has been posted on GitHub
[Https://github.com/raptorz/userga]
The following are directly taken from readme.md
A user system that can be used without a password. By default you only need to enter email to register or login, if you need a password, you can use Google Authenticator scan the QR code in the message, using GA generated one-time password login.
Basic functions
- Registration: Enter email to complete registration or login. Tip: This site can not set a password, directly using email login, if you need to set a password, please receive mail, and follow the instructions in the message.
- Login: Not set Password: Enter email to log in directly. Password has been set: Enter the email after the password prompt, you need to enter the GA generated one-time password login.
- Set Password: Message content: Congratulations on your successful registration of this website, you can now directly use the email login website
Installation
cd /usr/ports/databases/py-sqlite3 # for FreeBSDsudo make PYTHON_VERSION=python3.4 install # for FreeBSDpip install -r requirements.txtpython userga.py
Configuration
The configuration file is the Config.json in the current directory with the following contents:
{ "db_url": "sqlite:///userga.dat", "web_path": "userga", "web_addr": "127.0.0.1", "web_port": 8001, "debug": True,}
Depend on
- Python 3.4+ (other versions not tested)
- Bottle, Mako, Beaker, SQLAlchemy, Bottle-sqlalchemy
- Bottle-plugins
- Optional webserver front end (Apache/nginx ... )
Contribution
The following third-party front-end libraries are included in the program code:
Security
- Not High security:
- Secret currently uses a Base64 encoded random character after 10 bits, the key space is 64^10
- OTP code has only 6 digits and it's possible to try it out in 30 seconds.
- So there must be a retry limit, which is now simply limited to 30 seconds allowed to try only once (resetting the password is 5 minutes)
User system implementation without a password