rotp 4.1.0 → 6.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72a52a1f0f26257e83977969144abf6324fee40c65ef4f6b3b910d30c3bb1e36
-  data.tar.gz: 212a5ca91186490c07221f7f17e4d39cc05778b89ebf22cf53712de2cfb8944a
+  metadata.gz: cd976bfa6985075f5e2b76607256d0afbbdf88a82c38cd094d0eaffbb5bce4f2
+  data.tar.gz: 70df660f1eca3dd9efc7baa1f53061ba9af1bbb49e4bb6ead507509f6e845d38
 SHA512:
-  metadata.gz: 41b36b57154571a35d8d3f59961c3f1754c2bfb3bf06e2a29e2360b24ba884e7d632f86d3d5491341034a30654ba971d96bfcfecae85687a701230cf8e4523ba
-  data.tar.gz: d70217238c2d859b674f9cc702e9ffcb4fcb5cdf3a75d9b40306d0dee8f28198363d6001510e2cbc2b507d24cb753127d602b6dec211da77287d7ac04fabef98
+  metadata.gz: 7fb326cc887a1a5614c90c492ac43b72188f75caa90fcc50c3338d129abe2efe4f67af88d018c378379806f1bef0c1d0e40fc6c683f4427f40ad411326729022
+  data.tar.gz: 4f913bf0693c1cead926bfe625e226fe8277323f93a552459447a792cd27b9189860ab26d3907baafff0e217430b04fb9e8b1829b0795e4c96e83062fac409fb

data/.travis.yml

@@ -1,8 +1,9 @@
 language: ruby
 before_install: gem install bundler -v '<2'
 rvm:
+  - 2.7
   - 2.6
   - 2.5
-  - 2.0
+  - 2.3
 script:
   - bundle exec rspec

data/CHANGELOG.md

@@ -1,5 +1,35 @@
 ### Changelog
 
+### 6.2.0
+
+- Update to expand compatibility with Ruby 3. This was only a change to the
+  gemspec, no code changes were necessary.
+
+### 6.1.0
+
+- Fixing URI encoding issues again, breaking out into it's own module
+  due to the complexity - closes #100 (@atcruice)
+- Add docker-compose.yml to help with easier testing
+
+### 6.0.0
+
+- Dropping support for Ruby <2.3 (Major version bump)
+- Fix issue when using --enable-frozen-string-literal Ruby option #95 (jeremyevans)
+- URI Encoding fix #94 (ksuh90)
+- Update gems (rake, addressable)
+- Update Travis tests to include Ruby 2.7
+
+### 5.1.0
+
+- Create `random_base32` to perform `random` to avoid breaking changes
+  - Still needed to bump to 5.x due to Base32 cleanup
+
+### 5.0.0
+
+- Clean up base32 implementation to match Google Autheticator
+- BREAKING `Base32.random_base32` renamed to random
+  - The argument is now byte length vs output string length for more precise bit strengths
+
 ### 4.1.0
 
 - Add a digest option to the CLI #83

data/Dockerfile-2.3

@@ -0,0 +1,10 @@
+FROM ruby:2.3
+
+RUN mkdir -p /usr/src/app
+WORKDIR /usr/src/app
+
+COPY Gemfile /usr/src/app/
+COPY . /usr/src/app
+RUN bundle install
+
+CMD ["bundle", "exec", "rspec"]

data/{Dockerfile-2.0 → Dockerfile-2.7}

@@ -1,4 +1,4 @@
-FROM ruby:2.0
+FROM ruby:2.7
 
 RUN mkdir -p /usr/src/app
 WORKDIR /usr/src/app

data/Dockerfile-3.0-rc

@@ -0,0 +1,12 @@
+FROM ruby:3.0-rc
+
+RUN mkdir -p /usr/src/app
+WORKDIR /usr/src/app
+
+COPY Gemfile /usr/src/app/
+COPY . /usr/src/app
+RUN gem install bundler
+RUN bundle install
+
+CMD ["bundle", "exec", "rspec"]
+

data/README.md

@@ -16,7 +16,20 @@ Many websites use this for [multi-factor authentication](https://www.youtube.com
 * OpenSSL
 * Ruby 2.0 or higher
 
