Add cli script - Githubissues

pyauth / pyotp

Python One-Time Password Library

https://pyauth.github.io/pyotp/

Other

2.95k stars 321 forks source link

Add cli script #80

Closed willianpaixao closed 4 years ago

willianpaixao commented 5 years ago

I would love to have pyotp as a command line tool, being able to get OTP without having to write a (small) Python script and make it executable. My proposal is to include a script that reads arguments and talks to the pyotp library, later including it in the PATH of python commands.

tilkinsc commented 5 years ago

This library actually isn't targeted at being a program, moreso a library. It aids in those who need it for implementing otp in python. You claimed that the python script should be small, but there is a lot that /could/ go into an executable script of this status. This should stay the base library, and have another library depend on this one.

Some things this entails:

Parsing arguments
Secure secret key management
HTOP counter saving
User account level of accessing saved keys
QR Code generation
Copius amounts of testing to ensure everything works

bijujo commented 4 years ago

@willianpaixao I am a python beginner and this is a small wrapper script I wrote, just in case if it helps.

#!/usr/bin/python
##
## Script to generate OTP based on base32 MFA secret key
##
import pyotp
import time
import sys
import os
from termcolor import colored,cprint
os.system('clear')
key = raw_input("Enter base32 secret key: ")
print("Generating OTP for key:" + key)
cprint('\nNew OTP will be generated every 30 Seconds. Press Ctrl+C to exit', 'red')
print('')
totp = pyotp.TOTP(key)
OTP=totp.now()
print("Current OTP is: " + OTP)
while True:
  try: 
    while totp.verify(OTP):
      pass
  except KeyboardInterrupt:
    print("Bye!")
    sys.exit()
  else:
    OTP=totp.now()
    print("Current OTP is: " + OTP)
    print('\n')
##EOF

bersbersbers commented 4 years ago

One might also check out https://github.com/nathan-yan/otp_ (https://pypi.org/project/otp-cli/ on PyPI), which uses pyotp as a backend.

hackerb9 commented 9 months ago

This was closed as completed but the homepage and docs do not appear to mention any command line program. Should this issue be reopened?

tilkinsc commented 9 months ago

This is just a library. There are programs out there that implement this library into a CLI. CLI isn't really the proper place to store your URIs, as it will go into history undermining the security. I would look for one that uses a secure keychain or something.

hackerb9 commented 9 months ago

It is a fair point that this is just a library, but some libraries come with utility programs that provide convenient command line access to their features and it appears at one time pyotp was one such library. If not, why would @willianpaixao have closed this as completed?

I do not think the history problem is hard to deal with, but maybe I'm misunderstanding. Is the issue that you expect the user to type the URI as an argument and therefore have it saved in .bash_history or the like? Couldn't you just prompt for it?

bersbersbers commented 9 months ago

why would @willianpaixao have closed this as completed

By accident, maybe, since that is the close button's default. And with that, I suggest you accept that this library does not have a CLI.

hackerb9 commented 9 months ago

And with that, I suggest you accept that this library does not have a CLI.

Of course. I'll accept whatever the developers decide. I had checked carefully and it wasn't clear before that the omission was intentional.