Skip to content

Instantly share code, notes, and snippets.

@tanmaykm tanmaykm/sample.py
Created Nov 16, 2012

Embed
What would you like to do?
Using Mashape "One Time Password" API
# Sample to be used along with:
# Mashape otpgen API at https://www.mashape.com/tanmaykm/otpgen
# Related blog post at http://sidekick.windforwings.com/2012/11/a-one-time-password-service.html
import time, hashlib
from Otpgen import Otpgen
MY_MASHAPE_PUB_KEY = '__REPLACE_WITH_YOUR_MASHAPE_PUBLIC_KEY__'
MY_MASHAPE_PRIV_KEY = '__REPLACE_WITH_YOUR_MASHAPE_PRIVATE_KEY__'
MY_OTPGEN_SECRET = "secret1"
def sign_request(req_params, secret):
keys = req_params.keys()
keys.sort()
kvarr = []
for key in keys:
kvarr.append(key)
kvarr.append(str(req_params.get(key)))
kvarr.append(secret)
sha = hashlib.sha1()
sha.update(",".join(kvarr))
return sha.hexdigest()
def unwrap(mashape_resp):
"""
retrieve the JSON response from the wrapper
"""
return (vars(mashape_resp)).get('body')
def configure_first_time(secret):
"""
Configures the account secret for the first time, using the Mashape public key.
"""
req_params = { 'secret': secret }
sig = sign_request(req_params, MY_MASHAPE_PUB_KEY)
req_params['sig'] = sig
response = client.configure(**req_params)
# retrieve the JSON response from the wrapper
response = unwrap(response)
return response
def configure_secret(secret, old_secret):
"""
Method to set the secret subsequent to initial setup.
"""
req_params = { 'secret': secret }
sig = sign_request(req_params, old_secret)
req_params['sig'] = sig
response = client.configure(**req_params)
response = unwrap(response)
if(response.get('resp_code', -1) == 0):
MY_OTPGEN_SECRET = secret
return response
def issue_otp(user, tagdata):
"""
Issue an OTP for the user. We will fix our validity at 300 seconds.
"""
req_params = { 'user': user, 'validity': 300, 'tagdata': tagdata }
sig = sign_request(req_params, MY_OTPGEN_SECRET)
req_params['sig'] = sig
response = client.gen(**req_params)
response = unwrap(response)
print("resp: " + str(response))
if(response.get('resp_code', -1) == 0):
return response.get('otp')
return None
def validate_otp(user, otp):
"""
Validate the OTP and return tagdata.
"""
req_params = { 'user': user, 'otp': otp }
sig = sign_request(req_params, MY_OTPGEN_SECRET)
req_params['sig'] = sig
response = client.verify(**req_params)
response = unwrap(response)
if(response.get('resp_code', -1) == 0):
return response.get('tagdata')
return None
# authenticate and create the client object
client = Otpgen(MY_MASHAPE_PUB_KEY, MY_MASHAPE_PRIV_KEY)
# setup the secret first time. this should work only the first time and fail on subsequent requests
print ("setting up the first time secret...")
result = configure_first_time(MY_OTPGEN_SECRET)
print("response: " + str(result))
print ("setting up the secret once more...")
result = configure_secret(MY_OTPGEN_SECRET, MY_OTPGEN_SECRET)
print("response: " + str(result))
# use time as tagdata to see it changing everytime.
tagdata = str(time.time())
print ("issuing an otp for user1 with tagdata " + tagdata)
otp = issue_otp('user1', tagdata)
print("otp: " + otp)
print ("validating otp for user1 with otp " + otp)
tagdata_received = validate_otp('user1', otp)
print("got back tag data:" + tagdata_received)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.