GithubHelp home page GithubHelp logo

mesopelagique / otp Goto Github PK

View Code? Open in Web Editor NEW
10.0 6.0 3.0 80 KB

Generate OTP, HOTP, TOTP code using 4D

Home Page: https://mesopelagique.github.io/OTP/

License: MIT License

Roff 8.03% 4D 91.97%
4d-component otp totp hotp

otp's Introduction

OTP

language language-top code-size release license discord sponsors

Generate one-time passwords(OTP)

This is compatible with apps available for Android and iPhone.

For that provide the secret key or an url in QR code for instance

HOTP RFC 4226

Create an HOTP instance with our secret key encoded to base32(without pading ie. =)

$otp:=OTP.HOTP.new("JDDK4U6G3BJLEZ7Y") // base32 encoded key

Maintain a counter for a user, to change its value at each try.

Verify HOTP

You can verify the code according to a counter

$isAuth:=$otp.verify(654666; 1500)

Get a code

You can get the code passing the current counter, to display it or send it by email or sms

$code:=$otp.at(1500)

Get URL for auth app

$url:=$otp.provisioningUri("my app";$currentCounter)

TOTP RFC 6238

Create an TOTP instance with our secret key encoded to base32(without pading ie. =)

$otp:=OTP.TOTP.new("JDDK4U6G3BJLEZ7Y")

TOTP allow to not manage a counter by using the current time stamp instead

Verify TOTP

You can verify the code with current timestamp

$isAuth:=$otp.verify(139664)

or a specific timestamp to test

$isAuth:=$otp.verify(139664;1301012137)

Get

You can get the current code, to display it or send it by email or sms

$code:=$otp.now()

You can also get it for a specific time stamp

$code:=$o.at(1301012137)

Get URL for auth app

$url:=$otp.provisioningUri("my app")

Base32

To encode to base 32 without padding (ie. =) you could use

OTP.Base32.instance.encode($aSecretKeyBlob; False)
OTP.Base32.instance.encodeText($aSecretKeyText; False)

Code from forum fixed by @dbeaubien #3, and encode with padding suggested by @blegay + rfc test #2

Testing authenticator app with TOTP

Download ones

Scan a QR code with the app

Provide a QR Code with url provided by code

$url:=$otp.provisioningUri("mesopelagique") // otpauth://totp/mesopelagique?secret=JDDK4U6G3BJLEZ7Y

You could generate QR code using javascript or temporary for test only using a website like https://www.qr-code-generator.com/, https://www.unitag.io/fr/qrcode, ...

⚠️ do not rely on third party website on production, it could intercept private data

Verify code

ASSERT($opt.verify(Int(Request("code?")); "Code is not ok")

Due to time drift, time could be different across devices and server and sometimes a code verify could failed.

Contributors

To help

If you run a business and you’re using one of my projects in a revenue-generating product, it makes business sense to sponsor this open source development

sponsors

Thank you for your support!

Other components

mesopelagique

otp's People

Contributors

dbeaubien avatar e-marchand avatar mesopelagique avatar phimage avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

macmikey blegay dbeaubien

otp's Issues

I rewrote the base32 encoding function

This is the base32 encoding function that I have put together and it seems to work better than the function that you are using in your base32 class.

The function you are using doesn't seem to handle when the last 5 bits end up being '00000'.

Feel free to incorporate this function if it interests you. For my testing/dev purposes, I wrote this as a standalone 4D method rather than a class function.

Dani Beaubien

// STR_Base32_Encode (text) : text

// Convert an ascii string into a base32 string
var $0; $encoded : Text  //$0 contains a base32 encoded string
var $1; $input : Text  //$1 contains an ascii string string

ASSERT(Count parameters=1)
$input:=$1

var $blob : Blob
TEXT TO BLOB($input; $blob; UTF8 text without length)

var $alfa : Text
$alfa:="ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"

var $i; $index : Integer
var $next_byte; $numBitsLeftOver : Integer
var $fiveBits : Integer

$index:=0
$numBitsLeftOver:=0
For ($i; 1; BLOB size($blob))
	$next_byte:=($next_byte << 8)+$blob{$index}  // fetch a single byte from the input blob
	$numBitsLeftOver:=$numBitsLeftOver+8
	
	While ($numBitsLeftOver>=5)
		$shiftToGet5Bits:=($numBitsLeftOver-5)
		
		$fiveBits:=($next_byte >> $shiftToGet5Bits)+1  // get high 5 bits
		If ($fiveBits>0) & ($fiveBits<=Length($alfa))
			$encoded:=$encoded+$alfa[[$fiveBits]]
		End if 
		
		$numBitsLeftOver:=$numBitsLeftOver-5
		Case of 
			: ($numBitsLeftOver=0)
				$next_byte:=0
			: ($numBitsLeftOver=1)
				$next_byte:=$next_byte & (0x0001)
			: ($numBitsLeftOver=2)
				$next_byte:=$next_byte & (0x0003)
			: ($numBitsLeftOver=3)
				$next_byte:=$next_byte & (0x0007)
			: ($numBitsLeftOver=4)
				$next_byte:=$next_byte & (0x000F)
			: ($numBitsLeftOver=5)
				$next_byte:=$next_byte & (0x001F)
			: ($numBitsLeftOver=6)
				$next_byte:=$next_byte & (0x003F)
			: ($numBitsLeftOver=7)
				$next_byte:=$next_byte & (0x007F)
			: ($numBitsLeftOver=8)
				$next_byte:=$next_byte & (0x00FF)
			: ($numBitsLeftOver=9)
				$next_byte:=$next_byte & (0x01FF)
			: ($numBitsLeftOver=10)
				$next_byte:=$next_byte & (0x03FF)
			: ($numBitsLeftOver=11)
				$next_byte:=$next_byte & (0x07FF)
			: ($numBitsLeftOver=12)
				$next_byte:=$next_byte & (0x0FFF)
			Else 
				
		End case 
		
	End while 
	
	$index:=$index+1
End for 

// deal with any left over bits
If ($numBitsLeftOver>0)
	$next_byte:=($next_byte << (5-$numBitsLeftOver+1))  // pad on right with 0's
	$fiveBits:=($next_byte >> $shiftToGet5Bits)+1  // get high 5 bits
	$encoded:=$encoded+$alfa[[$fiveBits]]
End if 

$0:=$encoded

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.