应该从消息中自动读取OTP(令牌)
问题描述 投票:32回答:8
我正在开发一个Android应用程序,其中服务器发送OTP并且用户需要在应用程序中输入此OTP,以登录我的应用程序。我想要的是,我的应用程序应该能够自动读取服务器发送的OTP。我怎样才能做到这一点?任何有关这方面的帮助或指导都将受到高度赞赏。
8个回答
投票
我建议您不要使用任何第三方库从SMS收件箱中自动获取OTP。如果您对广播接收器及其工作原理有基本的了解,则可以轻松完成此操作。试试以下方法:
步骤1)创建单个接口,即SmsListner
package com.wnrcorp.reba;
public interface SmsListener{
public void messageReceived(String messageText);}
步骤2)创建单个广播接收器,即SmsReceiver
package com.wnrcorp.reba;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.telephony.SmsMessage;
public class SmsReceiver extends BroadcastReceiver {
private static SmsListener mListener;
Boolean b;
String abcd,xyz;
@Override
public void onReceive(Context context, Intent intent) {
Bundle data = intent.getExtras();
Object[] pdus = (Object[]) data.get("pdus");
for(int i=0;i<pdus.length;i++){
SmsMessage smsMessage = SmsMessage.createFromPdu((byte[]) pdus[i]);
String sender = smsMessage.getDisplayOriginatingAddress();
// b=sender.endsWith("WNRCRP"); //Just to fetch otp sent from WNRCRP
String messageBody = smsMessage.getMessageBody();
abcd=messageBody.replaceAll("[^0-9]",""); // here abcd contains otp
which is in number format
//Pass on the text to our listener.
if(b==true) {
mListener.messageReceived(abcd); // attach value to interface
object
}
else
{
}
}
}
public static void bindListener(SmsListener listener) {
mListener = listener;
}
}
步骤3)在android清单文件中添加Listener,即广播接收器
<receiver android:name=".SmsReceiver">
<intent-filter>
<action android:name="android.provider.Telephony.SMS_RECEIVED"/>
</intent-filter>
</receiver>
并添加权限
<uses-permission android:name="android.permission.RECEIVE_SMS"/>
最终步骤4)在收件箱中收到otp时自动获取otp的活动。在我的情况下,我正在获取otp并设置edittext字段。
public class OtpVerificationActivity extends AppCompatActivity {
EditText ed;
TextView tv;
String otp_generated,contactNo,id1;
GlobalData gd = new GlobalData();
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_otp_verification);
ed=(EditText)findViewById(R.id.otp);
tv=(TextView) findViewById(R.id.verify_otp);
/*This is important because this will be called every time you receive
any sms */
SmsReceiver.bindListener(new SmsListener() {
@Override
public void messageReceived(String messageText) {
ed.setText(messageText);
}
});
tv.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
try
{
InputMethodManager imm=
(InputMethodManager)getSystemService(INPUT_METHOD_SERVICE);
imm.hideSoftInputFromWindow(getCurrentFocus().getWindowToken(),0);
}
catch(Exception e)
{}
if (ed.getText().toString().equals(otp_generated))
{
Toast.makeText(OtpVerificationActivity.this, "OTP Verified
Successfully !", Toast.LENGTH_SHORT).show();
}
});
}
}
OtpVerificationActivity的布局文件
<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
android:id="@+id/activity_otp_verification"
android:layout_width="match_parent"
android:layout_height="match_parent"
android:paddingBottom="@dimen/activity_vertical_margin"
android:paddingLeft="@dimen/activity_horizontal_margin"
android:paddingRight="@dimen/activity_horizontal_margin"
android:paddingTop="@dimen/activity_vertical_margin"
tools:context="com.wnrcorp.reba.OtpVerificationActivity">
<android.support.v7.widget.CardView
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:id="@+id/firstcard"
xmlns:card_view="http://schemas.android.com/apk/res-auto"
card_view:cardCornerRadius="10dp"
>
<LinearLayout
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:orientation="vertical"
android:background="@android:color/white">
<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="OTP Confirmation"
android:textSize="18sp"
android:textStyle="bold"
android:id="@+id/dialogTitle"
android:layout_margin="5dp"
android:layout_gravity="center"
/>
<EditText
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:id="@+id/otp"
android:layout_margin="5dp"
android:hint="OTP Here"
/>
<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="Verify"
android:textSize="18sp"
android:id="@+id/verify_otp"
