-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email otp #48
Conversation
|
||
manager = getUtility(IKeyManager) | ||
|
||
return md5((uid + email + manager.secret()).encode()).hexdigest()[:10] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
md5 is not OTP although the secret rotates periodically (can't tell you with what timing/logic), you have to enter a form of expiration. You can directly use https://github.com/pyauth/pyotp?tab=readme-ov-file#time-based-otps using as secret the data you used here, and change the validation from "==" to totp.verify
Otherwise everything is ok for me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Si, infatti stavo pensado che il secret cambia, in caso si può anche aggiungere nel hash il datetime slottato per 15 min for example
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are also some typos in the README.
Implementation is ok for me
src/collective/volto/formsupport/browser/templates/email_confirm_view.pt
Outdated
Show resolved
Hide resolved
src/collective/volto/formsupport/restapi/services/validation/configure.zcml
Outdated
Show resolved
Hide resolved
src/collective/volto/formsupport/restapi/services/validation/email.py
Outdated
Show resolved
Hide resolved
Also, fix actions please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please double-check what you write, because there are typos
src/collective/volto/formsupport/restapi/services/validation/configure.zcml
Outdated
Show resolved
Hide resolved
README.rst
Outdated
@validate-email-token | ||
--------------------- | ||
|
||
Supposed to validate the OTP code recieved by user via email. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
solved
Pull Request Test Coverage Report for Build 8720476249Details
💛 - Coveralls |
No description provided.