rotp 2.1.1 → 6.2.2

data/spec/lib/rotp/base32_spec.rb

@@ -1,25 +1,33 @@
 require 'spec_helper'
 
 RSpec.describe ROTP::Base32 do
-
-  describe '.random_base32' do
+  describe '.random' do
     context 'without arguments' do
-      let(:base32) { ROTP::Base32.random_base32 }
+      let(:base32) { ROTP::Base32.random }
 
-      it 'is 16 characters long' do
-        expect(base32.length).to eq 16
+      it 'is 20 bytes (160 bits) long (resulting in a 32 character base32 code)' do
+        expect(ROTP::Base32.decode(base32).length).to eq 20
+        expect(base32.length).to eq 32
       end
 
-      it 'is hexadecimal' do
-        expect(base32).to match %r{\A[a-z2-7]+\z}
+      it 'is base32 charset' do
+        expect(base32).to match(/\A[A-Z2-7]+\z/)
       end
     end
 
     context 'with arguments' do
-      let(:base32) { ROTP::Base32.random_base32 32 }
+      let(:base32) { ROTP::Base32.random 48 }
 
-      it 'allows a specific length' do
-        expect(base32.length).to eq 32
+      it 'returns the appropriate byte length code' do
+        expect(ROTP::Base32.decode(base32).length).to eq 48
+      end
+    end
+
+    context 'alias to older random_base32' do
+      let(:base32) { ROTP::Base32.random_base32(36) }
+      it 'is base32 charset' do
+        expect(base32.length).to eq 36
+        expect(ROTP::Base32.decode(base32).length).to eq 22
       end
     end
   end
@@ -34,16 +42,40 @@ RSpec.describe ROTP::Base32 do
 
     context 'valid input data' do
       it 'correctly decodes a string' do
-        expect(ROTP::Base32.decode('F').unpack('H*').first).to eq '28'
-        expect(ROTP::Base32.decode('23').unpack('H*').first).to eq 'd6'
-        expect(ROTP::Base32.decode('234').unpack('H*').first).to eq 'd6f8'
-        expect(ROTP::Base32.decode('234A').unpack('H*').first).to eq 'd6f800'
-        expect(ROTP::Base32.decode('234B').unpack('H*').first).to eq 'd6f810'
-        expect(ROTP::Base32.decode('234BCD').unpack('H*').first).to eq 'd6f8110c'
-        expect(ROTP::Base32.decode('234BCDE').unpack('H*').first).to eq 'd6f8110c80'
-        expect(ROTP::Base32.decode('234BCDEFG').unpack('H*').first).to eq 'd6f8110c8530'
-        expect(ROTP::Base32.decode('234BCDEFG234BCDEFG').unpack('H*').first).to eq 'd6f8110c8536b7c0886429'
+        expect(ROTP::Base32.decode('2EB7C66WC5TSO').unpack('H*').first).to eq 'd103f17bd6176727'
+        expect(ROTP::Base32.decode('Y6Y5ZCAC7NABCHSJ').unpack('H*').first).to eq 'c7b1dc8802fb40111e49'
+      end
+
+      it 'correctly decode strings with trailing bits (not a multiple of 8)' do
+        # Dropbox style 26 characters (26*5==130 bits or 16.25 bytes, but chopped to 128)
+        # Matches the behavior of Google Authenticator, drops extra 2 empty bits
+        expect(ROTP::Base32.decode('YVT6Z2XF4BQJNBMTD7M6QBQCEM').unpack('H*').first).to eq 'c567eceae5e0609685931fd9e8060223'
+
+        # For completeness, test all the possibilities allowed by Google Authenticator
+        # Drop the incomplete empty extra 4 bits (28*5==140bits or 17.5 bytes, chopped to 136 bits)
+        expect(ROTP::Base32.decode('5GGZQB3WN6LD7V3L5HPDYTQUANEQ').unpack('H*').first).to eq 'e98d9807766f963fd76be9de3c4e140349'
+
+      end
+
+      context 'with padding' do
+        it 'correctly decodes a string' do
+          expect(ROTP::Base32.decode('234A===').unpack('H*').first).to eq 'd6f8'
+        end
+      end
+
+    end
+  end
+
+  describe '.encode' do
+    context 'encode input data' do
+      it 'correctly encodes data' do
+        expect(ROTP::Base32.encode(hex_to_bin('3c204da94294ff82103ee34e96f74b48'))).to eq 'HQQE3KKCST7YEEB64NHJN52LJA'
       end
     end
   end
+
+end
+
+def hex_to_bin(s)
+  s.scan(/../).map { |x| x.hex }.pack('c*')
 end

data/spec/lib/rotp/cli_spec.rb

@@ -4,26 +4,65 @@ require 'rotp/cli'
 RSpec.describe ROTP::CLI do
   let(:cli)    { described_class.new('executable', argv) }
   let(:output) { cli.output }
-  let(:now)    { Time.utc 2012,1,1 }
+  let(:now)    { Time.utc 2012, 1, 1 }
 
   before do
     Timecop.freeze now
   end
 
   context 'generating a TOTP' do
-    let(:argv) { %w(--secret JBSWY3DPEHPK3PXP) }
+    let(:argv) { %w[--secret JBSWY3DPEHPK3PXP] }
 
     it 'prints the corresponding token' do
       expect(output).to eq '068212'
     end
   end
 
