mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2024-12-25 07:19:42 -05:00
Relax strictness of TOTP Base32 validation
* Fix #3754 - Accept valid TOTP keys that require padding when converted to Base32. * Allow use of spaces and lower case letters in the TOTP secret key.
This commit is contained in:
parent
4edb623745
commit
f9d2696046
@ -1,6 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2017 Weslly Honorato <weslly@protonmail.com>
|
||||
* Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
|
||||
* Copyright (C) 2019 KeePassXC Team <team@keepassxc.org>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -46,9 +45,11 @@ TotpSetupDialog::~TotpSetupDialog()
|
||||
void TotpSetupDialog::saveSettings()
|
||||
{
|
||||
// Secret key sanity check
|
||||
auto key = m_ui->seedEdit->text().toLatin1();
|
||||
// Convert user input to all uppercase and remove '='
|
||||
auto key = m_ui->seedEdit->text().toUpper().remove(" ").remove("=").toLatin1();
|
||||
auto sanitizedKey = Base32::sanitizeInput(key);
|
||||
if (sanitizedKey != key) {
|
||||
// Use startsWith to ignore added '=' for padding at the end
|
||||
if (!sanitizedKey.startsWith(key)) {
|
||||
MessageBox::information(this,
|
||||
tr("Invalid TOTP Secret"),
|
||||
tr("You have entered an invalid secret key. The key must be in Base32 format.\n"
|
||||
@ -112,7 +113,9 @@ void TotpSetupDialog::init()
|
||||
// Read entry totp settings
|
||||
auto settings = m_entry->totpSettings();
|
||||
if (settings) {
|
||||
m_ui->seedEdit->setText(settings->key);
|
||||
auto key = settings->key;
|
||||
m_ui->seedEdit->setText(key.remove("="));
|
||||
m_ui->seedEdit->setCursorPosition(0);
|
||||
m_ui->stepSpinBox->setValue(settings->step);
|
||||
|
||||
if (settings->encoder.shortName == Totp::STEAM_SHORTNAME) {
|
||||
|
@ -756,7 +756,8 @@ void TestGui::testTotp()
|
||||
|
||||
QApplication::processEvents();
|
||||
|
||||
QString exampleSeed = "gezdgnbvgy3tqojqgezdgnbvgy3tqojq";
|
||||
QString exampleSeed = "gezd gnbvgY 3tqojqGEZdgnb vgy3tqoJq===";
|
||||
QString expectedFinalSeed = exampleSeed.toUpper().remove(" ").remove("=");
|
||||
auto* seedEdit = setupTotpDialog->findChild<QLineEdit*>("seedEdit");
|
||||
seedEdit->setText("");
|
||||
QTest::keyClicks(seedEdit, exampleSeed);
|
||||
@ -781,7 +782,7 @@ void TestGui::testTotp()
|
||||
editEntryWidget->setCurrentPage(1);
|
||||
auto* attrTextEdit = editEntryWidget->findChild<QPlainTextEdit*>("attributesEdit");
|
||||
QTest::mouseClick(editEntryWidget->findChild<QAbstractButton*>("revealAttributeButton"), Qt::LeftButton);
|
||||
QCOMPARE(attrTextEdit->toPlainText(), exampleSeed);
|
||||
QCOMPARE(attrTextEdit->toPlainText(), expectedFinalSeed);
|
||||
|
||||
auto* editEntryWidgetButtonBox = editEntryWidget->findChild<QDialogButtonBox*>("buttonBox");
|
||||
QTest::mouseClick(editEntryWidgetButtonBox->button(QDialogButtonBox::Ok), Qt::LeftButton);
|
||||
|
Loading…
Reference in New Issue
Block a user