-## Breaking changes in >= 4.0
+## Breaking changes
+
+### Breaking changes in >= 6.0
+
+- Dropping support for Ruby <2.3
+
+### Breaking changes in >= 5.0
+
+- `ROTP::Base32.random_base32` is now `ROTP::Base32.random` and the argument
+  has changed from secret string length to byte length to allow for more
+  precision. There is an alias to allow for `random_base32` for the time being.
+- Cleaned up the Base32 implementation to match Google Authenticator's version.
+
+### Breaking changes in >= 4.0
 
 - Simplified API
   - `verify` now takes options for `drift` and `after`
@@ -57,8 +70,8 @@ hotp.at(1) # => "595254"
 hotp.at(1401) # => "259769"
 
 # OTP verified with a counter
-hotp.verify("316439", 1401) # => 1401
-hotp.verify("316439", 1402) # => nil
+hotp.verify("259769", 1401) # => 1401
+hotp.verify("259769", 1402) # => nil
 ```
 
 ### Preventing reuse of Time based OTP's
@@ -69,7 +82,7 @@ the interval window (default 30 seconds)
 The following is an example of this in action:
 
 ```ruby
-User.find(someUserID)
+user = User.find(someUserID)
 totp = ROTP::TOTP.new(user.otp_secret)
 totp.now # => "492039"
 
@@ -108,7 +121,7 @@ totp.verify("250939", drift_behind: 15, at: now + 45) # => nil
 ### Generating a Base32 Secret key
 
 ```ruby
-ROTP::Base32.random_base32  # returns a 32 character base32 secret. Compatible with Google Authenticator
+ROTP::Base32.random  # returns a 160 bit (32 character) base32 secret. Compatible with Google Authenticator
 ```
 
 Note: The Base32 format conforms to [RFC 4648 Base32](http://en.wikipedia.org/wiki/Base32#RFC_4648_Base32_alphabet)
@@ -120,10 +133,10 @@ Google Authenticator.
 
 ```ruby
 totp = ROTP::TOTP.new("base32secret3232", issuer: "My Service")
-totp.provisioning_uri("alice@google.com") # => 'otpauth://totp/My%20Service:alice@google.com?secret=base32secret3232&issuer=My+Service'
+totp.provisioning_uri("alice@google.com") # => 'otpauth://totp/My%20Service:alice%40google.com?secret=base32secret3232&issuer=My%20Service'
 
 hotp = ROTP::HOTP.new("base32secret3232", issuer: "My Service")
-hotp.provisioning_uri("alice@google.com", 0) # => 'otpauth://hotp/alice@google.com?secret=base32secret3232&counter=0'
+hotp.provisioning_uri("alice@google.com", 0) # => 'otpauth://hotp/alice%40google.com?secret=base32secret3232&counter=0'
 ```
 
 This can then be rendered as a QR Code which the user can scan using their mobile phone and the appropriate application.
@@ -150,7 +163,7 @@ bundle install
 bundle exec rspec
 ```
 
-### Testign with Docker
+### Testing with Docker
 
 In order to make it easier to test against different ruby version, ROTP comes
 with a set of Dockerfiles for each version that we test against in Travis
@@ -160,9 +173,15 @@ docker build -f Dockerfile-2.6 -t rotp_2.6 .
 docker run --rm -v $(pwd):/usr/src/app rotp_2.6
 ```
 
+Alternately, you may use docker-compose to run all the tests:
+
+```
+docker-compose up
+```
+
 ## Executable Usage
 
