automatic import of python-pyotp

3 files changed, 155 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..516ea2c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/pyotp-2.8.0.tar.gz
diff --git a/python-pyotp.spec b/python-pyotp.spec
new file mode 100644
index 0000000..f434b70
--- /dev/null
+++ b/python-pyotp.spec
@@ -0,0 +1,153 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-pyotp
+Version:	2.8.0
+Release:	1
+Summary:	Python One Time Password Library
+License:	MIT License
+URL:		https://github.com/pyotp/pyotp
+Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/7e/f9/4c2ec78572a2d25f669220b8b9700c1133905ff6af9bf93c010778e82c65/pyotp-2.8.0.tar.gz
+BuildArch:	noarch
+
+
+%description
+PyOTP is a Python library for generating and verifying one-time passwords. It can be used to implement two-factor (2FA)
+or multi-factor (MFA) authentication methods in web applications and in other systems that require users to log in.
+Open MFA standards are defined in `RFC 4226 <https://tools.ietf.org/html/rfc4226>`_ (HOTP: An HMAC-Based One-Time
+Password Algorithm) and in `RFC 6238 <https://tools.ietf.org/html/rfc6238>`_ (TOTP: Time-Based One-Time Password
+Algorithm). PyOTP implements server-side support for both of these standards. Client-side support can be enabled by
+sending authentication codes to users over SMS or email (HOTP) or, for TOTP, by instructing users to use `Google
+Authenticator <https://en.wikipedia.org/wiki/Google_Authenticator>`_, `Authy <https://www.authy.com/>`_, or another
+compatible app. Users can set up auth tokens in their apps easily by using their phone camera to scan `otpauth://
+<https://github.com/google/google-authenticator/wiki/Key-Uri-Format>`_ QR codes provided by PyOTP.
+Implementers should read and follow the `HOTP security requirements <https://tools.ietf.org/html/rfc4226#section-7>`_
+and `TOTP security considerations <https://tools.ietf.org/html/rfc6238#section-5>`_ sections of the relevant RFCs. At
+minimum, application implementers should follow this checklist:
+- Ensure transport confidentiality by using HTTPS
+- Ensure HOTP/TOTP secret confidentiality by storing secrets in a controlled access database
+- Deny replay attacks by rejecting one-time passwords that have been used by the client (this requires storing the most 
+  recently authenticated timestamp, OTP, or hash of the OTP in your database, and rejecting the OTP when a match is seen)
+- Throttle (rate limit) brute-force attacks against your application's login functionality (see RFC 4226, section 7.3)
+- When implementing a "greenfield" application, consider supporting
+  `FIDO U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_/`WebAuthn <https://www.w3.org/TR/webauthn/>`_ in
+  addition to HOTP/TOTP. U2F uses asymmetric cryptography to avoid using a shared secret design, which strengthens your
+  MFA solution against server-side attacks. Hardware U2F also sequesters the client secret in a dedicated single-purpose
+  device, which strengthens your clients against client-side attacks. And by automating scoping of credentials to
+  relying party IDs (application origin/domain names), U2F adds protection against phishing attacks. One implementation of
+  FIDO U2F/WebAuthn is PyOTP's sister project, `PyWARP <https://github.com/pyauth/pywarp>`_.
+We also recommend that implementers read the
+`OWASP Authentication Cheat Sheet <https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md>`_ and
+`NIST SP 800-63-3: Digital Authentication Guideline <https://pages.nist.gov/800-63-3/>`_ for a high level overview of
+authentication best practices.
+
+%package -n python3-pyotp
+Summary:	Python One Time Password Library
+Provides:	python-pyotp
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+%description -n python3-pyotp
+PyOTP is a Python library for generating and verifying one-time passwords. It can be used to implement two-factor (2FA)
+or multi-factor (MFA) authentication methods in web applications and in other systems that require users to log in.
+Open MFA standards are defined in `RFC 4226 <https://tools.ietf.org/html/rfc4226>`_ (HOTP: An HMAC-Based One-Time
+Password Algorithm) and in `RFC 6238 <https://tools.ietf.org/html/rfc6238>`_ (TOTP: Time-Based One-Time Password
+Algorithm). PyOTP implements server-side support for both of these standards. Client-side support can be enabled by
+sending authentication codes to users over SMS or email (HOTP) or, for TOTP, by instructing users to use `Google
+Authenticator <https://en.wikipedia.org/wiki/Google_Authenticator>`_, `Authy <https://www.authy.com/>`_, or another
+compatible app. Users can set up auth tokens in their apps easily by using their phone camera to scan `otpauth://
+<https://github.com/google/google-authenticator/wiki/Key-Uri-Format>`_ QR codes provided by PyOTP.
