.actions")) if not (flask.session.get("email") or flask.session.get("phone")): return flask.redirect(flask.url_for(".step_one")) if not flask.session.get("actions"): return flask.redirect(flask.url_for(".step_two")) phone = utils.format_phone(flask.session) if action == "submit": user = None query = models.User.query email = flask.session.get("email", "") if phone: user = query.filter_by(phone=phone) user = user.first() if email and not user: user = query.filter_by(email=email).first() if not user: user = models.User() user.phone = phone user.email = email for action_id in flask.session["actions"]: action = models.Action.query.get(action_id) user.actions.append(action) name = flask.session.get("method_name") if name: method = models.Method.query.filter_by(name=name).first() user.method = method utils.add_schedule(user, flask.session) user.secret = pyotp.random_base32() models.db.session.add(user) models.db.session.commit() redirect = "index" if user.email and user.email_confirmed_at is None: token = flask_security.confirmable.generate_confirmation_token(user) link = flask.url_for(".confirm_signup", token=token, _external=True) msg = flask_security.utils.get_message( "CONFIRM_REGISTRATION", email=user.email ) flask.flash(*msg) subject = "Thank You for Signing Up for Love Touches!" flask_security.utils.send_mail( subject, user.email, "signup", user=user, confirmation_link=link ) redirect = "index" if user.phone and user.phone_confirmed_at is None: utils.send_code(user) flask.session["_user_id"] = user.id redirect = "confirm_mobile" for key in (x for x in list(flask.session.keys()) if not x.startswith("_")): del flask.session[key] return flask.redirect(flask.url_for(redirect)) actions = [models.Action.query.get(x) for x in flask.session["actions"]] return flask.render_template( "confirm.html", actions=actions, phone=phone, days_label=_days_label() )
def get_initial(self): initial = super().get_initial() initial['secret'] = pyotp.random_base32(length=32) initial['link'] = pyotp.TOTP(initial['secret']).provisioning_uri( self.request.user.email, settings.MFA_APPLICATION_NAME, ) return initial
def get(self, request): base_32 = pyotp.random_base32() otp_path = pyotp.totp.TOTP(base_32).provisioning_uri( request.user.email, issuer_name="El bot es mio") return Response({ 'qr_code': otp_path, 'base_32': base_32 }, status=status.HTTP_200_OK)
def create_secret(): """ Creates new random secret. :returns: Random secret :rtype: str """ return pyotp.random_base32(length=api_settings.SECRET_KEY_LENGTH)
def __init__(self, username, password=None, name=None, totp_key=None, groups=()): if name is None: name = username if password is None: password = passgen.passgen() if totp_key is None: totp_key = pyotp.random_base32() super(User, self).__init__(username=username, password=password, name=name, totp_key=totp_key, groups=groups)
def generate_secret(): """ Generate random OTP secret :rtype: str :returns: 16-character string """ return pyotp.random_base32()
def _add_ota_secret(self, user_id: str, secret: Optional[str] = None) -> str: """Create a ota_secret for user.""" import pyotp ota_secret = secret or pyotp.random_base32() # type: str self._users[user_id] = ota_secret # type: ignore return ota_secret
def create_secret(): """ Creates new random secret. :returns: Random secret :rtype: str """ return pyotp.random_base32(length=20)
def _generate_secret_and_qr_code(username: str) -> Tuple[str, str, str]: """Generate a secret, url, and QR code.""" import pyotp ota_secret = pyotp.random_base32() url = pyotp.totp.TOTP(ota_secret).provisioning_uri( username, issuer_name="Home Assistant") image = _generate_qr_code(url) return ota_secret, url, image
def gerarBase32(): print('[AUTHENTICATOR]Gerando base32 aléatoria...') try: base32 = pyotp.random_base32() print('[AUTHENTICATOR]Base32 gerada com sucesso!') return base32 except Exception as e: print('[AUTHENTICATOR]Não foi possivel gerar a base32...') print('[AUTHENTICATOR]:',e)
def generate(id): psecret = pyotp.random_base32() file_path = open('totpauth/' + str(id) + '.txt', 'a') file_path.write(psecret) #os.system('echo ' + psecret + '>totpauth/' + str(id) + '.txt') print('Scan the QR or input this code manually: ' + psecret) qrcode_terminal.draw( pyotp.totp.TOTP(psecret).provisioning_uri(str(id) + "@example", issuer_name="Lock"))