-The rotp rubygem includes an executable for helping with testing and debugging
+The rotp rubygem includes CLI version to help with testing and debugging
 
 ```bash
 # Try this to get an overview of the commands

data/docker-compose.yml

@@ -0,0 +1,37 @@
+version: "3.8"
+services:
+  ruby_2_3:
+    build:
+      context: .
+      dockerfile: Dockerfile-2.3
+    volumes:
+      - "./lib:/usr/src/app/lib"
+      - "./spec:/usr/src/app/spec"
+  ruby_2_5:
+    build:
+      context: .
+      dockerfile: Dockerfile-2.5
+    volumes:
+      - "./lib:/usr/src/app/lib"
+      - "./spec:/usr/src/app/spec"
+  ruby_2_6:
+    build:
+      context: .
+      dockerfile: Dockerfile-2.6
+    volumes:
+      - "./lib:/usr/src/app/lib"
+      - "./spec:/usr/src/app/spec"
+  ruby_2_7:
+    build:
+      context: .
+      dockerfile: Dockerfile-2.7
+    volumes:
+      - "./lib:/usr/src/app/lib"
+      - "./spec:/usr/src/app/spec"
+  ruby_3_0_rc:
+    build:
+      context: .
+      dockerfile: Dockerfile-3.0-rc
+    volumes:
+      - "./lib:/usr/src/app/lib"
+      - "./spec:/usr/src/app/spec"

data/lib/rotp.rb

@@ -1,9 +1,8 @@
-require 'cgi'
-require 'addressable'
-require 'securerandom'
 require 'openssl'
+require 'erb'
 require 'rotp/base32'
 require 'rotp/otp'
+require 'rotp/otp/uri'
 require 'rotp/hotp'
 require 'rotp/totp'
 

data/lib/rotp/base32.rb

@@ -1,51 +1,75 @@
+require 'securerandom'
+
 module ROTP
   class Base32
     class Base32Error < RuntimeError; end
-    CHARS = 'abcdefghijklmnopqrstuvwxyz234567'.each_char.to_a
+    CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'.each_char.to_a
+    SHIFT = 5
+    MASK = 31
 
     class << self
+
       def decode(str)
-        str = str.tr('=', '')
-        output = []
-        str.scan(/.{1,8}/).each do |block|
-          char_array = decode_block(block).map(&:chr)
-          output << char_array
+        buffer = 0
+        idx = 0
+        bits_left = 0
+        str = str.tr('=', '').upcase
+        result = []
+        str.split('').each do |char|
+          buffer = buffer << SHIFT
+          buffer = buffer | (decode_quint(char) & MASK)
+          bits_left = bits_left + SHIFT
+          if bits_left >= 8
+            result[idx] = (buffer >> (bits_left - 8)) & 255
+            idx = idx + 1
+            bits_left = bits_left - 8
+          end
         end
-        output.join
+        result.pack('c*')
       end
 
-      def random_base32(length = 32)
-        b32 = ''
-        SecureRandom.random_bytes(length).each_byte do |b|
-          b32 << CHARS[b % 32]
+      def encode(b)
+        data = b.unpack('c*')
+        out = String.new
+        buffer = data[0]
+        idx = 1
+        bits_left = 8
+        while bits_left > 0 || idx < data.length
+          if bits_left < SHIFT
+            if idx < data.length
+              buffer = buffer << 8
+              buffer = buffer | (data[idx] & 255)
+              bits_left = bits_left + 8
+              idx = idx + 1
+            else
+              pad = SHIFT - bits_left
+              buffer = buffer << pad
+              bits_left = bits_left + pad
+            end
+          end
+          val = MASK & (buffer >> (bits_left - SHIFT))
+          bits_left = bits_left - SHIFT
+          out.concat(CHARS[val])
         end
-        b32
+        return out
       end
 
-      private
-
-      def decode_block(block)
-        length = block.scan(/[^=]/).length
-        quints = block.each_char.map { |c| decode_quint(c) }
-        bytes = []
-        bytes[0] = (quints[0] << 3) + (quints[1] ? quints[1] >> 2 : 0)
-        return bytes if length < 3
-
-        bytes[1] = ((quints[1] & 3) << 6) + (quints[2] << 1) + (quints[3] ? quints[3] >> 4 : 0)
-        return bytes if length < 4
-
-        bytes[2] = ((quints[3] & 15) << 4) + (quints[4] ? quints[4] >> 1 : 0)
-        return bytes if length < 6
-
-        bytes[3] = ((quints[4] & 1) << 7) + (quints[5] << 2) + (quints[6] ? quints[6] >> 3 : 0)
-        return bytes if length < 7
+      # Defaults to 160 bit long secret (meaning a 32 character long base32 secret)
+      def random(byte_length = 20)
+       rand_bytes = SecureRandom.random_bytes(byte_length)
+       self.encode(rand_bytes)
+      end
 
-        bytes[4] = ((quints[6] & 7) << 5) + (quints[7] || 0)
-        bytes
+      # Prevent breaking changes
+      def random_base32(str_len = 32)
+        byte_length = str_len * 5/8
+        random(byte_length)
       end
 
+      private
+
       def decode_quint(q)
-        CHARS.index(q.downcase) || raise(Base32Error, "Invalid Base32 Character - '#{q}'")
+        CHARS.index(q) || raise(Base32Error, "Invalid Base32 Character - '#{q}'")
       end
     end
   end

data/lib/rotp/cli.rb

@@ -19,7 +19,7 @@ module ROTP
       if %i[time hmac].include?(options.mode)
         if options.secret.to_s == ''
           red 'You must also specify a --secret. Try --help for help.'
-        elsif options.secret.to_s.chars.any? { |c| ROTP::Base32::CHARS.index(c.downcase).nil? }
+        elsif options.secret.to_s.chars.any? { |c| ROTP::Base32::CHARS.index(c.upcase).nil? }
           red 'Secret must be in RFC4648 Base32 format - http://en.wikipedia.org/wiki/Base32#RFC_4648_Base32_alphabet'
         end
       end

data/lib/rotp/hotp.rb

@@ -25,12 +25,7 @@ module ROTP
     # @param [Integer] initial_count starting counter value, defaults to 0
     # @return [String] provisioning uri
     def provisioning_uri(name, initial_count = 0)
-      params = {
-        secret: secret,
-        counter: initial_count,
-        digits: digits == DEFAULT_DIGITS ? nil : digits
-      }
-      encode_params("otpauth://hotp/#{Addressable::URI.escape(name)}", params)
+      OTP::URI.new(self, account_name: name, counter: initial_count).to_s
     end
   end
 end

data/lib/rotp/otp.rb

@@ -66,16 +66,6 @@ module ROTP
       result.reverse.join.rjust(padding, 0.chr)
     end
 
-    # A very simple param encoder
-    def encode_params(uri, params)
-      params_str = String.new('?')
-      params.each do |k, v|
-        params_str << "#{k}=#{CGI.escape(v.to_s)}&" if v
-      end
-      params_str.chop!
-      uri + params_str
-    end
-
     # constant-time compare the strings
     def time_constant_compare(a, b)
       return false if a.empty? || b.empty? || a.bytesize != b.bytesize

data/lib/rotp/otp/uri.rb

@@ -0,0 +1,79 @@
+module ROTP
+  class OTP
+    # https://github.com/google/google-authenticator/wiki/Key-Uri-Format
+    class URI
+      def initialize(otp, account_name:, counter: nil)
+        @otp = otp
+        @account_name = account_name
+        @counter = counter
+      end
+
+      def to_s
+        "otpauth://#{type}/#{label}?#{parameters}"
+      end
+
+      private
+
+      def algorithm
+        return unless %w[sha256 sha512].include?(@otp.digest)
+
+        @otp.digest.upcase
+      end
+
+      def counter
+        return if @otp.is_a?(TOTP)
+        fail if @counter.nil?
+
+        @counter
+      end
+
+      def digits
+        return if @otp.digits == DEFAULT_DIGITS
+
+        @otp.digits
+      end
+
+      def issuer
+        return if @otp.is_a?(HOTP)
+
+        @otp.issuer&.strip&.tr(':', '_')
+      end
+
+      def label
+        [issuer, @account_name.rstrip]
+          .compact
+          .map { |s| s.tr(':', '_') }
+          .map { |s| ERB::Util.url_encode(s) }
+          .join(':')
+      end
+
+      def parameters
+        {
+          secret: @otp.secret,
+          issuer: issuer,
+          algorithm: algorithm,
+          digits: digits,
+          period: period,
+          counter: counter,
+        }
+          .reject { |_, v| v.nil? }
+          .map { |k, v| "#{k}=#{ERB::Util.url_encode(v)}" }
+          .join('&')
+      end
+
+      def period
+        return if @otp.is_a?(HOTP)
