Please email me a patch. The files would go into contrib. Thank you for this contribution. :-)
Massimo On Jan 29, 6:53 am, whowhywhat <[email protected]> wrote: > just finished writing a motp (http://motp.sourceforge.net/) > authentication plugin for web2py. Where do i contribute this code? > I would appreciate if some one tests this and gives me some feedback. > > I have uploaded the code to Google code. project > ishttps://web2py-motp-auth.googlecode.com > you can see the source here > -https://code.google.com/p/web2py-motp-auth/source/browse/motp_auth.py > > Some questions I had: > - is there any way to prevent web2py from storing the password in the > DB after a successful alternate login. One you authenticate with motp. > the motp password gets stored in the db. OTP means having an ever > changing password. > > - does web2py have a standard AES api? i would like to (symmetrically) > encrypt the stored motp pin and motp secret. Or is it better i just > use a external python library? > > - as of now the user database and user field is hard-coded to use > auth_user table and email field respectively. How can i make this > variable? (so a user can pass some other database table or field) > > i also want to implement google authenticator (https://code.google.com/ > p/google-authenticator/) auth for web2py. This is another OTP > solution. However for google authenticator, you need to use both your > site password and the OTP.. so a custom login for would be needed. > Would be great solution where that extra bit of security is needed. I > personally use google authenticator for my google accounts, and i > think the added security is a boon. > > Would also appreciate your thoughts and comments on OTP in general > > thanks web2py community.. :)
