rotp 6.0.0 → 6.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c56412a3603b43a3371e26cfb7d9314b2469e99558ea7f58a86b3c51f7e30055
-  data.tar.gz: 1923418367d2df594d64fb3b5810aad696a78a93ff89e4a19b655dcc4c98cff3
+  metadata.gz: 36079aaa87791cbc44f0772c429ebc947f88d34b0389411c13e37fc65a3bd1a1
+  data.tar.gz: a71126bd8dc56ca8e5db1bf5bf4fa5296c2319ac06816427400e253d0d835292
 SHA512:
-  metadata.gz: ede75377c7c88538f4c6dc1dbe623f5ad099382a59f38245a35cde7a20f3fd17b38178ffcb0db960d7a923432dc8fe1c8eef760c58d0dcd57cb6709971fcb0e1
-  data.tar.gz: 4bda95ccda7e78c4bb33fe57e9d79e0eda0654074e5b8b6461e9e59f25dd23bb8554e6f003f5375a1e857f126e41c6829e818c9f6bab288f583c204ed6444f49
+  metadata.gz: 3d90ee7ee49a029e74fe22faa8e14e14130f24a3c6551bc20742f35e7b1b529e807b56229bfb4a64f8621447920996d9a54d5fe98c1a255aae392a8dbc350d79
+  data.tar.gz: 12dd508477209b35bf75337934d9c780f661eebf32dc0a712acceedb7216cc2455af9781168248469c9b98c3eea27deaa961879d31464cffb793367a2aa8f529

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ### Changelog
 
+### 6.1.0
+
+- Fixing URI encoding issues again, breaking out into it's own module
+  due to the complexity - closes #100 (@atcruice)
+- Add docker-compose.yml to help with easier testing
+
 ### 6.0.0
 
 - Dropping support for Ruby <2.3 (Major version bump)

data/README.md

@@ -133,10 +133,10 @@ Google Authenticator.
 
 ```ruby
 totp = ROTP::TOTP.new("base32secret3232", issuer: "My Service")
-totp.provisioning_uri("alice@google.com") # => 'otpauth://totp/My%20Service:alice@google.com?secret=base32secret3232&issuer=My%20Service'
+totp.provisioning_uri("alice@google.com") # => 'otpauth://totp/My%20Service:alice%40google.com?secret=base32secret3232&issuer=My%20Service'
 
 hotp = ROTP::HOTP.new("base32secret3232", issuer: "My Service")
-hotp.provisioning_uri("alice@google.com", 0) # => 'otpauth://hotp/alice@google.com?secret=base32secret3232&counter=0'
+hotp.provisioning_uri("alice@google.com", 0) # => 'otpauth://hotp/alice%40google.com?secret=base32secret3232&counter=0'
 ```
 
 This can then be rendered as a QR Code which the user can scan using their mobile phone and the appropriate application.
@@ -173,6 +173,12 @@ docker build -f Dockerfile-2.6 -t rotp_2.6 .
 docker run --rm -v $(pwd):/usr/src/app rotp_2.6
 ```
 
+Alternately, you may use docker-compose to run all the tests:
+
+```
+docker-compose up
+```
+
 ## Executable Usage
 
 The rotp rubygem includes CLI version to help with testing and debugging

data/docker-compose.yml

@@ -0,0 +1,30 @@
+version: "3.8"
+services:
+  ruby_2_3:
+    build:
+      context: .
+      dockerfile: Dockerfile-2.3
+    volumes:
+      - "./lib:/usr/src/app/lib"
+      - "./spec:/usr/src/app/spec"
+  ruby_2_5:
+    build:
+      context: .
+      dockerfile: Dockerfile-2.5
+    volumes:
+      - "./lib:/usr/src/app/lib"
+      - "./spec:/usr/src/app/spec"
+  ruby_2_6:
+    build:
+      context: .
+      dockerfile: Dockerfile-2.6
+    volumes:
+      - "./lib:/usr/src/app/lib"
+      - "./spec:/usr/src/app/spec"
+  ruby_2_7:
+    build:
+      context: .