+        return if @otp.interval == DEFAULT_INTERVAL
+
+        @otp.interval
+      end
+
+      def type
+        case @otp
+        when TOTP then 'totp'
+        when HOTP then 'hotp'
+        end
+      end
+    end
+  end
+end

data/lib/rotp/totp.rb

@@ -54,19 +54,7 @@ module ROTP
     # @param [String] name of the account
     # @return [String] provisioning URI
     def provisioning_uri(name)
-      # The format of this URI is documented at:
-      # https://github.com/google/google-authenticator/wiki/Key-Uri-Format
-      # For compatibility the issuer appears both before that account name and also in the
-      # query string.
-      issuer_string = issuer.nil? ? '' : "#{Addressable::URI.escape(issuer)}:"
-      params = {
-        secret: secret,
-        period: interval == 30 ? nil : interval,
-        issuer: issuer,
-        digits: digits == DEFAULT_DIGITS ? nil : digits,
-        algorithm: digest.casecmp('SHA1').zero? ? nil : digest.upcase
-      }
-      encode_params("otpauth://totp/#{issuer_string}#{Addressable::URI.escape(name)}", params)
+      OTP::URI.new(self, account_name: name).to_s
     end
 
     private

data/lib/rotp/version.rb

@@ -1,3 +1,3 @@
 module ROTP
-  VERSION = '4.1.0'.freeze
+  VERSION = '6.2.0'.freeze
 end

data/rotp.gemspec

@@ -4,23 +4,20 @@ Gem::Specification.new do |s|
   s.name        = 'rotp'
   s.version     = ROTP::VERSION
   s.platform    = Gem::Platform::RUBY
+  s.required_ruby_version = '>= 2.3'
   s.license     = 'MIT'
   s.authors     = ['Mark Percival']
   s.email       = ['mark@markpercival.us']
-  s.homepage    = 'http://github.com/mdp/rotp'
+  s.homepage    = 'https://github.com/mdp/rotp'
   s.summary     = 'A Ruby library for generating and verifying one time passwords'
   s.description = 'Works for both HOTP and TOTP, and includes QR Code provisioning'
 
-  s.rubyforge_project = 'rotp'
-
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'addressable', '~> 2.5'
-
-  s.add_development_dependency 'rake', '~> 10.5'
+  s.add_development_dependency "rake", "~> 13.0"
   s.add_development_dependency 'rspec', '~> 3.5'
   s.add_development_dependency 'simplecov', '~> 0.12'
   s.add_development_dependency 'timecop', '~> 0.8'

data/spec/lib/rotp/base32_spec.rb

@@ -1,24 +1,33 @@
 require 'spec_helper'
 
 RSpec.describe ROTP::Base32 do
-  describe '.random_base32' do
+  describe '.random' do
     context 'without arguments' do
-      let(:base32) { ROTP::Base32.random_base32 }
+      let(:base32) { ROTP::Base32.random }
 
-      it 'is 32 characters long' do
+      it 'is 20 bytes (160 bits) long (resulting in a 32 character base32 code)' do
+        expect(ROTP::Base32.decode(base32).length).to eq 20
         expect(base32.length).to eq 32
       end
 
       it 'is base32 charset' do
-        expect(base32).to match(/\A[a-z2-7]+\z/)
+        expect(base32).to match(/\A[A-Z2-7]+\z/)
       end
     end
 
     context 'with arguments' do
-      let(:base32) { ROTP::Base32.random_base32 32 }
+      let(:base32) { ROTP::Base32.random 48 }
 
-      it 'allows a specific length' do
-        expect(base32.length).to eq 32
+      it 'returns the appropriate byte length code' do
+        expect(ROTP::Base32.decode(base32).length).to eq 48
+      end
+    end
+
+    context 'alias to older random_base32' do
+      let(:base32) { ROTP::Base32.random_base32(36) }
+      it 'is base32 charset' do
+        expect(base32.length).to eq 36
+        expect(ROTP::Base32.decode(base32).length).to eq 22
       end
     end
   end
@@ -33,22 +42,40 @@ RSpec.describe ROTP::Base32 do
 
     context 'valid input data' do
       it 'correctly decodes a string' do
-        expect(ROTP::Base32.decode('F').unpack('H*').first).to eq '28'
-        expect(ROTP::Base32.decode('23').unpack('H*').first).to eq 'd6'
-        expect(ROTP::Base32.decode('234').unpack('H*').first).to eq 'd6f8'
-        expect(ROTP::Base32.decode('234A').unpack('H*').first).to eq 'd6f800'
