OTP using email


So i wanted to try and implement something like otp for the site i have made. The working is something like this :

When a user logs in the site and the password gets accepted, a random 6 digit code is generated in the backend and an email is sent to the user's email id containing the code. (using default outgoing email)
 After the login page, a new page opens up asking for the generated code, once entered directs the user to the desk. 

Can this be done?

how do i send an email from the backend? is there an api / whitelist function ?
how do i add a new html page and load it after login page (but before desk) ?

Any help will be highly appreciated :smile:


Use frappe.sendmail https://frappe.github.io/frappe/current/api/frappe.init.html#frappe.sendmail

Thank you @rmehta . That solves half of my problem.

Hi @Akarsh_Hegde
use python code for generating 6 digit alphanumeric code write it in a white listed method at back end (possibly in api .py of your app) random alphanumeric generator and send it using sendmail() function

hey @ravindra_l
Thanks! That link was helpful.
Thats what i was thinking of doing so far. But i am still wondering how to restrict the login page from redirecting to the desk . I want the page to redirect to a new page which awaits for otp . And then once otp is satisfied, it redirects to desk . Any idea how i can achieve this?

Hey @ravindra_l , i tried to write a function in api.py of my app like you said, but it shows the msg "Not permitted " when the call to api is made. I read somewhere the whitelisted functions cant be called unless the user is logged in. Is there anywhere else i can write the function ?

Hi @Akarsh_Hegde
pass allow_guest=True as an argument to frappe.whitelist
read it in frappe rest api
please refer rpc section of this https://frappe.github.io/frappe/user/guides/integration/rest_api.html

thanks @ravindra_l , that worked!!

Any idea what can be done for redirection ? i was thinking of an alternate method of showing a prompt (frappe.prompt or js prompt ) which accepts and validates. But how do i cancel the login process if otp is wrong ? which function to call or exception to throw ?