android:gravity="center"
android:padding="10dp"
android:layout_gravity="center"
android:visibility="visible"
android:layout_margin="5dp"
android:background="@color/colorPrimary"
android:textColor="#ffffff"
/>
</LinearLayout>
</android.support.v7.widget.CardView>
</RelativeLayout>
OTP验证活动的屏幕截图,您可以在其中获取OTP作为收到
投票
您可以尝试使用简单的库like
通过gradle安装并添加权限后,在onCreate activity等方法中启动SmsVerifyCatcher:
smsVerifyCatcher = new SmsVerifyCatcher(this, new OnSmsCatchListener<String>() {
@Override
public void onSmsCatch(String message) {
String code = parseCode(message);//Parse verification code
etCode.setText(code);//set code in edit text
//then you can send verification code to server
}
});
此外,覆盖活动生命周期方法:
@Override
protected void onStart() {
super.onStart();
smsVerifyCatcher.onStart();
}
@Override
protected void onStop() {
super.onStop();
smsVerifyCatcher.onStop();
}
/**
* need for Android 6 real time permissions
*/
@Override
public void onRequestPermissionsResult(int requestCode, @NonNull String[] permissions, @NonNull int[] grantResults) {
super.onRequestPermissionsResult(requestCode, permissions, grantResults);
smsVerifyCatcher.onRequestPermissionsResult(requestCode, permissions, grantResults);
}
public String parseCode(String message) {
Pattern p = Pattern.compile("\\b\\d{4}\\b");
Matcher m = p.matcher(message);
String code = "";
while (m.find()) {
code = m.group(0);
}
return code;
}
投票
这对我有帮助,也为我工作:
http://androiddhina.blogspot.in/2015/06/reading-incoming-message-automatically-to-verify-OTP.html
另外请不要忘记从你的static到你的EditText制作Activity/Fragment
投票
由于Google限制使用READ_SMS权限,因此这是没有READ_SMS权限的解决方案。
基本功能是避免使用Android关键权限READ_SMS并使用此方法完成任务。打击是你需要的步骤。
发送OTP到用户的号码,检查SMS Retriever API是否能够获得消息
SmsRetrieverClient client = SmsRetriever.getClient(SignupSetResetPasswordActivity.this);
Task<Void> task = client.startSmsRetriever();
task.addOnSuccessListener(new OnSuccessListener<Void>() {
@Override
public void onSuccess(Void aVoid) {
// Android will provide message once receive. Start your broadcast receiver.
IntentFilter filter = new IntentFilter();
filter.addAction(SmsRetriever.SMS_RETRIEVED_ACTION);
registerReceiver(new SmsReceiver(), filter);
}
});
task.addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(@NonNull Exception e) {
// Failed to start retriever, inspect Exception for more details
}
});
广播接收器代码
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Bundle;
import com.google.android.gms.auth.api.phone.SmsRetriever;
import com.google.android.gms.common.api.CommonStatusCodes;
import com.google.android.gms.common.api.Status;
public class SmsReceiver extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent) {
if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {
Bundle extras = intent.getExtras();
Status status = (Status) extras.get(SmsRetriever.EXTRA_STATUS);
switch (status.getStatusCode()) {
case CommonStatusCodes.SUCCESS:
// Get SMS message contents
String otp;
String msgs = (String) extras.get(SmsRetriever.EXTRA_SMS_MESSAGE);
// Extract one-time code from the message and complete verification
break;
case CommonStatusCodes.TIMEOUT:
// Waiting for SMS timed out (5 minutes)
// Handle the error ...
break;
}
}
}
}
最后一步。将此接收器注册到您的清单中
<receiver android:name=".service.SmsReceiver" android:exported="true">
<intent-filter>
<action android:name="com.google.android.gms.auth.api.phone.SMS_RETRIEVED"/>
</intent-filter>
</receiver>
您的短信必须如下。
<#> Your OTP code is: 6789
QWsa8754qw2
这里QWsa8754qw2是您自己的应用程序11个字符哈希码。关注这个link
- 不超过140个字节
- 从前缀<#>开始
- 以11个字符的哈希字符串结尾,用于标识您的应用
要导入qazxsw poi,请不要忘记将此行添加到您的应用build.gradle中:
com.google.android.gms.auth.api.phone.SmsRetriever投票
我实现了这样的东西。但是,这是我在消息传入时所做的,我只检索六位数代码,将其捆绑在一个意图中并将其发送到需要它的活动或片段并验证代码。该示例向您展示了获取短信的方法。请查看下面的代码,了解如何使用LocalBrodcastManager进行发送,以及您的消息是否包含更多文本E.g问候,将其标准化以更好地帮助您。例如“你的验证码是:84HG73”你可以像这个implementation "com.google.android.gms:play-services-auth-api-phone:16.0.0"
一样创建一个正则表达式模式,这意味着两个整数,两个[大写]字母和两个整数。祝好运!
