remove qrcode

.github/workflows/build.yml

@@ -0,0 +1,24 @@
+name: build
+on: [push, pull_request]
+jobs:
+  test:
+    strategy:
+      matrix:
+        go-version: ["1.19","1.20"]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@master
+
+      - name: Set up Golang ${{ matrix.go-version }}
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Test
+        env:
+          TZ: Asia/Shanghai
+        run: |
+          make test
+          bash <(curl -s https://codecov.io/bash) -t ${{ secrets.CODECOV_TOKEN}}

.gitignore

@@ -0,0 +1,23 @@
+### Go template
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+

README.md

@@ -1,60 +1,6 @@
-# otp: One Time Password utilities Go / Golang
+# OTP One passowrd
 
-[![PkgGoDev](https://pkg.go.dev/badge/github.com/pquerna/otp)](https://pkg.go.dev/github.com/pquerna/otp) [![Build Status](https://travis-ci.org/pquerna/otp.svg?branch=master)](https://travis-ci.org/pquerna/otp)
+```go
+go get github.com/verystar/otp
+```
 
-# Why One Time Passwords?
-
-One Time Passwords (OTPs) are an mechanism to  improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to [Multi-factor authentication](http://en.wikipedia.org/wiki/Multi-factor_authentication) without adding a dependency on a SMS provider.  This Password and TOTP combination is used by many popular websites including Google, GitHub, Facebook, Salesforce and many others.
-
-The `otp` library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.
-
-Because TOTP is standardized and widely deployed, there are many [mobile clients and software implementations](http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm#Client_implementations).
-
-## `otp` Supports:
-
-* Generating QR Code images for easy user enrollment.
-* Time-based One-time Password Algorithm (TOTP) (RFC 6238): Time based OTP, the most commonly used method.
-* HMAC-based One-time Password Algorithm (HOTP) (RFC 4226): Counter based OTP, which TOTP is based upon.
-* Generation and Validation of codes for either algorithm.
-
-## Implementing TOTP in your application:
-
-### User Enrollment
-
-For an example of a working enrollment work flow, [GitHub has documented theirs](https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app/
-),  but the basics are:
-
-1. Generate new TOTP Key for a User. `key,_ := totp.Generate(...)`.
-1. Display the Key's Secret and QR-Code for the User. `key.Secret()` and `key.Image(...)`.
-1. Test that the user can successfully use their TOTP. `totp.Validate(...)`.
-1. Store TOTP Secret for the User in your backend. `key.Secret()`
-1. Provide the user with "recovery codes". (See Recovery Codes bellow)
-
-### Code Generation
-
-* In either TOTP or HOTP cases, use the `GenerateCode` function and a counter or
-  `time.Time` struct to generate a valid code compatible with most implementations.
-* For uncommon or custom settings, or to catch unlikely errors, use `GenerateCodeCustom`
-  in either module.
-
-### Validation
-
-1. Prompt and validate User's password as normal.
-1. If the user has TOTP enabled, prompt for TOTP passcode.
-1. Retrieve the User's TOTP Secret from your backend.
-1. Validate the user's passcode. `totp.Validate(...)`
-
-
-### Recovery Codes
-
-When a user loses access to their TOTP device, they would no longer have access to their account.  Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, this is a common problem. For this reason many providers give their users "backup codes" or "recovery codes".  These are a set of one time use codes that can be used instead of the TOTP.  These can simply be randomly generated strings that you store in your backend.  [Github's documentation provides an overview of the user experience](
-https://help.github.com/articles/downloading-your-two-factor-authentication-recovery-codes/).
-
-
-## Improvements, bugs, adding feature, etc:
-
-Please [open issues in Github](https://github.com/pquerna/otp/issues) for ideas, bugs, and general thoughts.  Pull requests are of course preferred :)
-
-## License
-
-`otp` is licensed under the [Apache License, Version 2.0](./LICENSE)

example/main.go

@@ -1,52 +1,12 @@
 package main
 
 import (
-	"github.com/pquerna/otp"
-	"github.com/pquerna/otp/totp"
-
-	"bufio"
-	"bytes"
-	"encoding/base32"
 	"fmt"
-	"image/png"
-	"io/ioutil"
 	"os"
 	"time"
-)
-
-func display(key *otp.Key, data []byte) {
-	fmt.Printf("Issuer:       %s\n", key.Issuer())
-	fmt.Printf("Account Name: %s\n", key.AccountName())
-	fmt.Printf("Secret:       %s\n", key.Secret())
-	fmt.Println("Writing PNG to qr-code.png....")
-	ioutil.WriteFile("qr-code.png", data, 0644)
-	fmt.Println("")
-	fmt.Println("Please add your TOTP to your OTP Application now!")
-	fmt.Println("")
-}
-
-func promptForPasscode() string {
-	reader := bufio.NewReader(os.Stdin)
-	fmt.Print("Enter Passcode: ")
-	text, _ := reader.ReadString('\n')
-	return text
-}
 