+  context 'generating a TOTP with sha256 digest' do
+    let(:argv) { %w[--secret JBSWY3DPEHPK3PXP --digest sha256] }
+
+    it 'prints the corresponding token' do
+      expect(output).to eq '544902'
+    end
+  end
+
+  context 'generating a TOTP with no secret' do
+    let(:argv) { %w[--time --secret] }
+
+    it 'prints the corresponding token' do
+      expect(output).to match 'You must also specify a --secret'
+    end
+  end
+
+  context 'generating a TOTP with bad base32 secret' do
+    let(:argv) { %W[--time --secret #{'1' * 32}] }
+
+    it 'prints the corresponding token' do
+      expect(output).to match 'Secret must be in RFC4648 Base32 format'
+    end
+  end
+
+  context 'trying to generate an unsupport type' do
+    let(:argv) { %W[--notreal --secret #{'a' * 32}] }
+
+    it 'prints the corresponding token' do
+      expect(output).to match 'invalid option: --notreal'
+    end
+  end
+
   context 'generating a HOTP' do
-    let(:argv) { %W(--hmac --secret #{'a' * 32} --counter 1234) }
+    let(:argv) { %W[--hmac --secret #{'a' * 32} --counter 1234] }
 
     it 'prints the corresponding token' do
       expect(output).to eq '161024'
     end
   end
 
+  context 'generating a HOTP' do
+    let(:argv) { %W[--hmac --secret #{'a' * 32} --counter 1234 --digest sha256] }
+
+    it 'prints the corresponding token' do
+      expect(output).to eq '325941'
+    end
+  end
 end

data/spec/lib/rotp/hotp_spec.rb

@@ -14,11 +14,9 @@ RSpec.describe ROTP::HOTP do
       end
     end
 
-    context 'without padding' do
-      let(:token) { hotp.at counter, false }
-
-      it 'generates an integer OTP' do
-        expect(token).to eq 161024
+    context 'invalid counter' do
+      it 'raises an error' do
+        expect { hotp.at(-123_456) }.to raise_error(ArgumentError)
       end
     end
 
@@ -39,7 +37,6 @@ RSpec.describe ROTP::HOTP do
         expect(hotp.at(8)).to eq '399871'
         expect(hotp.at(9)).to eq '520489'
       end
-
     end
   end
 
@@ -47,10 +44,10 @@ RSpec.describe ROTP::HOTP do
     let(:verification) { hotp.verify token, counter }
 
     context 'numeric token' do
-      let(:token) { 161024 }
+      let(:token) { 161_024 }
 
       it 'raises an error' do
-        expect { verification }.to raise_error
+        expect { verification }.to raise_error(ArgumentError)
       end
     end
 
@@ -69,74 +66,56 @@ RSpec.describe ROTP::HOTP do
         expect(hotp.verify(token, 10)).to be_falsey
       end
     end
-  end
-
-  describe '#provisioning_uri' do
-    let(:uri)    { hotp.provisioning_uri('mark@percival') }
-    let(:params) { CGI::parse URI::parse(uri).query }
-
-    it 'has the correct format' do
-      expect(uri).to match %r{\Aotpauth:\/\/hotp.+}
-    end
-
-    it 'includes the secret as parameter' do
-      expect(params['secret'].first).to eq 'a' * 32
-    end
-  end
-
-  describe '#verify_with_retries' do
-    let(:verification) { hotp.verify_with_retries token, counter, retries }
+    describe 'with retries' do
+      let(:verification) { hotp.verify token, counter, retries: retries }
 
-    context 'negative retries' do
-      let(:retries) { -1 }
+      context 'counter outside than retries' do
+        let(:counter) { 1223 }
+        let(:retries) { 10 }
 
-      it 'is false' do
-        expect(verification).to be_falsey
+        it 'is false' do
+          expect(verification).to be_falsey
+        end
       end
-    end
 
-    context 'zero retries' do
-      let(:retries) { 0 }
+      context 'counter exactly in retry range' do
+        let(:counter) { 1224 }
+        let(:retries) { 10 }
 
-      it 'is false' do
-        expect(verification).to be_falsey
+        it 'is true' do
+          expect(verification).to eq 1234
+        end
       end
-    end
 
