One-Time Password for WTForms
Project description
One-Time Password Field for WT-Forms
What This?
This module has Google's 2 factor authentication fields for WT-Forms.
Features
- Single-Page Application driven secret key generation.
- QRCode Generation
- Secret field and authentication validator that is based on [WTForms]
How to use
If you want QR Code:
First, write the form to generate secret key and authenticate it:
form.py
#!/usr/bin/env python
# coding=utf-8
from flask_wtf import Form
import wtforms.fields as fld
import wtforms.fields.html5 as fld5
import wtforms.validators as vld
from wtf_otp import OTPSecretKeyField, OTPCheck
class UserInfoForm(Form):
name = fld.StringField()
email = fld5.EmailField(validators=[
vld.InputRequired(), vld.Email()
])
password = fld.PasswordField()
new_password = fld.PasswordField()
confirm_password = fld.PasswordField(validators=[
vld.EqualTo("new_password")
])
secret = OTPSecretKeyField(
qrcode_url="/qrcode", validators=[vld.InputRequired()]
)
class LoginForm(Form):
email = fld5.EmailField(validators=[
vld.InputRequired(), vld.Email()
])
passwrd = fld.PasswordField(validators=[
vld.InputRequired()
])
auth = fld.IntegerField(validators=[
validators=[vld.InputRequired(), OTPCheck()]
])
Next, write the app as usual. However, you want to add a new route of which
path is "/qrcode" that generates the qrcode. Fortuantely, the sufficient
function is provided. An instance of OTPSecretKeyField
provides qrcode
function:
from .form import UserInfoForm
# /qrcode is assigned to generate_qrcode.
def generate_qrcode(req, res):
form = UserInfoForm()
secret = req.args.get("secret")
if not secret:
abort(404)
res.make_response(form.secret.qrcode(
secret, name="Test Example", issuer_name="Test Corp"
))
resp.mimetype = "image/svg+xml"
Note that you can't get the instance by UserInfoForm.secret
, because
UserInfoForm.secret
returns an instance of UnboundField
.
If you don't want QRCode
If you don't want QRCode, just remove qrcode_url
from the corresponding
classes and remove QRCode generation class.
More detail
If you want more detail, please refer source code and example code.
License (MIT License)
The MIT License (MIT) Copyright (c) 2016- Hiroaki Yamamoto
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file wtf_otp-0.7.12.tar.gz
.
File metadata
- Download URL: wtf_otp-0.7.12.tar.gz
- Upload date:
- Size: 8.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.6.1 CPython/3.12.0 Linux/6.2.0-1015-azure
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2221d23a9574859adff8d363cb7eab5c61c8eedff03f619442dbaac03cd52f15 |
|
MD5 | 4c8311c189461638192775d1f8bdc7b3 |
|
BLAKE2b-256 | 3748867a8c0eb0dc2dd06885979319cf2ec13209879a214f113dcd934e398857 |