Skip to content
/ web-app-2fa Public

Authentication System that implement time-based one-time-password (TOTP) as two-factor authentication (2FA) , with PHOTON hash used instad of SHA-1

youtu.be/_LNlBgFdm9k

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

amryyahya/web-app-2fa

BranchesTags

Repository files navigation

Simple 2FA Login and Register Website

This project is a simple web application built with Python Flask as the backend, which implements a two-factor authentication (2FA) system. The website allows users to register and log in using JWT-based authentication and employs a TOTP (Time-based One-Time Password) system that is secured by the HMAC-Photon algorithm. This project is the output of my S1 thesis.

Features

  • User Registration: Create a new account with email and password.
  • User Login: Authenticate using JWT after providing correct credentials.
  • 2FA (Two-Factor Authentication): The login process is secured with a TOTP generated by the HMAC-Photon algorithm for additional security.
  • JWT Authentication: Uses JSON Web Tokens (JWT) for session management.

Technology Stack

  • Backend: Python Flask
  • Authentication:
    • JWT (JSON Web Tokens) for secure token-based authentication.
    • TOTP with HMAC-Photon for 2FA.
  • Frontend: Simple HTML/CSS (can be extended as needed).

Installation

Method : Using Docker (Make sure docker-engine have been installed on your device)

  1. Clone the repository: 
    git clone https://github.com/amryyahya/web-app-2fa.git
cd web-app-2fa
  2. Set up environment variables: Edit .env file to store the environment variables: 
     AES_INITIAL_VECTOR=16-bytes string
 AES_SECRET_KEY=32-bytes string
 JWT_SECRET_KEY=32-bytes string
 APP_SECRET_KEY=32-bytes string
 QRCODE_KEY=16-bytes string
 QRCODE_IV=16-bytes string
  3. Build and run docker container 
    docker build -t web-app-2fa .
docker run -p 5000:5000 web-app-2fa

Method 2: Install Python Locally (Make sure python3 and pip have been installed on your device)

  1. Clone the repository: 
    git clone https://github.com/amryyahya/web-app-2fa.git
cd web-app-2fa
  2. Install dependencies: 
     pip install -r requirements.txt
  3. Set up environment variables: Edit .env file to store the environment variables: 
     AES_INITIAL_VECTOR=16-bytes string
 AES_SECRET_KEY=32-bytes string
 JWT_SECRET_KEY=32-bytes string
 APP_SECRET_KEY=32-bytes string
 QRCODE_KEY=16-bytes string
 QRCODE_IV=16-bytes string
  4. Run the application: 
    python3 app.py

Usage

  • Register a new account by providing an email, password, and other data dummy (name, phone number, address).
  • 2FA must be configured during registration session.
  • Log in using the registered credentials. A JWT token will be generated upon successful login.
  • Verify the 2FA by entering the TOTP generated by the HMAC-Photon algorithm.

2FA Implementation

The Time-based One-Time Password (TOTP) system is secured by the HMAC-Photon algorithm, providing an extra layer of security during the login process.

License

This project is licensed under the MIT License.

Acknowledgements

This project was developed as the output of my S1 thesis.

Others

Thanks to ahmrh for deploying the authenticator app (It uses QR code encryption key and initial value, as defined in the .env file)

About

Authentication System that implement time-based one-time-password (TOTP) as two-factor authentication (2FA) , with PHOTON hash used instad of SHA-1

youtu.be/_LNlBgFdm9k

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages