From aa719c5d67a730198271016d5c3bd799079b555f Mon Sep 17 00:00:00 2001 From: timvisee Date: Thu, 12 Jan 2023 14:09:37 +0100 Subject: [PATCH 1/4] Simplify parameter handling in URL generation, fix invalid step in tests --- src/lib.rs | 47 +++++++++++++++++++++++------------------------ 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index b80ee32..4c2812b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -621,22 +621,21 @@ impl TOTP { if self.algorithm == Algorithm::Steam { host = "steam"; } - let account_name: String = urlencoding::encode(self.account_name.as_str()).to_string(); - let mut label: String = format!("{}?", account_name); - if self.issuer.is_some() { - let issuer: String = - urlencoding::encode(self.issuer.as_ref().unwrap().as_str()).to_string(); - label = format!("{0}:{1}?issuer={0}&", issuer, account_name); - } + let account_name = urlencoding::encode(self.account_name.as_str()).to_string(); + let mut params = vec![ + format!("secret={}", self.get_secret_base32()), + format!("digits={}", self.digits), + format!("algorithm={}", self.algorithm), + ]; + let label = if self.issuer.is_some() { + let issuer = urlencoding::encode(self.issuer.as_ref().unwrap().as_str()).to_string(); + params.push(format!("issuer={}", issuer)); + format!("{0}:{1}", issuer, account_name) + } else { + account_name + }; - format!( - "otpauth://{}/{}secret={}&digits={}&algorithm={}", - host, - label, - self.get_secret_base32(), - self.digits, - self.algorithm, - ) + format!("otpauth://{}/{}?{}", host, label, params.join("&")) } #[cfg(feature = "qr")] @@ -871,7 +870,7 @@ mod tests { Algorithm::SHA1, 6, 1, - 1, + 30, "TestSecretSuperSecret".as_bytes().to_vec(), None, "constantoine@github.com".to_string(), @@ -888,14 +887,14 @@ mod tests { Algorithm::SHA1, 6, 1, - 1, + 30, "TestSecretSuperSecret".as_bytes().to_vec(), Some("Github".to_string()), "constantoine@github.com".to_string(), ) .unwrap(); let url = totp.get_url(); - assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?issuer=Github&secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA1"); + assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA1&issuer=Github"); } #[test] @@ -905,14 +904,14 @@ mod tests { Algorithm::SHA256, 6, 1, - 1, + 30, "TestSecretSuperSecret".as_bytes().to_vec(), Some("Github".to_string()), "constantoine@github.com".to_string(), ) .unwrap(); let url = totp.get_url(); - assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?issuer=Github&secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA256"); + assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA256&issuer=Github"); } #[test] @@ -922,14 +921,14 @@ mod tests { Algorithm::SHA512, 6, 1, - 1, + 30, "TestSecretSuperSecret".as_bytes().to_vec(), Some("Github".to_string()), "constantoine@github.com".to_string(), ) .unwrap(); let url = totp.get_url(); - assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?issuer=Github&secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA512"); + assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA512&issuer=Github"); } #[test] @@ -1121,7 +1120,7 @@ mod tests { Algorithm::SHA1, 6, 1, - 1, + 30, "TestSecretSuperSecret".as_bytes().to_vec(), Some("Github".to_string()), "constantoine@github.com".to_string(), @@ -1156,7 +1155,7 @@ mod tests { Algorithm::SHA1, 6, 1, - 1, + 30, "TestSecretSuperSecret".as_bytes().to_vec(), Some("Github@".to_string()), "constantoine@github.com".to_string(), From d866af6b066d9e6840d5b4119a579c50ac812883 Mon Sep 17 00:00:00 2001 From: timvisee Date: Thu, 12 Jan 2023 14:10:13 +0100 Subject: [PATCH 2/4] Add period to URL if value is not default --- src/lib.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 4c2812b..6702570 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -634,6 +634,9 @@ impl TOTP { } else { account_name }; + if self.step != 30 { + params.push(format!("period={}", self.step)); + } format!("otpauth://{}/{}?{}", host, label, params.join("&")) } @@ -1173,7 +1176,7 @@ mod tests { Algorithm::SHA1, 6, 1, - 1, + 30, "TestSecretSuperSecret".as_bytes().to_vec(), Some("Github".to_string()), "constantoine".to_string(), @@ -1192,7 +1195,7 @@ mod tests { Algorithm::SHA1, 6, 1, - 1, + 30, "TestSecretSuperSecret".as_bytes().to_vec(), Some("Github".to_string()), "constantoine".to_string(), From d2c6ae62d676a34b5bcb60274292c0fc3cc9dc54 Mon Sep 17 00:00:00 2001 From: timvisee Date: Thu, 12 Jan 2023 14:22:12 +0100 Subject: [PATCH 3/4] Fix unit tests for get_url change --- src/custom_providers.rs | 4 ++-- src/lib.