- This was a relic from the beggining of the library, but `TOTP` is no longer generic. In my opinion, while having been used in the past for some historical reasons, the generic was mostly useless as almost everyone just used bytes as a secret, prevented us from doing some work like the `zeroize` feature, and overall made it more complex to new users than it needed to be.
### Special thanks
* [@tmpfs](https://github.com/tmpfs) for the work done on #40.
* [@timvisee](https://github.com/timvisee) for their feedback on #40.
## Note
This is the last release for 2022. This project has thus far been a wild ride. Originally intended for a non-profit organization, it gained traction outside of it, and soon became one the projects I'm the most proud of. It has been a pleasure learning from amazing people, and getting precious feedback from real life users. The open-source community has always been a special place to me, and being able to put in the hours to finally give something back has been, is, an amazing opportunity.
The year 2023 should see a lot less of breaking changes, as the library slowly approaches a form most users can happily use. This doesn't mean the library will stop being maintained, but I (hopefully) will stop breaking your stuff so often.
As always for every new realease, please report any issue encountered while updating totp-rs to `4.0.0`.
* Secret handling is now less error prone thanks to #25
* Totp now implements the `Default` trait, which will generate a strong secret, and have sane default values according to RFC-6238 like #26
*`Rfc6238` struct is exposed for easy Totp building
*`Totp.ttl` convenience method will tell remaining validity time of token (not taking skew into account)
### New dependency
* [gen_secret] uses `rand` to generate a secret
### Breaking
* TotpUrlError now contain a string explaining. Inspired by #23
* Totp fields `issuer` and `account_name` won't be present anymore if feature `otpauth` isn't enabled
* The secret and digits field will now be validated for SecretSize (>= 128 bits)
### Special thanks
* [@sacovo](https://github.com/sacovo)for opening #23, from which the TotpUrlError rework was inspired
* [@steven89](https://github.com/steven89) for the tremendous work and back and forth provided with #24#25 and #26
## Note
This has been, I think, the update containing the most work. While a lot of unit testing have been done, and test cases added, coverage seems to have dropped. Please report any issue encountered while updating totp-rs to 3.0.0
* [otpauth] now uses `urlencoding`, which has no dependencies, to url-encode and url-decode values. Because doing this with the `url` library was kind of awkward.
### Fixes
* Bug where your issuer would be incorrectly prefixed with a /, and comparison with the issuer parameter would fail.
* Bug where the issuer and account name in path would not be correctly url decoded in path, but correctly decoded in url query.
* Added url dependency for `otpauth` feature, which adds a `from_url` function to parse a `TOTP` object from url. Thanks to @wyhaya (https://github.com/constantoine/totp-rs/pull/19)
* Mitigated possible timing attack as noticed per @gleb-chipiga in https://github.com/constantoine/totp-rs/issues/13
* Added PartialEq support for TOTP<T> and PartialEq + Eq support for Algorithm, suggestion from @gleb-chipiga in https://github.com/constantoine/totp-rs/issues/14
* Fixed wrongful results using hmac-256 and hmac-512 thanks to @ironhaven extensive researches within RFC's in https://github.com/constantoine/totp-rs/pull/12
## What's coming next
- The currently used "qrcode" library is abandonned. Preliminary work showed it was not compatible woth newer versions of the "image" library
- I'd like to take that opportunity to rethink the way the "qr" feature is presented