从邮件中丢弃所有不需要的信息后
([0-9]){2}([A-Z]){2}([0-9]){2}并且片段/活动接收它
Intent intent = new Intent("AddedItem");
intent.putExtra("items", code);
LocalBroadcastManager.getInstance(getActivity()).sendBroadcast(intent);
代码意味着处理您收集的有效负载
@Override
public void onResume() {
LocalBroadcastManager.getInstance(getActivity()).registerReceiver(receiver, new IntentFilter("AddedItem"));
super.onResume();
}
@Override
public void onPause() {
super.onDestroy();
LocalBroadcastManager.getInstance(getActivity()).unregisterReceiver(receiver);
}
这有点帮助吗?我使用Callbacks做得更好
投票
很抱歉迟到的回复,但仍然觉得发布我的答案,如果它有帮助。它适用于6位数的OTP。
private BroadcastReceiver receiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (intent.getAction()) {
final String message = intent.getStringExtra("message");
//Do whatever you want with the code here
}
}
};
对于SMS监听器,可以按照以下类进行操作
@Override
public void onOTPReceived(String messageBody)
{
Pattern pattern = Pattern.compile(SMSReceiver.OTP_REGEX);
Matcher matcher = pattern.matcher(messageBody);
String otp = HkpConstants.EMPTY;
while (matcher.find())
{
otp = matcher.group();
}
checkAndSetOTP(otp);
}
Adding constants here
public static final String OTP_REGEX = "[0-9]{1,6}";
投票
使用SMS Retriever API,可以在不声明public class SMSReceiver extends BroadcastReceiver
{
public static final String SMS_BUNDLE = "pdus";
public static final String OTP_REGEX = "[0-9]{1,6}";
private static final String FORMAT = "format";
private OnOTPSMSReceivedListener otpSMSListener;
public SMSReceiver(OnOTPSMSReceivedListener listener)
{
otpSMSListener = listener;
}
@Override
public void onReceive(Context context, Intent intent)
{
Bundle intentExtras = intent.getExtras();
if (intentExtras != null)
{
Object[] sms_bundle = (Object[]) intentExtras.get(SMS_BUNDLE);
String format = intent.getStringExtra(FORMAT);
if (sms_bundle != null)
{
otpSMSListener.onOTPSMSReceived(format, sms_bundle);
}
else {
// do nothing
}
}
}
@FunctionalInterface
public interface OnOTPSMSReceivedListener
{
void onOTPSMSReceived(@Nullable String format, Object... smsBundle);
}
}
@Override
public void onOTPSMSReceived(@Nullable String format, Object... smsBundle)
{
for (Object aSmsBundle : smsBundle)
{
SmsMessage smsMessage = getIncomingMessage(format, aSmsBundle);
String sender = smsMessage.getDisplayOriginatingAddress();
if (sender.toLowerCase().contains(ONEMG))
{
getIncomingMessage(smsMessage.getMessageBody());
} else
{
// do nothing
}
}
}
private SmsMessage getIncomingMessage(@Nullable String format, Object aObject)
{
SmsMessage currentSMS;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M && format != null)
{
currentSMS = SmsMessage.createFromPdu((byte[]) aObject, format);
} else
{
currentSMS = SmsMessage.createFromPdu((byte[]) aObject);
}
return currentSMS;
}
的情况下读取OTP。
- 启动SMS检索器
android.permission.READ_SMS
- 通过广播接收消息
private fun startSMSRetriever() {
// Get an instance of SmsRetrieverClient, used to start listening for a matching SMS message.
val client = SmsRetriever.getClient(this /* context */);
// Starts SmsRetriever, which waits for ONE matching SMS message until timeout
// (5 minutes). The matching SMS message will be sent via a Broadcast Intent with
// action SmsRetriever#SMS_RETRIEVED_ACTION.
val task: Task<Void> = client.startSmsRetriever();
// Listen for success/failure of the start Task. If in a background thread, this
// can be made blocking using Tasks.await(task, [timeout]);
task.addOnSuccessListener {
Log.d("SmsRetriever", "SmsRetriever Start Success")
}
task.addOnFailureListener {
Log.d("SmsRetriever", "SmsRetriever Start Failed")
}
}
- 将验证邮件中的一次性代码发送到您的服务器
确保您的SMS格式完全如下:
public class MySMSBroadcastReceiver : BroadcastReceiver() {
override fun onReceive(context: Context?, intent: Intent?) {
if (SmsRetriever.SMS_RETRIEVED_ACTION == intent?.action && intent.extras!=null) {
val extras = intent.extras
val status = extras.get(SmsRetriever.EXTRA_STATUS) as Status
when (status.statusCode) {
CommonStatusCodes.SUCCESS -> {
// Get SMS message contents
val message = extras.get(SmsRetriever.EXTRA_SMS_MESSAGE) as String
Log.e("Message", message);
// Extract one-time code from the message and complete verification
// by sending the code back to your server.