-        expect(ROTP::Base32.decode('234B').unpack('H*').first).to eq 'd6f810'
-        expect(ROTP::Base32.decode('234BCD').unpack('H*').first).to eq 'd6f8110c'
-        expect(ROTP::Base32.decode('234BCDE').unpack('H*').first).to eq 'd6f8110c80'
-        expect(ROTP::Base32.decode('234BCDEFG').unpack('H*').first).to eq 'd6f8110c8530'
-        expect(ROTP::Base32.decode('234BCDEFG234BCDEFG').unpack('H*').first).to eq 'd6f8110c8536b7c0886429'
+        expect(ROTP::Base32.decode('2EB7C66WC5TSO').unpack('H*').first).to eq 'd103f17bd6176727'
+        expect(ROTP::Base32.decode('Y6Y5ZCAC7NABCHSJ').unpack('H*').first).to eq 'c7b1dc8802fb40111e49'
+      end
+
+      it 'correctly decode strings with trailing bits (not a multiple of 8)' do
+        # Dropbox style 26 characters (26*5==130 bits or 16.25 bytes, but chopped to 128)
+        # Matches the behavior of Google Authenticator, drops extra 2 empty bits
+        expect(ROTP::Base32.decode('YVT6Z2XF4BQJNBMTD7M6QBQCEM').unpack('H*').first).to eq 'c567eceae5e0609685931fd9e8060223'
+
+        # For completeness, test all the possibilities allowed by Google Authenticator
+        # Drop the incomplete empty extra 4 bits (28*5==140bits or 17.5 bytes, chopped to 136 bits)
+        expect(ROTP::Base32.decode('5GGZQB3WN6LD7V3L5HPDYTQUANEQ').unpack('H*').first).to eq 'e98d9807766f963fd76be9de3c4e140349'
+
       end
 
       context 'with padding' do
         it 'correctly decodes a string' do
-          expect(ROTP::Base32.decode('F==').unpack('H*').first).to eq '28'
+          expect(ROTP::Base32.decode('234A===').unpack('H*').first).to eq 'd6f8'
         end
       end
+
+    end
+  end
+
+  describe '.encode' do
+    context 'encode input data' do
+      it 'correctly encodes data' do
+        expect(ROTP::Base32.encode(hex_to_bin('3c204da94294ff82103ee34e96f74b48'))).to eq 'HQQE3KKCST7YEEB64NHJN52LJA'
+      end
     end
   end
+
+end
+
+def hex_to_bin(s)
+  s.scan(/../).map { |x| x.hex }.pack('c*')
 end

data/spec/lib/rotp/hotp_spec.rb

@@ -108,29 +108,14 @@ RSpec.describe ROTP::HOTP do
   end
 
   describe '#provisioning_uri' do
-    let(:uri)    { hotp.provisioning_uri('mark@percival') }
-    let(:params) { CGI.parse URI.parse(uri).query }
-
-    it 'has the correct format' do
-      expect(uri).to match %r{\Aotpauth:\/\/hotp.+}
-    end
-
-    it 'includes the secret as parameter' do
-      expect(params['secret'].first).to eq 'a' * 32
-    end
-
-    context 'with default digits' do
-      it 'does not include digits parameter with default digits' do
-        expect(params['digits'].first).to be_nil
-      end
+    it 'accepts the account name' do
+      expect(hotp.provisioning_uri('mark@percival'))
+        .to eq 'otpauth://hotp/mark%40percival?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&counter=0'
     end
 
-    context 'with non-default digits' do
-      let(:hotp) { ROTP::HOTP.new('a' * 32, digits: 8) }
-
-      it 'includes digits parameter' do
-        expect(params['digits'].first).to eq '8'
-      end
+    it 'also accepts a custom counter value' do
+      expect(hotp.provisioning_uri('mark@percival', 17))
+        .to eq 'otpauth://hotp/mark%40percival?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&counter=17'
     end
   end
 end

data/spec/lib/rotp/otp/uri_spec.rb

@@ -0,0 +1,99 @@
+require 'spec_helper'
+
+RSpec.describe ROTP::OTP::URI do
+  it 'meets basic functionality' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP'
+  end
+
+  it 'includes issuer' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Example')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Example:alice%40google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example'
+  end
+
+  it 'encodes the account name' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Provider1')
+    uri = described_class.new(otp, account_name: 'Alice Smith')
