[pbs-devel] [PATCH pbs] tfa: Improve TOTP algorithm parsing

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [pbs-devel] [PATCH pbs] tfa: Improve TOTP algorithm parsing
@ 2023-06-09 15:52 Maximiliano Sandoval
  2023-06-20 11:23 ` [pbs-devel] applied: " Wolfgang Bumiller
  0 siblings, 1 reply; 2+ messages in thread
From: Maximiliano Sandoval @ 2023-06-09 15:52 UTC (permalink / raw)
  To: pbs-devel

It is very common for TOTP URIs to contain the algorithm in lowercase,
hence we convert to lowercase when doing From<&str> for Algorithm.

Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
---
 proxmox-tfa/src/totp.rs | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/proxmox-tfa/src/totp.rs b/proxmox-tfa/src/totp.rs
index 7b8e6b3..97be715 100644
--- a/proxmox-tfa/src/totp.rs
+++ b/proxmox-tfa/src/totp.rs
@@ -99,10 +99,10 @@ impl std::str::FromStr for Algorithm {
     type Err = Error;
 
     fn from_str(s: &str) -> Result<Self, Error> {
-        Ok(match s {
-            "SHA1" => Algorithm::Sha1,
-            "SHA256" => Algorithm::Sha256,
-            "SHA512" => Algorithm::Sha512,
+        Ok(match s.to_lowercase().as_str() {
+            "sha1" => Algorithm::Sha1,
+            "sha256" => Algorithm::Sha256,
+            "sha512" => Algorithm::Sha512,
             _ => return Err(Error::UnsupportedAlgorithm(s.to_string())),
         })
     }
@@ -640,3 +640,23 @@ fn test_otp() {
     assert_eq!(parsed.issuer.as_deref(), Some("An Issuer"));
     assert_eq!(parsed.account_name.as_deref(), Some("The Account Name"));
 }
+
+#[test]
+fn test_algorithm_parsing() {
+    let secret = "AA";
+    let period = 30;
+    let digits = 6;
+    let issuer = "ISSUER";
+    let uri = format!("otpauth://totp/user%40hostname?secret={secret}&issuer={issuer}&algorithm=sha1&digits={digits}&period={period}");
+    let hotp: Totp = uri.parse().expect("failed to parse otp uri");
+
+    assert_eq!(hotp.algorithm, Algorithm::Sha1);
+    assert_eq!(hotp.period, period);
+    assert_eq!(hotp.digits, digits);
+    assert_eq!(hotp.issuer.as_deref(), Some(issuer));
+    assert_eq!(hotp.account_name.as_deref(), Some("user@hostname"));
+    assert_eq!(
+        &base32::encode(base32::Alphabet::RFC4648 { padding: false }, &hotp.secret()),
+        secret
+    )
+}
-- 
2.39.2





^ permalink raw reply	[flat|nested] 2+ messages in thread

* [pbs-devel] applied: [PATCH pbs] tfa: Improve TOTP algorithm parsing
  2023-06-09 15:52 [pbs-devel] [PATCH pbs] tfa: Improve TOTP algorithm parsing Maximiliano Sandoval
@ 2023-06-20 11:23 ` Wolfgang Bumiller
  0 siblings, 0 replies; 2+ messages in thread
From: Wolfgang Bumiller @ 2023-06-20 11:23 UTC (permalink / raw)
  To: Maximiliano Sandoval; +Cc: pbs-devel

applied, though not too happy when tools just randomly casefold stuff
instead of using the values listed in the "spec" (whatever this one's
worth...)

On Fri, Jun 09, 2023 at 05:52:25PM +0200, Maximiliano Sandoval wrote:
> It is very common for TOTP URIs to contain the algorithm in lowercase,
> hence we convert to lowercase when doing From<&str> for Algorithm.
> 
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
>  proxmox-tfa/src/totp.rs | 28 ++++++++++++++++++++++++----
>  1 file changed, 24 insertions(+), 4 deletions(-)
> 
> diff --git a/proxmox-tfa/src/totp.rs b/proxmox-tfa/src/totp.rs
> index 7b8e6b3..97be715 100644
> --- a/proxmox-tfa/src/totp.rs
> +++ b/proxmox-tfa/src/totp.rs
> @@ -99,10 +99,10 @@ impl std::str::FromStr for Algorithm {
>      type Err = Error;
>  
>      fn from_str(s: &str) -> Result<Self, Error> {
> -        Ok(match s {
> -            "SHA1" => Algorithm::Sha1,
> -            "SHA256" => Algorithm::Sha256,
> -            "SHA512" => Algorithm::Sha512,
> +        Ok(match s.to_lowercase().as_str() {
> +            "sha1" => Algorithm::Sha1,
> +            "sha256" => Algorithm::Sha256,
> +            "sha512" => Algorithm::Sha512,
>              _ => return Err(Error::UnsupportedAlgorithm(s.to_string())),
>          })
>      }
> @@ -640,3 +640,23 @@ fn test_otp() {
>      assert_eq!(parsed.issuer.as_deref(), Some("An Issuer"));
>      assert_eq!(parsed.account_name.as_deref(), Some("The Account Name"));
>  }
> +
> +#[test]
> +fn test_algorithm_parsing() {
> +    let secret = "AA";
> +    let period = 30;
> +    let digits = 6;
> +    let issuer = "ISSUER";
> +    let uri = format!("otpauth://totp/user%40hostname?secret={secret}&issuer={issuer}&algorithm=sha1&digits={digits}&period={period}");
> +    let hotp: Totp = uri.parse().expect("failed to parse otp uri");
> +
> +    assert_eq!(hotp.algorithm, Algorithm::Sha1);
> +    assert_eq!(hotp.period, period);
> +    assert_eq!(hotp.digits, digits);
> +    assert_eq!(hotp.issuer.as_deref(), Some(issuer));
> +    assert_eq!(hotp.account_name.as_deref(), Some("user@hostname"));
> +    assert_eq!(
> +        &base32::encode(base32::Alphabet::RFC4648 { padding: false }, &hotp.secret()),
> +        secret
> +    )
> +}
> -- 
> 2.39.2




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-06-20 11:23 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-09 15:52 [pbs-devel] [PATCH pbs] tfa: Improve TOTP algorithm parsing Maximiliano Sandoval
2023-06-20 11:23 ` [pbs-devel] applied: " Wolfgang Bumiller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal