Merge pull request adafruit#3001 from justmobilize/secrets-cleanup-l-o

Secrets Cleanup: L, M and O

Author: FoamyGuy

MacroPad_Scramble_Lock/code.py

@@ -22,7 +22,7 @@
 # CONFIGURABLES ------------------------
 
 # Password information
-#  For higher security, place password in a separate file like secrets.py
+#  For higher security, place password in a separate file like settings.toml
 PASSWORD = "2468"
 PASSWORD_LENGTH = len(PASSWORD)
 

Macropad_2FA_TOTP/.circuitpython.skip

@@ -31,15 +31,11 @@
 DISPLAY_RATE = 1       # screen refresh rate
 #-------------------------------------------------------------------------
 
-# Get secrets from a secrets.py file
+# Get totp_keys from a totp_keys.py file
 try:
-    from secrets import secrets
-    totp_keys = secrets["totp_keys"]
+    from totp_keys import totp_keys
 except ImportError:
-    print("Secrets are kept in secrets.py, please add them there!")
-    raise
-except KeyError:
-    print("TOTP info not found in secrets.py.")
+    print("TOTP info not found in totp_keys.py, please add them there!")
     raise
 
 # set board to use PCF8523 as its RTC
@@ -80,7 +76,9 @@
 rtc_time.anchor_point = (0.0, 0.5)
 rtc_time.anchored_position = (0, 59)
 
-progress_bar = HorizontalProgressBar((68, 46), (55, 17), bar_color=0xFFFFFF, min_value=0, max_value=30)
+progress_bar = HorizontalProgressBar(
+    (68, 46), (55, 17), bar_color=0xFFFFFF, min_value=0, max_value=30
+)
 
 splash = displayio.Group()
 splash.append(name)
@@ -172,15 +170,15 @@ def generate_otp(int_input, secret_key, digits=6):
              int_to_bytestring(int_input)).digest()
     )
     offset = hmac_hash[-1] & 0xf
-    code = ((hmac_hash[offset] & 0x7f) << 24 |
-            (hmac_hash[offset + 1] & 0xff) << 16 |
-            (hmac_hash[offset + 2] & 0xff) << 8 |
-            (hmac_hash[offset + 3] & 0xff))
-    str_code = str(code % 10 ** digits)
-    while len(str_code) < digits:
-        str_code = '0' + str_code
+    otp_code = ((hmac_hash[offset] & 0x7f) << 24 |
+               (hmac_hash[offset + 1] & 0xff) << 16 |
+               (hmac_hash[offset + 2] & 0xff) << 8 |
+               (hmac_hash[offset + 3] & 0xff))
+    str_otp_code = str(otp_code % 10 ** digits)
+    while len(str_otp_code) < digits:
+        str_otp_code = '0' + str_otp_code
 
-    return str_code
+    return str_otp_code
 
 #-------------------------------------------------------------------------
 #                    M A C R O P A D    S E T U P

Macropad_2FA_TOTP/code.py

@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: 2021 Carter Nelson for Adafruit Industries
+#
+# SPDX-License-Identifier: MIT
+
+# This file contains totp codes!
+# If you put them in the code you risk committing that info or sharing it
+
+# tuples of name, key, color
+totp_keys = [
+    ("Github", "JBSWY3DPEHPK3PXP", 0x8732A8),
+    ("Discord", "JBSWY3DPEHPK3PXQ", 0x32A89E),
+    ("Slack", "JBSWY5DZEHPK3PXR", 0xFC861E),
+    ("Basecamp", "JBSWY6DZEHPK3PXS", 0x55C24C),
+    ("Gmail", "JBSWY7DZEHPK3PXT", 0x3029FF),
+    None,
+    None, # must have 12 entires
+    None, # set None for unused keys
+    None,
+    ("Hello Kitty", "JBSWY7DZEHPK3PXU", 0xED164F),
+    None,
+    None,
+]