+    expect(uri.to_s).to eq 'otpauth://totp/Provider1:Alice%20Smith?secret=JBSWY3DPEHPK3PXP&issuer=Provider1'
+  end
+
+  it 'encodes the issuer' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Big Corporation')
+    uri = described_class.new(otp, account_name: ' alice@bigco.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Big%20Corporation:%20alice%40bigco.com?secret=JBSWY3DPEHPK3PXP&issuer=Big%20Corporation'
+  end
+
+  it 'includes non-default SHA256 algorithm' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', digest: 'sha256')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&algorithm=SHA256'
+  end
+
+  it 'includes non-default SHA512 algorithm' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', digest: 'sha512')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&algorithm=SHA512'
+  end
+
+  it 'includes non-default 8 digits' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', digits: 8)
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&digits=8'
+  end
+
+  it 'includes non-default period for TOTP' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', interval: 35)
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&period=35'
+  end
+
+  it 'includes non-default counter for HOTP' do
+    otp = ROTP::HOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'alice@google.com', counter: 17)
+    expect(uri.to_s).to eq 'otpauth://hotp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&counter=17'
+  end
+
+  it 'can include all parameters' do
+    otp = ROTP::TOTP.new(
+      'HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ',
+      digest: 'sha512',
+      digits: 8,
+      interval: 60,
+      issuer: 'ACME Co',
+    )
+    uri = described_class.new(otp, account_name: 'john.doe@email.com')
+    expect(uri.to_s).to eq'otpauth://totp/ACME%20Co:john.doe%40email.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA512&digits=8&period=60'
+  end
+
+  it 'strips leading and trailing whitespace from the issuer' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: '  Big Corporation  ')
+    uri = described_class.new(otp, account_name: ' alice@bigco.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Big%20Corporation:%20alice%40bigco.com?secret=JBSWY3DPEHPK3PXP&issuer=Big%20Corporation'
+  end
+
+  it 'strips trailing whitespace from the account name' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: '  alice@google.com  ')
+    expect(uri.to_s).to eq 'otpauth://totp/%20%20alice%40google.com?secret=JBSWY3DPEHPK3PXP'
+  end
+
+  it 'replaces colons in the issuer with underscores' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Big:Corporation')
+    uri = described_class.new(otp, account_name: 'alice@bigco.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Big_Corporation:alice%40bigco.com?secret=JBSWY3DPEHPK3PXP&issuer=Big_Corporation'
+  end
+
+  it 'replaces colons in the account name with underscores' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'Alice:Smith')
+    expect(uri.to_s).to eq 'otpauth://totp/Alice_Smith?secret=JBSWY3DPEHPK3PXP'
+  end
+
+  it 'handles email account names with sub-addressing' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'alice+1234@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%2B1234%40google.com?secret=JBSWY3DPEHPK3PXP'
+  end
+end

data/spec/lib/rotp/totp_spec.rb

@@ -221,79 +221,9 @@ RSpec.describe ROTP::TOTP do
   end
 
   describe '#provisioning_uri' do
-    let(:uri)    { totp.provisioning_uri('mark@percival') }
-    let(:params) { CGI.parse URI.parse(uri).query }
-
-    context 'without issuer' do
-      it 'has the correct format' do
-        expect(uri).to match %r{\Aotpauth:\/\/totp.+}
-      end
-
-      it 'includes the secret as parameter' do
-        expect(params['secret'].first).to eq 'JBSWY3DPEHPK3PXP'
-      end
-    end
-
-    context 'with default digits' do
-      it 'does does not include digits parameter' do
