Im使用“ Django DRF”中的“ django-otp”进行OPT令牌生成和验证。 我正在使用TOTP令牌生成和验证,我的令牌有效性为50秒。 即使在验证之后,它也会生成相同的OTP令牌。 我使用代码作为参考: 我想在验证后创建新令牌
我的代码: 类TOTPVerification:
def __init__(self):
# secret key that will be used to generate a token,
# User can provide a custom value to the key.
self.key = random_hex(20)
# counter with which last token was verified.
# Next token must be generated at a higher counter value.
self.last_verified_counter = -1
# this value will return True, if a token has been successfully
# verified.
self.verified = False
# number of digits in a token. Default is 6
self.number_of_digits = 6
# validity period of a token. Default is 30 second.
self.token_validity_period = 35
def totp_obj(self):
# create a TOTP object
totp = TOTP(key=self.key,
# the current time will be used to generate a counter
totp.time = time.time()
return totp
def generate_token(self):
# get the TOTP object and use that to create token
totp = self.totp_obj()
# token can be obtained with `totp.token()`
token = str(totp.token()).zfill(6)
return token
def verify_token(self, token, tolerance=0):
# convert the input token to integer
token = int(token)
except ValueError:
# return False, if token could not be converted to an integer
self.verified = False
totp = self.totp_obj()
# check if the current counter value is higher than the value of
# last verified counter and check if entered token is correct by
# calling totp.verify_token()
if ((totp.t() > self.last_verified_counter) and
(totp.verify(token, tolerance=tolerance))):
# if the condition is true, set the last verified counter value
# to current counter value, and return True
self.last_verified_counter = totp.t()
self.verified = True
# if the token entered was invalid or if the counter value
# was less than last verified counter, then return False
self.verified = False
return self.verified