PR #80 Add Simple Password Check and OTP to Make Banking App Safer!

[Pragati5-DEBUG]

Add Password Check and OTP for Extra Security! 🔒

What I Want to Do 🎯

Make the banking app safer by:

1. Making sure passwords are strong
2. Adding a simple OTP (One-Time Password) when logging in

Simple Password Rules:

1. At least 8 characters long
2. Has at least one number
3. Has at least one capital letter
4. Has at least one special character (!@#$%^&*)

Simple OTP Rules:

1. 6-digit code
2. Sent to user's email
3. Valid for 5 minutes

Where to Make Changes:

In secure_banking_system.py, we'll add:

1. Password validation to SecurityManager class
2. Simple OTP generation and verification

Example Code:

import random
import time

class SecurityManager:
    def __init__(self):
        # Existing code...
        self.otp_store = {}  # Store OTPs temporarily
    
    @staticmethod
    def validate_password(password: str) -> bool:
        """Check if password meets security requirements"""
        if len(password) < 8:
            return False
        if not any(char.isdigit() for char in password):
            return False
        if not any(char.isupper() for char in password):
            return False
        if not any(char in "!@#$%^&*" for char in password):
            return False
        return True

    def generate_otp(self, email: str) -> str:
        """Generate a 6-digit OTP"""
        otp = str(random.randint(100000, 999999))
        self.otp_store[email] = {
            'otp': otp,
            'timestamp': time.time()
        }
        return otp

    def verify_otp(self, email: str, otp: str) -> bool:
        """Verify if OTP is valid"""
        if email not in self.otp_store:
            return False
        
        stored_data = self.otp_store[email]
        # Check if OTP is expired (5 minutes)
        if time.time() - stored_data['timestamp'] > 300:
            del self.otp_store[email]
            return False
            
        if stored_data['otp'] == otp:
            del self.otp_store[email]
            return True
        return False

How to Use It:

1. When user creates account:

   if SecurityManager.validate_password(password):
       # Create account
   else:
       print("Password is not strong enough!")

2. When user logs in:

   # Generate and send OTP
   otp = security_manager.generate_otp(user_email)
   # In real app, send this OTP via email
   
   # User enters OTP
   if security_manager.verify_otp(user_email, entered_otp):
       print("Login successful!")
   else:
       print("Invalid or expired OTP!")

Testing It Out ✅

Try these scenarios:

1. Password validation:

   • "password" (should fail)
   • "Password123!" (should work)

2. OTP verification:

   • Enter correct OTP (should work)
   • Enter wrong OTP (should fail)
   • Wait 5 minutes (should expire)

[Pragati5-DEBUG]

should this be worked on?

[SohamJuneja]

Yes , you can work on this , just try getting your previous PR merged first

[Pragati5-DEBUG]

@Dralt03 can i use twilio to send otp via sms?