-        expect(params['digits'].first).to be_nil
-      end
-    end
-
-    context 'with non-default digits' do
-      let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP', digits: 8 }
-
-      it 'does does not include digits parameter' do
-        expect(params['digits'].first).to eq '8'
-      end
-    end
-
-    context 'with issuer' do
-      let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP', issuer: 'FooCo' }
-
-      it 'has the correct format' do
-        expect(uri).to match %r{\Aotpauth:\/\/totp/FooCo:.+}
-      end
-
-      it 'includes the secret as parameter' do
-        expect(params['secret'].first).to eq 'JBSWY3DPEHPK3PXP'
-      end
-
-      it 'includes the issuer as parameter' do
-        expect(params['issuer'].first).to eq 'FooCo'
-      end
-    end
-
-    context 'with custom interval' do
-      let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP', interval: 60 }
-
-      it 'has the correct format' do
-        expect(uri).to match %r{\Aotpauth:\/\/totp.+}
-      end
-
-      it 'includes the secret as parameter' do
-        expect(params['secret'].first).to eq 'JBSWY3DPEHPK3PXP'
-      end
-
-      it 'includes the interval as period parameter' do
-        expect(params['period'].first).to eq '60'
-      end
-    end
-
-    context 'with custom digest' do
-      let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP', digest: 'sha256' }
-
-      it 'has the correct format' do
-        expect(uri).to match %r{\Aotpauth:\/\/totp.+}
-      end
-
-      it 'includes the secret as parameter' do
-        expect(params['secret'].first).to eq 'JBSWY3DPEHPK3PXP'
-      end
-
-      it 'includes the digest as algorithm parameter' do
-        expect(params['algorithm'].first).to eq 'SHA256'
-      end
+    it 'accepts the account name' do
+      expect(totp.provisioning_uri('mark@percival'))
+        .to eq 'otpauth://totp/mark%40percival?secret=JBSWY3DPEHPK3PXP'
     end
   end
 

metadata

@@ -1,43 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: rotp
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 6.2.0
 platform: ruby
 authors:
 - Mark Percival
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-28 00:00:00.000000000 Z
+date: 2020-09-30 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: addressable
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.5'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.5'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.5'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -92,14 +78,15 @@ files:
 - ".gitignore"
 - ".travis.yml"
 - CHANGELOG.md
-- Dockerfile-2.0
+- Dockerfile-2.3
 - Dockerfile-2.5
 - Dockerfile-2.6
+- Dockerfile-2.7
+- Dockerfile-3.0-rc
 - Gemfile
 - Guardfile
 - LICENSE
 - README.md
-- Rakefile
 - bin/rotp
 - doc/ROTP/HOTP.html
 - doc/ROTP/OTP.html
@@ -119,12 +106,14 @@ files:
 - doc/js/jquery.js
 - doc/method_list.html
 - doc/top-level-namespace.html
+- docker-compose.yml
 - lib/rotp.rb
 - lib/rotp/arguments.rb
 - lib/rotp/base32.rb
 - lib/rotp/cli.rb
 - lib/rotp/hotp.rb
 - lib/rotp/otp.rb
+- lib/rotp/otp/uri.rb
 - lib/rotp/totp.rb
 - lib/rotp/version.rb
 - rotp.gemspec
@@ -132,9 +121,10 @@ files:
 - spec/lib/rotp/base32_spec.rb
 - spec/lib/rotp/cli_spec.rb
 - spec/lib/rotp/hotp_spec.rb
+- spec/lib/rotp/otp/uri_spec.rb
 - spec/lib/rotp/totp_spec.rb
 - spec/spec_helper.rb
-homepage: http://github.com/mdp/rotp
+homepage: https://github.com/mdp/rotp
 licenses:
 - MIT
 metadata: {}
@@ -146,15 +136,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: rotp
-rubygems_version: 2.7.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: A Ruby library for generating and verifying one time passwords

data/Rakefile

@@ -1,9 +0,0 @@
-require 'bundler'
-Bundler::GemHelper.install_tasks
-require 'rspec/core/rake_task'
-
-RSpec::Core::RakeTask.new(:rspec) do |spec|
-  spec.pattern = 'spec/**/*_spec.rb'
-end
-
-task default: :rspec