Macropad_2FA_TOTP/secrets.py

@@ -1,21 +1,25 @@
 # SPDX-FileCopyrightText: 2021 Brent Rubell, written for Adafruit Industries
 #
 # SPDX-License-Identifier: Unlicense
+
+from os import getenv
 from adafruit_oauth2 import OAuth2
 from adafruit_display_text.label import Label
 from adafruit_bitmap_font import bitmap_font
 from adafruit_magtag.magtag import Graphics, Network
 from adafruit_display_shapes.rect import Rect
 
-# Add a secrets.py to your filesystem that has a dictionary called secrets with "ssid" and
-# "password" keys with your WiFi credentials. DO NOT share that file or commit it into Git or other
-# source control.
-# pylint: disable=no-name-in-module,wrong-import-order
-try:
-    from secrets import secrets
-except ImportError:
-    print("Credentials and tokens are kept in secrets.py, please add them there!")
-    raise
+# Get WiFi details, ensure these are setup in settings.toml
+ssid = getenv("CIRCUITPY_WIFI_SSID")
+password = getenv("CIRCUITPY_WIFI_PASSWORD")
+
+if None in [ssid, password]:
+    raise RuntimeError(
+        "WiFi settings are kept in settings.toml, "
+        "please add them there. The settings file must contain "
+        "'CIRCUITPY_WIFI_SSID', 'CIRCUITPY_WIFI_PASSWORD', "
+        "at a minimum."
+    )
 
 network = Network()
 network.connect()
@@ -57,8 +61,8 @@
 # Initialize an OAuth2 object
 google_auth = OAuth2(
     network.requests,
-    secrets["google_client_id"],
-    secrets["google_client_secret"],
+    getenv("google_client_id"),
+    getenv("google_client_secret"),
     scopes,
 )
 
@@ -90,16 +94,16 @@
     raise RuntimeError("Timed out waiting for browser response!")
 
 print("Successfully Authenticated with Google!")
-print("Add the following lines to your secrets.py file:")
-print("\t'google_access_token' " + ":" + " '%s'," % google_auth.access_token)
-print("\t'google_refresh_token' " + ":" + " '%s'" % google_auth.refresh_token)
+print("Add the following lines to your settings.toml file:")
+print(f'google_access_token="{google_auth.access_token}"')
+print(f'google_refresh_token="{google_auth.refresh_token}"')
 
 graphics.splash.pop()
 graphics.splash.pop()
 graphics.splash.pop()
 
 label_overview_text.text = "Successfully Authenticated!"
 label_verification_url.text = (
-    "Check the REPL for tokens to add\n\tto your secrets.py file"
+    "Check the REPL for tokens to add\n\tto your settings.toml file"
 )
 display.refresh()

Macropad_2FA_TOTP/totp_keys.py

@@ -1,12 +1,26 @@
 # SPDX-FileCopyrightText: 2021 Brent Rubell, written for Adafruit Industries
 #
 # SPDX-License-Identifier: Unlicense
+
+from os import getenv
 import time
 import rtc
 from adafruit_oauth2 import OAuth2
 from adafruit_display_shapes.line import Line
 from adafruit_magtag.magtag import MagTag
 
+# Get WiFi details, ensure these are setup in settings.toml
+ssid = getenv("CIRCUITPY_WIFI_SSID")
+password = getenv("CIRCUITPY_WIFI_PASSWORD")
+
+if None in [ssid, password]:
+    raise RuntimeError(
+        "WiFi settings are kept in settings.toml, "
+        "please add them there. The settings file must contain "
+        "'CIRCUITPY_WIFI_SSID', 'CIRCUITPY_WIFI_PASSWORD', "
+        "at a minimum."
+    )
+
 # Calendar ID
 CALENDAR_ID = "YOUR_CALENDAR_ID"
 