+      dockerfile: Dockerfile-2.7
+    volumes:
+      - "./lib:/usr/src/app/lib"
+      - "./spec:/usr/src/app/spec"

data/lib/rotp.rb

@@ -1,9 +1,8 @@
-require 'cgi'
-require 'addressable'
-require 'securerandom'
 require 'openssl'
+require 'erb'
 require 'rotp/base32'
 require 'rotp/otp'
+require 'rotp/otp/uri'
 require 'rotp/hotp'
 require 'rotp/totp'
 

data/lib/rotp/base32.rb

@@ -1,3 +1,5 @@
+require 'securerandom'
+
 module ROTP
   class Base32
     class Base32Error < RuntimeError; end

data/lib/rotp/hotp.rb

@@ -25,12 +25,7 @@ module ROTP
     # @param [Integer] initial_count starting counter value, defaults to 0
     # @return [String] provisioning uri
     def provisioning_uri(name, initial_count = 0)
-      params = {
-        secret: secret,
-        counter: initial_count,
-        digits: digits == DEFAULT_DIGITS ? nil : digits
-      }
-      encode_params("otpauth://hotp/#{Addressable::URI.escape(name)}", params)
+      OTP::URI.new(self, account_name: name, counter: initial_count).to_s
     end
   end
 end

data/lib/rotp/otp.rb

@@ -66,16 +66,6 @@ module ROTP
       result.reverse.join.rjust(padding, 0.chr)
     end
 
-    # A very simple param encoder
-    def encode_params(uri, params)
-      params_str = String.new('?')
-      params.each do |k, v|
-        params_str << "#{k}=#{CGI.escape(v.to_s)}&" if v
-      end
-      params_str.chop!
-      uri + params_str
-    end
-
     # constant-time compare the strings
     def time_constant_compare(a, b)
       return false if a.empty? || b.empty? || a.bytesize != b.bytesize

data/lib/rotp/otp/uri.rb

@@ -0,0 +1,79 @@
+module ROTP
+  class OTP
+    # https://github.com/google/google-authenticator/wiki/Key-Uri-Format
+    class URI
+      def initialize(otp, account_name:, counter: nil)
+        @otp = otp
+        @account_name = account_name
+        @counter = counter
+      end
+
+      def to_s
+        "otpauth://#{type}/#{label}?#{parameters}"
+      end
+
+      private
+
+      def algorithm
+        return unless %w[sha256 sha512].include?(@otp.digest)
+
+        @otp.digest.upcase
+      end
+
+      def counter
+        return if @otp.is_a?(TOTP)
+        fail if @counter.nil?
+
+        @counter
+      end
+
+      def digits
+        return if @otp.digits == DEFAULT_DIGITS
+
+        @otp.digits
+      end
+
+      def issuer
+        return if @otp.is_a?(HOTP)
+
+        @otp.issuer&.strip&.tr(':', '_')
+      end
+
+      def label
+        [issuer, @account_name.rstrip]
+          .compact
+          .map { |s| s.tr(':', '_') }
+          .map { |s| ERB::Util.url_encode(s) }
+          .join(':')
+      end
+
+      def parameters
+        {
+          secret: @otp.secret,
+          issuer: issuer,
+          algorithm: algorithm,
+          digits: digits,
+          period: period,
+          counter: counter,
+        }
+          .reject { |_, v| v.nil? }
+          .map { |k, v| "#{k}=#{ERB::Util.url_encode(v)}" }
+          .join('&')
+      end
+
+      def period
+        return if @otp.is_a?(HOTP)
+        return if @otp.interval == DEFAULT_INTERVAL
+
+        @otp.interval
+      end
+
+      def type
+        case @otp
+        when TOTP then 'totp'
+        when HOTP then 'hotp'
+        end
+      end
+    end
+  end
+end

data/lib/rotp/totp.rb

@@ -54,19 +54,7 @@ module ROTP
     # @param [String] name of the account
     # @return [String] provisioning URI
     def provisioning_uri(name)
-      # The format of this URI is documented at:
-      # https://github.com/google/google-authenticator/wiki/Key-Uri-Format
-      # For compatibility the issuer appears both before that account name and also in the
-      # query string.
