From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Maximiliano Sandoval <m.sandoval@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] applied: [PATCH pbs] tfa: Improve TOTP algorithm parsing
Date: Tue, 20 Jun 2023 13:23:06 +0200 [thread overview]
Message-ID: <kywwbkhcwgqcmgarcv4l3liy3ywqhxcs2xkd4encw7eeepwyrl@y6m6wexnvsph> (raw)
In-Reply-To: <20230609155225.173010-1-m.sandoval@proxmox.com>
applied, though not too happy when tools just randomly casefold stuff
instead of using the values listed in the "spec" (whatever this one's
worth...)
On Fri, Jun 09, 2023 at 05:52:25PM +0200, Maximiliano Sandoval wrote:
> It is very common for TOTP URIs to contain the algorithm in lowercase,
> hence we convert to lowercase when doing From<&str> for Algorithm.
>
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
> proxmox-tfa/src/totp.rs | 28 ++++++++++++++++++++++++----
> 1 file changed, 24 insertions(+), 4 deletions(-)
>
> diff --git a/proxmox-tfa/src/totp.rs b/proxmox-tfa/src/totp.rs
> index 7b8e6b3..97be715 100644
> --- a/proxmox-tfa/src/totp.rs
> +++ b/proxmox-tfa/src/totp.rs
> @@ -99,10 +99,10 @@ impl std::str::FromStr for Algorithm {
> type Err = Error;
>
> fn from_str(s: &str) -> Result<Self, Error> {
> - Ok(match s {
> - "SHA1" => Algorithm::Sha1,
> - "SHA256" => Algorithm::Sha256,
> - "SHA512" => Algorithm::Sha512,
> + Ok(match s.to_lowercase().as_str() {
> + "sha1" => Algorithm::Sha1,
> + "sha256" => Algorithm::Sha256,
> + "sha512" => Algorithm::Sha512,
> _ => return Err(Error::UnsupportedAlgorithm(s.to_string())),
> })
> }
> @@ -640,3 +640,23 @@ fn test_otp() {
> assert_eq!(parsed.issuer.as_deref(), Some("An Issuer"));
> assert_eq!(parsed.account_name.as_deref(), Some("The Account Name"));
> }
> +
> +#[test]
> +fn test_algorithm_parsing() {
> + let secret = "AA";
> + let period = 30;
> + let digits = 6;
> + let issuer = "ISSUER";
> + let uri = format!("otpauth://totp/user%40hostname?secret={secret}&issuer={issuer}&algorithm=sha1&digits={digits}&period={period}");
> + let hotp: Totp = uri.parse().expect("failed to parse otp uri");
> +
> + assert_eq!(hotp.algorithm, Algorithm::Sha1);
> + assert_eq!(hotp.period, period);
> + assert_eq!(hotp.digits, digits);
> + assert_eq!(hotp.issuer.as_deref(), Some(issuer));
> + assert_eq!(hotp.account_name.as_deref(), Some("user@hostname"));
> + assert_eq!(
> + &base32::encode(base32::Alphabet::RFC4648 { padding: false }, &hotp.secret()),
> + secret
> + )
> +}
> --
> 2.39.2
prev parent reply other threads:[~2023-06-20 11:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-09 15:52 [pbs-devel] " Maximiliano Sandoval
2023-06-20 11:23 ` Wolfgang Bumiller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=kywwbkhcwgqcmgarcv4l3liy3ywqhxcs2xkd4encw7eeepwyrl@y6m6wexnvsph \
--to=w.bumiller@proxmox.com \
--cc=m.sandoval@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox