Generate and handle OTP or 2 step verifications easily and securely without using any DATABASES.
Project description
py_cryptotp
py_cryptotp is a package that let's you generate and handle OTP or 2 step verifications easily and securely without using any DATABASES.
It's a very common practice to use databases while handling otp verifications; primarily to storing and later retrieving it to match with user input. But this shouldn't be the way of handling it. Otp is just a temporary data which doesn't belong to the database. Not to mention database operations are comparatively slow and costly.
py_cryptotp eliminates this problem by using cryptography underneath. This package simply uses the built-in python hashlib and hmac module and doesn't rely on any other dependencies.
Installation and Usage
$ pip install py-cryptotp
Once the installation is done import py_cryptotp and create a new object:
from py_cryptotp import Cryptotp
otp_handler = Cryptotp(key='YourSecretKeyHere') # keep this secret key secure
Then use the generate method to generate a new otp. Here otp_length is the length of the otp and otp_duration is the expiration time of the otp in minutes
raw_otp, hashed_otp = otp_handler.generate(otp_length=6, otp_duration=2)
# raw_otp - 123456
# hashed_otp - a45256bbeb6d90aad762ce9552e458064aa85054a.1611669734
It will return the raw_otp and hashed_otp. Send the raw_otp to user via SMS, Email or anyway you choose and send the hashed_otp to the client. If your client is React or Vue you can just store it in a state variable. Or you can also use Local Storage, Session Storage etc to store it. As it's completely hashed and irreversible it doesn't matter where you're storing it.
Then when the user gets the otp and enters it to client send back the hashed_otp with the user given otp and use the validate method:
if otp_handler.validate(user_give_otp, hashed_otp):
# do further operations accordingly
The validate method gives back a boolean value. If the user given otp is correct and expiration time is in future it returns True otherwise False
Here's a sample django rest framework application that demonstrate the whole package properly.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file py_cryptotp-0.0.2.tar.gz.
File metadata
- Download URL: py_cryptotp-0.0.2.tar.gz
- Upload date:
- Size: 6.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1c4ccfa582e7607f68c2fcd15c00934e51b3ffafc3b82d61849b45b55e1fa9b3 |
|
| MD5 | d35367454d15c89e381438275eb72573 |
|
| BLAKE2b-256 | 0dbe20075a8802e77eaae389393d335be1d41dd3d933f1060376e6039b6e3769 |
File details
Details for the file py_cryptotp-0.0.2-py2.py3-none-any.whl.
File metadata
- Download URL: py_cryptotp-0.0.2-py2.py3-none-any.whl
- Upload date:
- Size: 5.2 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bb983b4ae829edc3a1ce81090a8ba63075ceb95229af8f4e63055de3e0b1171f |
|
| MD5 | a2be7fdb9b6359a3a6b102cc672f1535 |
|
| BLAKE2b-256 | 303488d233bb906d07b7fc2a1b1537dfb452583328345b04a449e4531dbcf2f4 |