-    context 'counter lower than retries' do
-      let(:counter) { 1223 }
-      let(:retries) { 10 }
+      context 'counter in retry range' do
+        let(:counter) { 1224 }
+        let(:retries) { 11 }
 
-      it 'is false' do
-        expect(verification).to be_falsey
+        it 'is true' do
+          expect(verification).to eq 1234
+        end
       end
-    end
 
-    context 'counter exactly in retry range' do
-      let(:counter) { 1224 }
-      let(:retries) { 10 }
+      context 'counter ahead of token' do
+        let(:counter) { 1235 }
+        let(:retries) { 3 }
 
-      it 'is true' do
-        expect(verification).to eq 1234
+        it 'is false' do
+          expect(verification).to be_falsey
+        end
       end
     end
+  end
 
-    context 'counter in retry range' do
-      let(:counter) { 1224 }
-      let(:retries) { 11 }
-
-      it 'is true' do
-        expect(verification).to eq 1234
-      end
+  describe '#provisioning_uri' do
+    it 'accepts the account name' do
+      expect(hotp.provisioning_uri('mark@percival'))
+        .to eq 'otpauth://hotp/mark%40percival?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&counter=0'
     end
 
-    context 'counter too high' do
-      let(:counter) { 1235 }
-      let(:retries) { 3 }
-
-      it 'is false' do
-        expect(verification).to be_falsey
-      end
+    it 'also accepts a custom counter value' do
+      expect(hotp.provisioning_uri('mark@percival', 17))
+        .to eq 'otpauth://hotp/mark%40percival?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&counter=17'
     end
   end
 end

data/spec/lib/rotp/otp/uri_spec.rb

@@ -0,0 +1,99 @@
+require 'spec_helper'
+
+RSpec.describe ROTP::OTP::URI do
+  it 'meets basic functionality' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP'
+  end
+
+  it 'includes issuer' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Example')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Example:alice%40google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example'
+  end
+
+  it 'encodes the account name' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Provider1')
+    uri = described_class.new(otp, account_name: 'Alice Smith')
+    expect(uri.to_s).to eq 'otpauth://totp/Provider1:Alice%20Smith?secret=JBSWY3DPEHPK3PXP&issuer=Provider1'
+  end
+
+  it 'encodes the issuer' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Big Corporation')
+    uri = described_class.new(otp, account_name: ' alice@bigco.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Big%20Corporation:%20alice%40bigco.com?secret=JBSWY3DPEHPK3PXP&issuer=Big%20Corporation'
+  end
+
+  it 'includes non-default SHA256 algorithm' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', digest: 'sha256')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&algorithm=SHA256'
+  end
+
+  it 'includes non-default SHA512 algorithm' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', digest: 'sha512')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&algorithm=SHA512'
+  end
+
+  it 'includes non-default 8 digits' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', digits: 8)
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&digits=8'
+  end
+
+  it 'includes non-default period for TOTP' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', interval: 35)
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&period=35'
+  end
+
+  it 'includes non-default counter for HOTP' do
+    otp = ROTP::HOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'alice@google.com', counter: 17)
+    expect(uri.to_s).to eq 'otpauth://hotp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&counter=17'
+  end
+
+  it 'can include all parameters' do
+    otp = ROTP::TOTP.new(
+      'HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ',
+      digest: 'sha512',
+      digits: 8,
+      interval: 60,
+      issuer: 'ACME Co',
+    )
+    uri = described_class.new(otp, account_name: 'john.doe@email.com')
+    expect(uri.to_s).to eq'otpauth://totp/ACME%20Co:john.doe%40email.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA512&digits=8&period=60'
+  end
+
+  it 'strips leading and trailing whitespace from the issuer' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: '  Big Corporation  ')
+    uri = described_class.new(otp, account_name: ' alice@bigco.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Big%20Corporation:%20alice%40bigco.com?secret=JBSWY3DPEHPK3PXP&issuer=Big%20Corporation'
+  end
+
+  it 'strips trailing whitespace from the account name' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: '  alice@google.com  ')
+    expect(uri.to_s).to eq 'otpauth://totp/%20%20alice%40google.com?secret=JBSWY3DPEHPK3PXP'
+  end
+
+  it 'replaces colons in the issuer with underscores' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Big:Corporation')
+    uri = described_class.new(otp, account_name: 'alice@bigco.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Big_Corporation:alice%40bigco.com?secret=JBSWY3DPEHPK3PXP&issuer=Big_Corporation'
+  end
+
+  it 'replaces colons in the account name with underscores' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'Alice:Smith')
+    expect(uri.to_s).to eq 'otpauth://totp/Alice_Smith?secret=JBSWY3DPEHPK3PXP'
+  end
+
+  it 'handles email account names with sub-addressing' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'alice+1234@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%2B1234%40google.com?secret=JBSWY3DPEHPK3PXP'
+  end
+end