def generate(user): BackupCode.objects.filter(user=user).delete() codes = [ BackupCode(user=user, code=pyotp.random_base32(8)) for i in range(10) ] BackupCode.objects.bulk_create(codes) return BackupCode.objects.filter(user=user).values_list('code', flat=True)
def _generate_secret_and_qr_code(username: str) -> tuple[str, str, str]: """Generate a secret, url, and QR code.""" import pyotp # pylint: disable=import-outside-toplevel ota_secret = pyotp.random_base32() url = pyotp.totp.TOTP(ota_secret).provisioning_uri( username, issuer_name="AI-Speaker") image = _generate_qr_code(url) return ota_secret, url, image
def __enable_otp(self, user): if user.uuid not in self.__settings: self.__settings[user.uuid] = {} user_settings = self.__settings[user.uuid] secret = random_base32() totp = TOTP(secret) user_settings['otp_secret'] = secret self.__save_settings() return totp.provisioning_uri("%s@%s.gosa" % (user.uid, self.env.domain))
def main(): parser = argparse.ArgumentParser(description='King Phisher TOTP Enrollment Utility', conflict_handler='resolve') utilities.argp_add_args(parser) config_group = parser.add_mutually_exclusive_group(required=True) config_group.add_argument('-c', '--config', dest='server_config', type=argparse.FileType('r'), help='the server configuration file') config_group.add_argument('-u', '--url', dest='database_url', help='the database connection url') parser.add_argument('--otp', dest='otp_secret', help='a specific otp secret') parser.add_argument('user', help='the user to mange') parser.add_argument('action', choices=('remove', 'set', 'show'), help='the action to preform') parser.epilog = PARSER_EPILOG arguments = parser.parse_args() utilities.configure_stream_logger(arguments.loglvl, arguments.logger) if arguments.database_url: database_connection_url = arguments.database_url elif arguments.server_config: server_config = yaml.load(arguments.server_config) database_connection_url = server_config['server']['database'] else: raise RuntimeError('no database connection was specified') manager.init_database(database_connection_url) session = manager.Session() user = session.query(models.User).filter_by(id=arguments.user).first() if not user: color.print_error("invalid user id: {0}".format(arguments.user)) return for case in utilities.switch(arguments.action): if case('remove'): user.otp_secret = None break if case('set'): if user.otp_secret: color.print_error("the specified user already has an otp secret set") return if arguments.otp_secret: new_otp = arguments.otp_secret else: new_otp = pyotp.random_base32() if len(new_otp) != 16: color.print_error("invalid otp secret length, must be 16") return user.otp_secret = new_otp break if user.otp_secret: color.print_status("user: {0} otp: {1}".format(user.id, user.otp_secret)) totp = pyotp.TOTP(user.otp_secret) uri = totp.provisioning_uri(user.id + '@king-phisher') + '&issuer=King%20Phisher' color.print_status("provisioning uri: {0}".format(uri)) else: color.print_status("user: {0} otp: N/A".format(user.id)) session.commit()
def create(plugin, user_metadata): """Creates a new user given the user_metadata dictionary, assigns a new random secret""" user = User.get(plugin, user_metadata) if not user: token = pyotp.random_base32() permissions = set() if user_metadata['nick'] in getattr(settings, 'ADMIN_USERS', '').split(','): permissions = set(['administer_twofactor', 'grant_permissions', 'revoke_permissions', 'view_permissions']) return User(plugin, user_metadata, token, permissions) else: return None
def otp_secret(self, msg, args): """Send a new secret to somebody""" new_secret = pyotp.random_base32() with self.lock: with self.stored('secrets') as secrets: secrets[args] = (new_secret, 0, BEGINNING_OF_TIMES) totp = pyotp.TOTP(new_secret) url = totp.provisioning_uri(args) self.send(self.build_identifier(args), makeQRCodeMessage(url, self._bot.mode), None, 'chat') return "New secret set for %s and message sent." % args
