Skip to content

Commit

Permalink
Fix issue with invalid URLs when secret size is not divisible by 5. p…
Browse files Browse the repository at this point in the history
  • Loading branch information
delicb committed Jul 24, 2017
1 parent 9e19353 commit d2efc23
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 2 deletions.
2 changes: 1 addition & 1 deletion hotp/hotp.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ func Generate(opts GenerateOpts) (*otp.Key, error) {
return nil, err
}

v.Set("secret", base32.StdEncoding.EncodeToString(secret))
v.Set("secret", strings.TrimRight(base32.StdEncoding.EncodeToString(secret), "="))
v.Set("issuer", opts.Issuer)
v.Set("algorithm", opts.Algorithm.String())
v.Set("digits", opts.Digits.String())
Expand Down
8 changes: 8 additions & 0 deletions hotp/hotp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -151,4 +151,12 @@ func TestGenerate(t *testing.T) {
})
require.Equal(t, otp.ErrGenerateMissingAccountName, err, "generate missing account name.")
require.Nil(t, k, "key should be nil on error.")

k, err = Generate(GenerateOpts{
Issuer: "SnakeOil",
AccountName: "[email protected]",
SecretSize: 17, // anything that is not divisable by 5, really
})
require.NoError(t, err, "Secret size is valid when length not divisable by 5.")
require.NotContains(t, k.Secret(), "=", "Secret has no escaped characters.")
}
4 changes: 3 additions & 1 deletion totp/totp.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
package totp

import (
"strings"

"github.com/pquerna/otp"
"github.com/pquerna/otp/hotp"

Expand Down Expand Up @@ -174,7 +176,7 @@ func Generate(opts GenerateOpts) (*otp.Key, error) {
return nil, err
}

v.Set("secret", base32.StdEncoding.EncodeToString(secret))
v.Set("secret", strings.TrimRight(base32.StdEncoding.EncodeToString(secret), "="))
v.Set("issuer", opts.Issuer)
v.Set("period", strconv.FormatUint(uint64(opts.Period), 10))
v.Set("algorithm", opts.Algorithm.String())
Expand Down
8 changes: 8 additions & 0 deletions totp/totp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -135,4 +135,12 @@ func TestGenerate(t *testing.T) {
})
require.NoError(t, err, "generate larger TOTP")
require.Equal(t, 32, len(k.Secret()), "Secret is 32 bytes long as base32.")

k, err = Generate(GenerateOpts{
Issuer: "SnakeOil",
AccountName: "[email protected]",
SecretSize: 13, // anything that is not divisable by 5, really
})
require.NoError(t, err, "Secret size is valid when length not divisable by 5.")
require.NotContains(t, k.Secret(), "=", "Secret has no escaped characters.")
}

0 comments on commit d2efc23

Please sign in to comment.