Replace onetimepass with pyotp

pyotp is more common and better maintained Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2016-09-17 06:37:20 -07:00 · 2016-09-17 06:37:20 -07:00 · 9b8c85c5c1
parent 8118ed0a75
commit 9b8c85c5c1
2 changed files with 4 additions and 3 deletions
--- a/app/models.py
+++ b/app/models.py
@ -6,7 +6,7 @@ import bcrypt
 import urlparse
 import itertools
 import traceback
-import onetimepass
+import pyotp

 from datetime import datetime
 from distutils.version import StrictVersion
@ -111,7 +111,8 @@ class User(db.Model):
        return 'otpauth://totp/PowerDNS-Admin:%s?secret=%s&issuer=PowerDNS-Admin' % (self.username, self.otp_secret)

    def verify_totp(self, token):
-        return onetimepass.valid_totp(token, self.otp_secret)
+        totp = pyotp.TOTP(self.otp_secret)
+        return totp.verify(int(token))

    def get_hashed_password(self, plain_text_password=None):
        # Hash a password for the first time
--- a/requirements.txt
+++ b/requirements.txt
@ -8,7 +8,7 @@ python-ldap==2.4.21
 Flask-SQLAlchemy==2.1
 SQLAlchemy==1.0.9
 sqlalchemy-migrate==0.10.0
-onetimepass==1.0.1
+pyotp==2.2.1
 PyQRCode==1.2
 Flask-OAuthlib==0.9.3
 dnspython>=1.12.0