def signup(self, request): username = request.username result = USER.query(USER.username==username).fetch(1) if len(result) > 0 : return SignUpResponse(success=False,message='username ' + username + ' already exists') else : ssecret = pyotp.random_base32() hotp = pyotp.HOTP(ssecret) url = 'https://chart.googleapis.com/chart?chs=200x200&chld=M%7C0&cht=qr&chl=' + urllib.quote(hotp.provisioning_uri(username), safe='') USER(username=username,secret=ssecret,lastcounter=-1).put() return SignUpResponse(success=True, message=url)
def gen_authenticator(self): """ Generates and stores new secret for authenticator. """ timestamp = timezone.now() self.strong_authenticator_secret = pyotp.random_base32() current_authenticator_id = self.strong_authenticator_num self.strong_authenticator_id = settings.AUTHENTICATOR_NAME % (self.username, current_authenticator_id) self.strong_authenticator_num += 1 self.strong_authenticator_generated_at = timestamp self.save() AuthenticatorCode.objects.create(user=self, generated_at=timestamp, authenticator_secret=self.strong_authenticator_secret, authenticator_id=self.strong_authenticator_id) return self.strong_authenticator_secret
def test_is_2fa_enabled(): user_id = db_utils.create_user() tfa_secret = pyotp.random_base32() tfa_secret_encrypted = tfa._encrypt_totp_secret(tfa_secret) # 2FA is not enabled assert not tfa.is_2fa_enabled(user_id) # 2FA is enabled _insert_2fa_secret(user_id, tfa_secret_encrypted) assert tfa.is_2fa_enabled(user_id)
def generate(self, **kwargs): """ Generate Secret Key. Parameters: **kwargs: Optional. Any keyword arguments to be passed to `pyotp.random_base32`. Return Value: 16 chars random string that is able to be a secret key. """ return random_base32(**kwargs)
def create_confirmed_user(): main.models.db.create_all() print "creating [email protected]" password = flask.ext.security.utils.encrypt_password(getpass.getpass()) main.user_datastore.create_user( email="*****@*****.**", password=password, active=True, confirmed_at=datetime.datetime.utcnow(), secret=pyotp.random_base32(), method_id=1, ) main.models.db.session.commit()
def mfa_qr_code(): user = g.user if not user.mfa_secret: user.mfa_secret = pyotp.random_base32() user.save(commit=True) totp = pyotp.TOTP(user.mfa_secret) uri = totp.provisioning_uri(user.get_username(), 'Standard Survival') image = qrcode.make(uri) stream = StringIO.StringIO() image.save(stream) image = stream.getvalue() return Response(image, mimetype='image/png')
def test_force_deactivate(): user_id = db_utils.create_user() tfa_secret = pyotp.random_base32() tfa_secret_encrypted = tfa._encrypt_totp_secret(tfa_secret) _insert_2fa_secret(user_id, tfa_secret_encrypted) _insert_recovery_code(user_id) # Verify that force_deactivate() functions as expected. assert tfa.is_2fa_enabled(user_id) assert tfa.get_number_of_recovery_codes(user_id) == 1 tfa.force_deactivate(user_id) assert not tfa.is_2fa_enabled(user_id) assert tfa.get_number_of_recovery_codes(user_id) == 0
def setUp(self): """Setup.""" self.secret = random_base32() class TestForm(Form): """Test Form.""" totp = StringField(validators=[ OTPCheck( self.secret, method="TOTP", interval=30, call_args={"valid_window": 0} ) ]) self.key = TOTP(self.secret).now() self.form = TestForm(data={"totp": self.key})
def setUp(self): """Setup.""" self.secret = random_base32() class TestForm(Form): """Test Form.""" # Note that `window` parameter is just for testing. hotp = StringField(validators=[ OTPCheck( self.secret, method="HOTP", window=3, call_args={"counter": 0} ) ]) self.key = HOTP(self.secret).at(0) self.form = TestForm(data={"hotp": self.key})
def create_two_factor_key(self, user_id, two_factor_auth): """Enables two factor auth for a certain user.""" user = self.identity_api.get_user(user_id) # check if user exists # create dictionary if requesting a new key if not two_factor_auth and self.driver.is_two_factor_enabled(user_id): two_factor_auth = {} two_factor_auth['key'] = pyotp.random_base32() key_object = self.driver.create_two_factor_key(user_id, two_factor_auth) totp = pyotp.TOTP(two_factor_auth['key']) # TODO(@federicofdez) Save issuer_name in settings key_object['uri'] = totp.provisioning_uri(user['name'], issuer_name=ISSUER_NAME) return key_object