Hướng dẫn tạo form lấy danh sách đăng kí online

A ruby library for generating one time passwords (HOTP & TOTP) according to RFC 4226 and RFC 6238.

Watching: Hướng dẫn tạo form lấy danh sách đăng kí online

ROTP is compatible with the Google Authenticator available for Android and iPhone.

Many websites use this for multi-factor authentication, such as GMail, Facebook, Amazon EC2, WordPress, and Salesforce. You can find the whole list here.

Dependencies

OpenSSLRuby 1.9.3 or higher

Installation

gem install rotp

Library Usage

Time based OTP’s

totp = ROTP::TOTP.new(“base32secret3232”)totp.now # => “492039”# OTP verified for current timetotp.verify(“492039”) # => truesleep 30totp.verify(“492039”) # => falseOptionally, you can provide an issuer which will be used as a title in Google Authenticator.

See more: Iut De Cergy Paris Université, Citeseerx &Mdash Université De Cergy, 5 Mail Gay

totp = ROTP::TOTP.new(“base32secret3232”, issuer: “My Service”)totp.provisioning_uri(“”)

Counter based OTP’s

hotp = ROTP::HOTP.new(“base32secretkey3232”)hotp.at(0) # => “260182”hotp.at(1) # => “055283”hotp.at(1401) # => “316439”# OTP verified with a counterhotp.verify(“316439”, 1401) # => truehotp.verify(“316439”, 1402) # => false

Verifying a Time based OTP with drift

Some users devices may be slightly behind or ahead of the actual time. ROTP allows users to verifyan OTP code with an specific amount of ‘drift’

totp = ROTP::TOTP.new(“base32secret3232”)totp.now # => “492039”# OTP verified for current time with 120 seconds allowed drifttotp.verify_with_drift(“492039”, 60, Time.now – 30) # => truetotp.verify_with_drift(“492039”, 60, Time.now – 90) # => false

Preventing reuse of Time based OTP’s

In order to prevent reuse of time based tokens within the interval window (default 30 seconds)it is necessary to store the last time an OTP was used. The following is an example of this in action:

See Also:  Sign in to your admin console

User.find(someUserID)totp = ROTP::TOTP.new(user.otp_secret)totp.now # => “492039”user.last_otp_at # => 1472145530# Verify the OTPverified_at_timestamp = totp.verify_with_drift_and_prior(“492039”, 0, user.last_otp_at) #=> 1472145760# Store this on the user’s accountuser.update(last_otp_at: verified_at_timestamp)verified_at_timestamp = totp.verify_with_drift_and_prior(“492039”, 0, user.last_otp_at) #=> false

Generating a Base32 Secret key

ROTP::Base32.random_base32 # returns a 16 character base32 secret. Compatible with Google AuthenticatorNote: The Base32 format conforms to RFC 4648 Base32

Google Authenticator Compatible URI’s

Provisioning URI’s generated by ROTP are compatible with the Google Authenticator Appto be scanned with the in-built QR Code scanner.

totp.provisioning_uri(“”) # => ‘otpauth://totp/issuer:?secret=JBSWY3DPEHPK3PXP’hotp.provisioning_uri(“”, 0) # => ‘otpauth://hotp/issuer:?secret=JBSWY3DPEHPK3PXP&counter=0’This can then be rendered as a QR Code which can then be scanned and added to the userslist of OTP credentials.

Working example

Scan the following barcode with your phone, using Google Authenticator

Now run the following and compare the output

require ‘rubygems’require ‘rotp’totp = ROTP::TOTP.new(“JBSWY3DPEHPK3PXP”)p “Current OTP: #{totp.now}”

Testing

bundle installbundle exec rspec

Executable Usage

Once the rotp rubygem is installed on your system, you should be able to run the rotp executable(if not, you might find trouble-shooting help at this stackoverflow question).

See more: Giảng Viên Thỉnh Giảng – Học Dự Bị Tiếng Tại Trường Công Giáo Miền Tây Uco

# Try this to get an overview of the commandsrotp –help# Examplesrotp –secret p4ssword # Generates a time-based one-time passwordrotp –hmac –secret p4ssword –counter 42 # Generates a counter-based one-time password

Contributors

Have a look at the contributors graph on Github.
Categories: Mail

Leave a Reply

Your email address will not be published. Required fields are marked *