}
CommonStatusCodes.TIMEOUT -> {
// Waiting for SMS timed out (5 minutes)
// Handle the error ...
}
}
}
}
}
/**Don't forgot to define BroadcastReceiver in AndroidManifest.xml.*/
<receiver android:name=".MySMSBroadcastReceiver" android:exported="true">
<intent-filter>
<action android:name="com.google.android.gms.auth.api.phone.SMS_RETRIEVED"/>
</intent-filter>
</receiver>
- 不超过140个字节
- 从前缀<#>开始
- 以11个字符的哈希字符串结尾,用于标识您的应用
您可以使用以下代码计算app hash:
<#> Your ExampleApp code is: 123ABC78 fBzOyyp9h6L
必需的Gradle:
import android.content.Context
import android.content.ContextWrapper
import android.content.pm.PackageManager
import android.util.Base64
import android.util.Log
import java.nio.charset.StandardCharsets
import java.security.MessageDigest
import java.security.NoSuchAlgorithmException
import java.util.*
/**
* This is a helper class to generate your message hash to be included in your SMS message.
*
* Without the correct hash, your app won't recieve the message callback. This only needs to be
* generated once per app and stored. Then you can remove this helper class from your code.
*
* For More Detail: https://developers.google.com/identity/sms-retriever/verify#computing_your_apps_hash_string
*
*/
public class AppSignatureHelper(private val context: Context) : ContextWrapper(context) {
companion object {
val TAG = AppSignatureHelper::class.java.simpleName;
private const val HASH_TYPE = "SHA-256";
const val NUM_HASHED_BYTES = 9;
const val NUM_BASE64_CHAR = 11;
}
/**
* Get all the app signatures for the current package
* @return
*/
public fun getAppSignatures(): ArrayList<String> {
val appCodes = ArrayList<String>();
try {
// Get all package signatures for the current package
val signatures = packageManager.getPackageInfo(
packageName,
PackageManager.GET_SIGNATURES
).signatures;
// For each signature create a compatible hash
for (signature in signatures) {
val hash = hash(packageName, signature.toCharsString());
if (hash != null) {
appCodes.add(String.format("%s", hash));
}
}
} catch (e: PackageManager.NameNotFoundException) {
Log.e(TAG, "Unable to find package to obtain hash.", e);
}
return appCodes;
}
private fun hash(packageName: String, signature: String): String? {
val appInfo = "$packageName $signature";
try {
val messageDigest = MessageDigest.getInstance(HASH_TYPE);
messageDigest.update(appInfo.toByteArray(StandardCharsets.UTF_8));
var hashSignature = messageDigest.digest();
// truncated into NUM_HASHED_BYTES
hashSignature = Arrays.copyOfRange(hashSignature, 0, NUM_HASHED_BYTES);
// encode into Base64
var base64Hash = Base64.encodeToString(hashSignature, Base64.NO_PADDING or Base64.NO_WRAP);
base64Hash = base64Hash.substring(0, NUM_BASE64_CHAR);
Log.e(TAG, String.format("pkg: %s -- hash: %s", packageName, base64Hash));
return base64Hash;
} catch (e: NoSuchAlgorithmException) {
Log.e(TAG, "hash:NoSuchAlgorithm", e);
}
return null;
}
}
参考文献:
implementation "com.google.android.gms:play-services-auth-api-phone:16.0.0"https://developers.google.com/identity/sms-retriever/overview https://developers.google.com/identity/sms-retriever/request
投票
Google提供了一个新的API,用于在未经用户许可的情况下阅读短信和拨打电话号码
链接:https://developers.google.com/identity/sms-retriever/verify
最新问题
- “const std::stop_token&”或只是“std::stop_token”作为线程函数的参数?
- PostgreSQL 中多个时区的时差总和
- 查询返回不同行数,导致交叉表错误
- strpos() == false 当针线存在于干草堆字符串的开头时会给出意外的结果[重复]
- Javascript - 等待不在返回承诺的异步函数中等待
- 如何在python nltk和wordnet中获取单词/同义词集的所有下位词?
- 将 strpos() 与多字节字符串一起使用时出现意外结果[重复]
- HttpBrowser 请求返回 403
- 具有 BETWEEN 时间戳的 SQL 查询出现意外结果
- 使用date_trunc的缺点
- strpos() == true 不能可靠地给出正确的结果[重复]
- 将列从timestamp更改为timestamptz会锁定表吗?
- 根据字符串中的标记字符将字符串拆分为 3 部分
- 从 now() 函数中减去小时
- strpos 需要其他东西吗
- Postgresql 8.4更新plpgsql函数中的查询语法错误
- 计算时间戳之间的营业时间[重复]
- 如何分解大班
- 根据各自时区的时间戳返回行
- PostgreSQL、pgAdmin、Java:如何使它们全部为 UTC?