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/custom_providers.rs b/src/custom_providers.rs index 1e88a0c..08ec2e8 100644 --- a/src/custom_providers.rs +++ b/src/custom_providers.rs @@ -52,6 +52,6 @@ mod test { fn get_url_steam() { let totp = TOTP::new_steam("TestSecretSuperSecret".into(), "constantoine".into()); let url = totp.get_url(); - assert_eq!(url.as_str(), "otpauth://steam/Steam:constantoine?issuer=Steam&secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=5&algorithm=SHA1"); + assert_eq!(url.as_str(), "otpauth://steam/Steam:constantoine?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=5&algorithm=SHA1&issuer=Steam"); } -} \ No newline at end of file +} diff --git a/src/lib.rs b/src/lib.rs index 6702570..96ab0d8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1278,7 +1278,7 @@ mod tests { let hash_digest = Sha512::digest(data); assert_eq!( format!("{:x}", hash_digest).as_str(), - "025809c9db9c2c918930e018549c90929a083ee757156737812bad40ded64312c1526c73d8f2f59d5c203b97141ddfc331b1192e234f4f43257f50a6d05e382f" + "2b6e6205bf1cea547b20af23c504eab8062af96c642c0d76afb3df6695fa231b210b7ae435e34bea1ef8b91216fd3a0f7065e7992f1703e0737600b464a1083e" ); } From 5f676dd3dc3d9d97dde3a067a110e2852470bdd2 Mon Sep 17 00:00:00 2001 From: timvisee Date: Fri, 13 Jan 2023 20:24:36 +0100 Subject: [PATCH 4/4] Only add digits and algorithm parameters to URL for non default values --- src/lib.rs | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 96ab0d8..4c21243 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -622,15 +622,17 @@ impl TOTP { host = "steam"; } let account_name = urlencoding::encode(self.account_name.as_str()).to_string(); - let mut params = vec![ - format!("secret={}", self.get_secret_base32()), - format!("digits={}", self.digits), - format!("algorithm={}", self.algorithm), - ]; - let label = if self.issuer.is_some() { - let issuer = urlencoding::encode(self.issuer.as_ref().unwrap().as_str()).to_string(); + let mut params = vec![format!("secret={}", self.get_secret_base32())]; + if self.digits != 6 { + params.push(format!("digits={}", self.digits)); + } + if self.algorithm != Algorithm::SHA1 { + params.push(format!("algorithm={}", self.algorithm)); + } + let label = if let Some(issuer) = &self.issuer { + let issuer = urlencoding::encode(issuer); params.push(format!("issuer={}", issuer)); - format!("{0}:{1}", issuer, account_name) + format!("{}:{}", issuer, account_name) } else { account_name }; @@ -880,7 +882,10 @@ mod tests { ) .unwrap(); let url = totp.get_url(); - assert_eq!(url.as_str(), "otpauth://totp/constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA1"); + assert_eq!( + url.as_str(), + "otpauth://totp/constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ" + ); } #[test] @@ -897,7 +902,7 @@ mod tests { ) .unwrap(); let url = totp.get_url(); - assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA1&issuer=Github"); + assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&issuer=Github"); } #[test] @@ -914,7 +919,7 @@ mod tests { ) .unwrap(); let url = totp.get_url(); - assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA256&issuer=Github"); + assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&algorithm=SHA256&issuer=Github"); } #[test] @@ -931,7 +936,7 @@ mod tests { ) .unwrap(); let url = totp.get_url(); - assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&digits=6&algorithm=SHA512&issuer=Github"); + assert_eq!(url.as_str(), "otpauth://totp/Github:constantoine%40github.com?secret=KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ&algorithm=SHA512&issuer=Github"); } #[test] @@ -1263,7 +1268,7 @@ mod tests { Algorithm::SHA1, 6, 1, - 1, + 30, "TestSecretSuperSecret".as_bytes().to_vec(), Some("Github".to_string()), "constantoine@github.com".to_string(), @@ -1278,7 +1283,7 @@ mod tests { let hash_digest = Sha512::digest(data); assert_eq!( format!("{:x}", hash_digest).as_str(), - "2b6e6205bf1cea547b20af23c504eab8062af96c642c0d76afb3df6695fa231b210b7ae435e34bea1ef8b91216fd3a0f7065e7992f1703e0737600b464a1083e" + "fbb0804f1e4f4c689d22292c52b95f0783b01b4319973c0c50dd28af23dbbbe663dce4eb05a7959086d9092341cb9f103ec5a9af4a973867944e34c063145328" ); }