@@ -42,15 +56,6 @@
     6: "Sunday",
 }
 
-# Add a secrets.py to your filesystem that has a dictionary called secrets with "ssid" and
-# "password" keys with your WiFi credentials. DO NOT share that file or commit it into Git or other
-# source control.
-# pylint: disable=no-name-in-module,wrong-import-order
-try:
-    from secrets import secrets
-except ImportError:
-    print("Credentials and tokens are kept in secrets.py, please add them there!")
-    raise
 
 # Create a new MagTag object
 magtag = MagTag()
@@ -62,18 +67,18 @@
 scopes = ["https://www.googleapis.com/auth/calendar.readonly"]
 google_auth = OAuth2(
     magtag.network.requests,
-    secrets["google_client_id"],
-    secrets["google_client_secret"],
+    getenv("google_client_id"),
+    getenv("google_client_secret"),
     scopes,
-    secrets["google_access_token"],
-    secrets["google_refresh_token"],
+    getenv("google_access_token"),
+    getenv("google_refresh_token"),
 )
 
 
 def get_current_time(time_max=False):
     """Gets local time from Adafruit IO and converts to RFC3339 timestamp."""
     # Get local time from Adafruit IO
-    magtag.get_local_time(secrets["timezone"])
+    magtag.get_local_time(getenv("timezone"))
     # Format as RFC339 timestamp
     cur_time = r.datetime
     if time_max:  # maximum time to fetch events is midnight (4:59:59UTC)

MagTag/MagTag_Google_Calendar/authenticator.py

@@ -11,9 +11,10 @@
 """
 
 # pylint: disable=import-error
+
+from os import getenv
 import gc
 import time
-from secrets import secrets
 import displayio
 from rtc import RTC
 from adafruit_magtag.magtag import Graphics
@@ -23,6 +24,17 @@
 from adafruit_display_text.label import Label
 from nextbus import NextBus
 
+# Get WiFi details, ensure these are setup in settings.toml
+ssid = getenv("CIRCUITPY_WIFI_SSID")
+password = getenv("CIRCUITPY_WIFI_PASSWORD")
+
+if None in [ssid, password]:
+    raise RuntimeError(
+        "WiFi settings are kept in settings.toml, "
+        "please add them there. The settings file must contain "
+        "'CIRCUITPY_WIFI_SSID', 'CIRCUITPY_WIFI_PASSWORD', "
+        "at a minimum."
+    )
 
 # CONFIGURABLE SETTINGS ----------------------------------------------------
 
@@ -54,15 +66,12 @@
 # not a big problem if this drifts a bit due to infrequent synchronizations.
 # 6 hour default.
 CLOCK_SYNC_INTERVAL = 6 * 60 * 60
-# Load time zone string from secrets.py, else IP geolocation is used
+# Load time zone string from settings.toml, else IP geolocation is used
 # (http://worldtimeapi.org/api/timezone for list). Again, this is only
 # used for the 'Last checked' display, not predictions, so it's not
 # especially disruptive if missing.
 # pylint: disable=bare-except
-try:
-    TIME_ZONE = secrets['timezone'] # e.g. 'America/New_York'
-except:
-    TIME_ZONE = None # Use IP geolocation
+TIME_ZONE = getenv('timezone') # e.g. 'America/New_York'
 
 
 # SOME UTILITY FUNCTIONS ---------------------------------------------------

MagTag/MagTag_Google_Calendar/code.py

@@ -0,0 +1,14 @@
+# SPDX-FileCopyrightText: 2020 Eva Herrada for Adafruit Industries
+#
+# SPDX-License-Identifier: MIT
+
+# This file is where you keep private settings, passwords, and tokens!
+# If you put them in the code you risk committing that info or sharing it
+
+CIRCUITPY_WIFI_SSID="your-wifi-ssid"
+CIRCUITPY_WIFI_PASSWORD="your-wifi-password"
+ADAFRUIT_AIO_USERNAME="my_username"
+ADAFRUIT_AIO_KEY="my_key"
+timezone="America/New_York"  # http://worldtimeapi.org/timezones
+openweather_token="my_openweather_token"
+openweather_location="New York City, US"