Created
November 16, 2012 20:40
-
-
Save tanmaykm/4090713 to your computer and use it in GitHub Desktop.
Using Mashape "One Time Password" API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Sample to be used along with: | |
# Mashape otpgen API at https://www.mashape.com/tanmaykm/otpgen | |
# Related blog post at http://sidekick.windforwings.com/2012/11/a-one-time-password-service.html | |
import time, hashlib | |
from Otpgen import Otpgen | |
MY_MASHAPE_PUB_KEY = '__REPLACE_WITH_YOUR_MASHAPE_PUBLIC_KEY__' | |
MY_MASHAPE_PRIV_KEY = '__REPLACE_WITH_YOUR_MASHAPE_PRIVATE_KEY__' | |
MY_OTPGEN_SECRET = "secret1" | |
def sign_request(req_params, secret): | |
keys = req_params.keys() | |
keys.sort() | |
kvarr = [] | |
for key in keys: | |
kvarr.append(key) | |
kvarr.append(str(req_params.get(key))) | |
kvarr.append(secret) | |
sha = hashlib.sha1() | |
sha.update(",".join(kvarr)) | |
return sha.hexdigest() | |
def unwrap(mashape_resp): | |
""" | |
retrieve the JSON response from the wrapper | |
""" | |
return (vars(mashape_resp)).get('body') | |
def configure_first_time(secret): | |
""" | |
Configures the account secret for the first time, using the Mashape public key. | |
""" | |
req_params = { 'secret': secret } | |
sig = sign_request(req_params, MY_MASHAPE_PUB_KEY) | |
req_params['sig'] = sig | |
response = client.configure(**req_params) | |
# retrieve the JSON response from the wrapper | |
response = unwrap(response) | |
return response | |
def configure_secret(secret, old_secret): | |
""" | |
Method to set the secret subsequent to initial setup. | |
""" | |
req_params = { 'secret': secret } | |
sig = sign_request(req_params, old_secret) | |
req_params['sig'] = sig | |
response = client.configure(**req_params) | |
response = unwrap(response) | |
if(response.get('resp_code', -1) == 0): | |
MY_OTPGEN_SECRET = secret | |
return response | |
def issue_otp(user, tagdata): | |
""" | |
Issue an OTP for the user. We will fix our validity at 300 seconds. | |
""" | |
req_params = { 'user': user, 'validity': 300, 'tagdata': tagdata } | |
sig = sign_request(req_params, MY_OTPGEN_SECRET) | |
req_params['sig'] = sig | |
response = client.gen(**req_params) | |
response = unwrap(response) | |
print("resp: " + str(response)) | |
if(response.get('resp_code', -1) == 0): | |
return response.get('otp') | |
return None | |
def validate_otp(user, otp): | |
""" | |
Validate the OTP and return tagdata. | |
""" | |
req_params = { 'user': user, 'otp': otp } | |
sig = sign_request(req_params, MY_OTPGEN_SECRET) | |
req_params['sig'] = sig | |
response = client.verify(**req_params) | |
response = unwrap(response) | |
if(response.get('resp_code', -1) == 0): | |
return response.get('tagdata') | |
return None | |
# authenticate and create the client object | |
client = Otpgen(MY_MASHAPE_PUB_KEY, MY_MASHAPE_PRIV_KEY) | |
# setup the secret first time. this should work only the first time and fail on subsequent requests | |
print ("setting up the first time secret...") | |
result = configure_first_time(MY_OTPGEN_SECRET) | |
print("response: " + str(result)) | |
print ("setting up the secret once more...") | |
result = configure_secret(MY_OTPGEN_SECRET, MY_OTPGEN_SECRET) | |
print("response: " + str(result)) | |
# use time as tagdata to see it changing everytime. | |
tagdata = str(time.time()) | |
print ("issuing an otp for user1 with tagdata " + tagdata) | |
otp = issue_otp('user1', tagdata) | |
print("otp: " + otp) | |
print ("validating otp for user1 with otp " + otp) | |
tagdata_received = validate_otp('user1', otp) | |
print("got back tag data:" + tagdata_received) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment