From 1b87d28e2b73a65c0e75f6f5f43a1f0660a6cf24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Thu, 17 Oct 2024 11:23:17 +0200 Subject: [PATCH] Support case-insensitive TOTP generation --- crates/bitwarden-vault/src/totp.rs | 43 +++++++++++++++++++++++++----- 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/crates/bitwarden-vault/src/totp.rs b/crates/bitwarden-vault/src/totp.rs index 8aee3e694..7066bcb60 100644 --- a/crates/bitwarden-vault/src/totp.rs +++ b/crates/bitwarden-vault/src/totp.rs @@ -157,17 +157,19 @@ impl FromStr for Totp { /// - OTP Auth URI /// - Steam URI fn from_str(key: &str) -> Result { + let key = key.to_lowercase(); + let params = if key.starts_with("otpauth://") { - let url = Url::parse(key).map_err(|_| TotpError::InvalidOtpauth)?; + let url = Url::parse(&key).map_err(|_| TotpError::InvalidOtpauth)?; let parts: HashMap<_, _> = url.query_pairs().collect(); Totp { algorithm: parts .get("algorithm") - .and_then(|v| match v.to_uppercase().as_ref() { - "SHA1" => Some(Algorithm::Sha1), - "SHA256" => Some(Algorithm::Sha256), - "SHA512" => Some(Algorithm::Sha512), + .and_then(|v| match v.as_ref() { + "sha1" => Some(Algorithm::Sha1), + "sha256" => Some(Algorithm::Sha256), + "sha512" => Some(Algorithm::Sha512), _ => None, }) .unwrap_or(DEFAULT_ALGORITHM), @@ -200,7 +202,7 @@ impl FromStr for Totp { algorithm: DEFAULT_ALGORITHM, digits: DEFAULT_DIGITS, period: DEFAULT_PERIOD, - secret: decode_b32(key), + secret: decode_b32(&key), } }; @@ -285,6 +287,7 @@ mod tests { ("PIUD1IS!EQYA=", "829846"), // sanitized // Steam ("steam://HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ", "7W6CJ"), + ("StEam://HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ", "7W6CJ"), ("steam://ABCD123", "N26DF"), // Various weird lengths ("ddfdf", "932653"), @@ -321,6 +324,20 @@ mod tests { assert_eq!(response.period, 30); } + #[test] + fn test_generate_otpauth_uppercase() { + let key = "OTPauth://totp/test-account?secret=WQIQ25BRKZYCJVYP".to_string(); + let time = Some( + DateTime::parse_from_rfc3339("2023-01-01T00:00:00.000Z") + .unwrap() + .with_timezone(&Utc), + ); + let response = generate_totp(key, time).unwrap(); + + assert_eq!(response.code, "194506".to_string()); + assert_eq!(response.period, 30); + } + #[test] fn test_generate_otpauth_period() { let key = "otpauth://totp/test-account?secret=WQIQ25BRKZYCJVYP&period=60".to_string(); @@ -335,6 +352,20 @@ mod tests { assert_eq!(response.period, 60); } + #[test] + fn test_generate_otpauth_algorithm_sha256() { + let key = "otpauth://totp/test-account?secret=WQIQ25BRKZYCJVYP&algorithm=SHA256".to_string(); + let time = Some( + DateTime::parse_from_rfc3339("2023-01-01T00:00:00.000Z") + .unwrap() + .with_timezone(&Utc), + ); + let response = generate_totp(key, time).unwrap(); + + assert_eq!(response.code, "842615".to_string()); + assert_eq!(response.period, 30); + } + #[test] fn test_generate_totp_cipher_view() { let view = CipherListView {