+Implementers should read and follow the `HOTP security requirements <https://tools.ietf.org/html/rfc4226#section-7>`_
+and `TOTP security considerations <https://tools.ietf.org/html/rfc6238#section-5>`_ sections of the relevant RFCs. At
+minimum, application implementers should follow this checklist:
+- Ensure transport confidentiality by using HTTPS
+- Ensure HOTP/TOTP secret confidentiality by storing secrets in a controlled access database
+- Deny replay attacks by rejecting one-time passwords that have been used by the client (this requires storing the most 
+  recently authenticated timestamp, OTP, or hash of the OTP in your database, and rejecting the OTP when a match is seen)
+- Throttle (rate limit) brute-force attacks against your application's login functionality (see RFC 4226, section 7.3)
+- When implementing a "greenfield" application, consider supporting
+  `FIDO U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_/`WebAuthn <https://www.w3.org/TR/webauthn/>`_ in
+  addition to HOTP/TOTP. U2F uses asymmetric cryptography to avoid using a shared secret design, which strengthens your
+  MFA solution against server-side attacks. Hardware U2F also sequesters the client secret in a dedicated single-purpose
+  device, which strengthens your clients against client-side attacks. And by automating scoping of credentials to
+  relying party IDs (application origin/domain names), U2F adds protection against phishing attacks. One implementation of
+  FIDO U2F/WebAuthn is PyOTP's sister project, `PyWARP <https://github.com/pyauth/pywarp>`_.
+We also recommend that implementers read the
+`OWASP Authentication Cheat Sheet <https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md>`_ and
+`NIST SP 800-63-3: Digital Authentication Guideline <https://pages.nist.gov/800-63-3/>`_ for a high level overview of
+authentication best practices.
+
+%package help
+Summary:	Development documents and examples for pyotp
+Provides:	python3-pyotp-doc
+%description help
+PyOTP is a Python library for generating and verifying one-time passwords. It can be used to implement two-factor (2FA)
+or multi-factor (MFA) authentication methods in web applications and in other systems that require users to log in.
+Open MFA standards are defined in `RFC 4226 <https://tools.ietf.org/html/rfc4226>`_ (HOTP: An HMAC-Based One-Time
+Password Algorithm) and in `RFC 6238 <https://tools.ietf.org/html/rfc6238>`_ (TOTP: Time-Based One-Time Password
+Algorithm). PyOTP implements server-side support for both of these standards. Client-side support can be enabled by
+sending authentication codes to users over SMS or email (HOTP) or, for TOTP, by instructing users to use `Google
+Authenticator <https://en.wikipedia.org/wiki/Google_Authenticator>`_, `Authy <https://www.authy.com/>`_, or another
+compatible app. Users can set up auth tokens in their apps easily by using their phone camera to scan `otpauth://
+<https://github.com/google/google-authenticator/wiki/Key-Uri-Format>`_ QR codes provided by PyOTP.
+Implementers should read and follow the `HOTP security requirements <https://tools.ietf.org/html/rfc4226#section-7>`_
+and `TOTP security considerations <https://tools.ietf.org/html/rfc6238#section-5>`_ sections of the relevant RFCs. At
+minimum, application implementers should follow this checklist:
+- Ensure transport confidentiality by using HTTPS
+- Ensure HOTP/TOTP secret confidentiality by storing secrets in a controlled access database
+- Deny replay attacks by rejecting one-time passwords that have been used by the client (this requires storing the most 
+  recently authenticated timestamp, OTP, or hash of the OTP in your database, and rejecting the OTP when a match is seen)
+- Throttle (rate limit) brute-force attacks against your application's login functionality (see RFC 4226, section 7.3)
+- When implementing a "greenfield" application, consider supporting
+  `FIDO U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_/`WebAuthn <https://www.w3.org/TR/webauthn/>`_ in
+  addition to HOTP/TOTP. U2F uses asymmetric cryptography to avoid using a shared secret design, which strengthens your
+  MFA solution against server-side attacks. Hardware U2F also sequesters the client secret in a dedicated single-purpose
+  device, which strengthens your clients against client-side attacks. And by automating scoping of credentials to
+  relying party IDs (application origin/domain names), U2F adds protection against phishing attacks. One implementation of
+  FIDO U2F/WebAuthn is PyOTP's sister project, `PyWARP <https://github.com/pyauth/pywarp>`_.
+We also recommend that implementers read the
+`OWASP Authentication Cheat Sheet <https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md>`_ and
+`NIST SP 800-63-3: Digital Authentication Guideline <https://pages.nist.gov/800-63-3/>`_ for a high level overview of
+authentication best practices.
+
+%prep
+%autosetup -n pyotp-2.8.0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-pyotp -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Thu Mar 09 2023 Python_Bot <Python_Bot@openeuler.org> - 2.8.0-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..6e8a894
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+b01f8bd1a326fe9a61581eb0b26a48b9  pyotp-2.8.0.tar.gz