-      issuer_string = issuer.nil? ? '' : "#{Addressable::URI.escape(issuer)}:"
-      params = {
-        secret: secret,
-        period: interval == 30 ? nil : interval,
-        issuer: Addressable::URI.encode(issuer),
-        digits: digits == DEFAULT_DIGITS ? nil : digits,
-        algorithm: digest.casecmp('SHA1').zero? ? nil : digest.upcase
-      }
-      encode_params("otpauth://totp/#{issuer_string}#{Addressable::URI.escape(name)}", params)
+      OTP::URI.new(self, account_name: name).to_s
     end
 
     private

data/lib/rotp/version.rb

@@ -1,3 +1,3 @@
 module ROTP
-  VERSION = '6.0.0'.freeze
+  VERSION = '6.1.0'.freeze
 end

data/rotp.gemspec

@@ -17,8 +17,6 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'addressable', '~> 2.7'
-
   s.add_development_dependency "rake", "~> 13.0"
   s.add_development_dependency 'rspec', '~> 3.5'
   s.add_development_dependency 'simplecov', '~> 0.12'

data/spec/lib/rotp/hotp_spec.rb

@@ -108,29 +108,14 @@ RSpec.describe ROTP::HOTP do
   end
 
   describe '#provisioning_uri' do
-    let(:uri)    { hotp.provisioning_uri('mark@percival') }
-    let(:params) { CGI.parse URI.parse(uri).query }
-
-    it 'has the correct format' do
-      expect(uri).to match %r{\Aotpauth:\/\/hotp.+}
-    end
-
-    it 'includes the secret as parameter' do
-      expect(params['secret'].first).to eq 'a' * 32
-    end
-
-    context 'with default digits' do
-      it 'does not include digits parameter with default digits' do
-        expect(params['digits'].first).to be_nil
-      end
+    it 'accepts the account name' do
+      expect(hotp.provisioning_uri('mark@percival'))
+        .to eq 'otpauth://hotp/mark%40percival?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&counter=0'
     end
 
-    context 'with non-default digits' do
-      let(:hotp) { ROTP::HOTP.new('a' * 32, digits: 8) }
-
-      it 'includes digits parameter' do
-        expect(params['digits'].first).to eq '8'
-      end
+    it 'also accepts a custom counter value' do
+      expect(hotp.provisioning_uri('mark@percival', 17))
+        .to eq 'otpauth://hotp/mark%40percival?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&counter=17'
     end
   end
 end

data/spec/lib/rotp/otp/uri_spec.rb

@@ -0,0 +1,99 @@
+require 'spec_helper'
+
+RSpec.describe ROTP::OTP::URI do
+  it 'meets basic functionality' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP'
+  end
+
+  it 'includes issuer' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Example')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Example:alice%40google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example'
+  end
+
+  it 'encodes the account name' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Provider1')
+    uri = described_class.new(otp, account_name: 'Alice Smith')
+    expect(uri.to_s).to eq 'otpauth://totp/Provider1:Alice%20Smith?secret=JBSWY3DPEHPK3PXP&issuer=Provider1'
+  end
+
+  it 'encodes the issuer' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Big Corporation')
+    uri = described_class.new(otp, account_name: ' alice@bigco.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Big%20Corporation:%20alice%40bigco.com?secret=JBSWY3DPEHPK3PXP&issuer=Big%20Corporation'
+  end
+
+  it 'includes non-default SHA256 algorithm' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', digest: 'sha256')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&algorithm=SHA256'
+  end
+
+  it 'includes non-default SHA512 algorithm' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', digest: 'sha512')
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&algorithm=SHA512'
+  end
+
+  it 'includes non-default 8 digits' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', digits: 8)
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&digits=8'
+  end
+
+  it 'includes non-default period for TOTP' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', interval: 35)
+    uri = described_class.new(otp, account_name: 'alice@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&period=35'
+  end
+
+  it 'includes non-default counter for HOTP' do
+    otp = ROTP::HOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'alice@google.com', counter: 17)
+    expect(uri.to_s).to eq 'otpauth://hotp/alice%40google.com?secret=JBSWY3DPEHPK3PXP&counter=17'
