1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
Metadata-Version: 1.1
Name: onetimepass
Version: 1.0.1
Summary: Module for generating and validating HOTP and TOTP tokens
Home-page: https://github.com/tadeck/onetimepass/
Author: Tomasz Jaskowski
Author-email: tadeck@gmail.com
License: MIT
Download-URL: https://github.com/tadeck/onetimepass/archive/v1.0.0.tar.gz
Description: Versions
========
Current development release: `onetimepass-master.tar.gz`_ |otp-status-dev|_
.. |otp-status-dev| image::
https://api.travis-ci.org/tadeck/onetimepass.png?branch=master
.. _otp-status-dev: https://travis-ci.org/tadeck/onetimepass
.. _onetimepass-master.tar.gz:
https://github.com/tadeck/onetimepass/archive/master.tar.gz
Changelog
---------
+---------+------------+------------------------------------------------------+
| Version | Date | Changes |
+=========+============+======================================================+
| 1.0.1 | 2015-07-31 | - fixed tests and build system, |
| | | - extended test coverage with Py3.5, PyPy and PyPy3, |
+---------+------------+------------------------------------------------------+
| 1.0.0 | 2015-07-31 | - skipping spaces if they are given in secret, |
| | | - test suite made more reliable, |
+---------+------------+------------------------------------------------------+
| 0.3.0 | 2014-08-16 | - configurable digest method, |
| | | - configurable token length, |
| | | - configurable TOTP interval length, |
+---------+------------+------------------------------------------------------+
| 0.2.2 | 2013-07-12 | - license clarification, |
| | | - removal of compiled documentation from the sources,|
+---------+------------+------------------------------------------------------+
| 0.2.1 | 2013-07-12 | - support for unicode secrets, |
| | | - preliminary support for Travis CI, |
+---------+------------+------------------------------------------------------+
| 0.2.0 | 2013-04-11 | - added compatibility with Python 3.x, |
| | | - removed compatibility with Python 2.5 and earlier, |
+---------+------------+------------------------------------------------------+
| 0.1.2 | 2013-01-23 | - added automated case fold to secret, |
+---------+------------+------------------------------------------------------+
| 0.1.1 | 2013-12-20 | - internal code improvements, |
| | | - documentation, |
+---------+------------+------------------------------------------------------+
| 0.1.0 | 2011-12-19 | (initial public release) |
+---------+------------+------------------------------------------------------+
What is OneTimePass
===================
OneTimePass (actually ``onetimepass``) is a module for generating one-time
passwords, namely HOTPs (HMAC-based one-time passwords) and TOTPs (time-based
one-time passwords). They are used eg. within Google Authenticator application
for Android or iPhone.
How to install
==============
To install the library, you can either use ``pip``, or just download it
separately. Installing in ``pip`` is the simplest. Assuming you are installing
it system-wide::
$ sudo pip install onetimepass
(if you are installing it in virtualenv, you do not need "``sudo``" part).
Alternatively, you can follow the download link above and unpack in some
directory on your ``sys.path``, or clone it as Git submodule to your own
directory.
How to use OneTimePass
======================
You can use this module in the following way:
1. Install module (download it into your application's directory or into modules
directory)
2. To get time-based token you invoke it like that::
import onetimepass as otp
my_secret = 'MFRGGZDFMZTWQ2LK'
my_token = otp.get_totp(my_secret)
.. note::
``my_secret`` is case-insensitive, also spaces are ignored. This means you
can provide your users with more readable representations of the secrets
(eg. ``mfrg gzdf mztw q2lk`` instead of ``MFRGGZDFMZTWQ2LK``) and pass them
unchanged to library. Same applies to other functions accepting secrets in
this library.
3. To get HMAC-based token you invoke it like that::
import onetimepass as otp
my_secret = 'MFRGGZDFMZTWQ2LK'
my_token = otp.get_hotp(my_secret, intervals_no=3)
where ``intervals_no`` is the number of the current trial (if checking on
the server, you have to check several values, higher than the last
successful one, determined for previous successful authentications).
4. To check time-based token you invoke it like that::
import onetimepass as otp
my_secret = 'MFRGGZDFMZTWQ2LK'
my_token = 123456 # should be probably from some user's input
is_valid = otp.valid_totp(token=my_token, secret=my_secret)
5. To check HMAC-based token you invoke it like that::
import onetimepass as otp
my_secret = 'MFRGGZDFMZTWQ2LK'
my_token = 123456 # should be probably from some user's input
last_used = 5 # store last valid interval somewhere else
is_valid = otp.valid_hotp(token=my_token, secret=my_secret, last=last_used)
where:
- ``last`` argument (in this case being assigned ``last_used``) is the
number of the last successfully checked interval number (as
``valid_totp()`` will skip it and start checking from the next interval
number)
- ``is_valid`` is being assigned value of ``False`` if ``my_token`` has not
been identified as valid OTP for given secret (``my_secret``) and checked
interval range. If it has been successful, ``is_valid`` is assigned a
number of the working interval number (it should be saved into the
database and supplied to the function as ``last`` argument next time the
password is being checked, so you cannot use the same token again).
License
=======
License for this library is available in ``LICENSE.rst`` file, in the same
directory. Online version is available here_.
.. _here: https://github.com/tadeck/onetimepass/blob/master/README.rst
Platform: UNKNOWN
Classifier: Development Status :: 6 - Mature
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Education
Classifier: Intended Audience :: Financial and Insurance Industry
Classifier: Intended Audience :: Healthcare Industry
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: Legal Industry
Classifier: Intended Audience :: Science/Research
Classifier: Intended Audience :: System Administrators
Classifier: Intended Audience :: Telecommunications Industry
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3.2
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Topic :: Internet :: WWW/HTTP :: Session
Classifier: Topic :: Internet :: WWW/HTTP :: Site Management
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Classifier: Topic :: Software Development :: Libraries :: Python Modules
|