-// Demo function, not used in main
-// Generates Passcode using a UTF-8 (not base32) secret and custom parameters
-func GeneratePassCode(utf8string string) string{
-        secret := base32.StdEncoding.EncodeToString([]byte(utf8string))
-        passcode, err := totp.GenerateCodeCustom(secret, time.Now(), totp.ValidateOpts{
-                Period:    30,
-                Skew:      1,
-                Digits:    otp.DigitsSix,
-                Algorithm: otp.AlgorithmSHA512,
-        })
-        if err != nil {
-                panic(err)
-        }
-        return passcode
-}
+	"github.com/verystar/otp/totp"
+)
 
 func main() {
 	key, err := totp.Generate(totp.GenerateOpts{
@@ -56,23 +16,25 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
-	// Convert TOTP key into a PNG
-	var buf bytes.Buffer
-	img, err := key.Image(200, 200)
+
+	fmt.Printf("Issuer:       %s\n", key.Issuer())
+	fmt.Printf("Account Name: %s\n", key.AccountName())
+	fmt.Printf("Secret:       %s\n", key.Secret())
+	fmt.Printf("URL:       %s\n", key.String())
+	fmt.Println("")
+
+	passcode, err := totp.GenerateCode(key.Secret(), time.Now())
+
 	if err != nil {
 		panic(err)
 	}
-	png.Encode(&buf, img)
 
-	// display the QR code to the user.
-	display(key, buf.Bytes())
+	fmt.Println("Passcode:", passcode)
 
 	// Now Validate that the user's successfully added the passcode.
-	fmt.Println("Validating TOTP...")
-	passcode := promptForPasscode()
 	valid := totp.Validate(passcode, key.Secret())
 	if valid {
-		println("Valid passcode!")
+		println("Success passcode!")
 		os.Exit(0)
 	} else {
 		println("Invalid passcode!")

go.mod

@@ -1,8 +1,11 @@
-module github.com/pquerna/otp
+module github.com/verystar/otp
 
-go 1.12
+go 1.20
+
+require github.com/stretchr/testify v1.8.4
 
 require (
-	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc
-	github.com/stretchr/testify v1.3.0
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,9 +1,10 @@
-github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
-github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

hotp/hotp.go

@@ -18,19 +18,19 @@
 package hotp
 
 import (
-	"github.com/pquerna/otp"
-	"github.com/pquerna/otp/internal"
-	"io"
-
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/subtle"
 	"encoding/base32"
 	"encoding/binary"
 	"fmt"
+	"io"
 	"math"
 	"net/url"
 	"strings"
+
+	"github.com/verystar/otp"
+	"github.com/verystar/otp/internal"
 )
 
 const debug = false
@@ -72,7 +72,7 @@ func GenerateCode(secret string, counter uint64) (string, error) {
 // GenerateCodeCustom uses a counter and secret value and options struct to
 // create a passcode.
 func GenerateCodeCustom(secret string, counter uint64, opts ValidateOpts) (passcode string, err error) {
-	//Set default value
+	// Set default value
 	if opts.Digits == 0 {
 		opts.Digits = otp.DigitsSix
 	}

hotp/hotp_test.go

@@ -18,9 +18,9 @@
 package hotp
 
 import (
-	"github.com/pquerna/otp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/verystar/otp"
 
 	"encoding/base32"
 	"testing"
@@ -78,15 +78,15 @@ func TestGenerateRFCMatrix(t *testing.T) {
 	}
 }
 
-func TestGenerateCodeCustom(t *testing.T){
+func TestGenerateCodeCustom(t *testing.T) {
 	secSha1 := base32.StdEncoding.EncodeToString([]byte("12345678901234567890"))
 
-	code, err := GenerateCodeCustom("foo",1,ValidateOpts{})
+	code, err := GenerateCodeCustom("foo", 1, ValidateOpts{})
 	print(code)
 	require.Equal(t, otp.ErrValidateSecretInvalidBase32, err, "Decoding of secret as base32 failed.")
 	require.Equal(t, "", code, "Code should be empty string when we have an error.")
 
-	code, err = GenerateCodeCustom(secSha1,1,ValidateOpts{})
+	code, err = GenerateCodeCustom(secSha1, 1, ValidateOpts{})
 	require.Equal(t, 6, len(code), "Code should be 6 digits when we have not an error.")
 	require.NoError(t, err, "Expected no error.")
 }
@@ -98,7 +98,7 @@ func TestValidateInvalid(t *testing.T) {
 		ValidateOpts{
 			Digits:    otp.DigitsSix,
 			Algorithm: otp.AlgorithmSHA1,
-	})
+		})
 	require.Equal(t, otp.ErrValidateInputInvalidLength, err, "Expected Invalid length error.")
 	require.Equal(t, false, valid, "Valid should be false when we have an error.")