+  end
+
+  it 'can include all parameters' do
+    otp = ROTP::TOTP.new(
+      'HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ',
+      digest: 'sha512',
+      digits: 8,
+      interval: 60,
+      issuer: 'ACME Co',
+    )
+    uri = described_class.new(otp, account_name: 'john.doe@email.com')
+    expect(uri.to_s).to eq'otpauth://totp/ACME%20Co:john.doe%40email.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA512&digits=8&period=60'
+  end
+
+  it 'strips leading and trailing whitespace from the issuer' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: '  Big Corporation  ')
+    uri = described_class.new(otp, account_name: ' alice@bigco.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Big%20Corporation:%20alice%40bigco.com?secret=JBSWY3DPEHPK3PXP&issuer=Big%20Corporation'
+  end
+
+  it 'strips trailing whitespace from the account name' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: '  alice@google.com  ')
+    expect(uri.to_s).to eq 'otpauth://totp/%20%20alice%40google.com?secret=JBSWY3DPEHPK3PXP'
+  end
+
+  it 'replaces colons in the issuer with underscores' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP', issuer: 'Big:Corporation')
+    uri = described_class.new(otp, account_name: 'alice@bigco.com')
+    expect(uri.to_s).to eq 'otpauth://totp/Big_Corporation:alice%40bigco.com?secret=JBSWY3DPEHPK3PXP&issuer=Big_Corporation'
+  end
+
+  it 'replaces colons in the account name with underscores' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'Alice:Smith')
+    expect(uri.to_s).to eq 'otpauth://totp/Alice_Smith?secret=JBSWY3DPEHPK3PXP'
+  end
+
+  it 'handles email account names with sub-addressing' do
+    otp = ROTP::TOTP.new('JBSWY3DPEHPK3PXP')
+    uri = described_class.new(otp, account_name: 'alice+1234@google.com')
+    expect(uri.to_s).to eq 'otpauth://totp/alice%2B1234%40google.com?secret=JBSWY3DPEHPK3PXP'
+  end
+end

data/spec/lib/rotp/totp_spec.rb

@@ -221,87 +221,9 @@ RSpec.describe ROTP::TOTP do
   end
 
   describe '#provisioning_uri' do
-    let(:uri)    { totp.provisioning_uri('mark@percival') }
-    let(:params) { CGI.parse URI.parse(uri).query }
-
-    context 'without issuer' do
-      it 'has the correct format' do
-        expect(uri).to match %r{\Aotpauth:\/\/totp.+}
-      end
-
-      it 'includes the secret as parameter' do
-        expect(params['secret'].first).to eq 'JBSWY3DPEHPK3PXP'
-      end
-    end
-
-    context 'with default digits' do
-      it 'does does not include digits parameter' do
-        expect(params['digits'].first).to be_nil
-      end
-    end
-
-    context 'with non-default digits' do
-      let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP', digits: 8 }
-
-      it 'does does not include digits parameter' do
-        expect(params['digits'].first).to eq '8'
-      end
-    end
-
-    context 'with issuer' do
-      let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP', issuer: 'FooCo' }
-
-      it 'has the correct format' do
-        expect(uri).to match %r{\Aotpauth:\/\/totp/FooCo:.+}
-      end
-
-      it 'includes the secret as parameter' do
-        expect(params['secret'].first).to eq 'JBSWY3DPEHPK3PXP'
-      end
-
-      it 'includes the issuer as parameter' do
-        expect(params['issuer'].first).to eq 'FooCo'
-      end
-
-      context 'with spaces in issuer' do
-        let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP', issuer: 'Foo Co' }
-
-        it 'includes the uri encoded issuer as parameter' do
-          expect(params['issuer'].first).to eq 'Foo%20Co'
-        end
-      end
-    end
-
-    context 'with custom interval' do
-      let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP', interval: 60 }
-
-      it 'has the correct format' do
-        expect(uri).to match %r{\Aotpauth:\/\/totp.+}
-      end
-
-      it 'includes the secret as parameter' do
-        expect(params['secret'].first).to eq 'JBSWY3DPEHPK3PXP'
-      end
-
-      it 'includes the interval as period parameter' do
-        expect(params['period'].first).to eq '60'
-      end
-    end
-
-    context 'with custom digest' do
-      let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP', digest: 'sha256' }
-
-      it 'has the correct format' do
-        expect(uri).to match %r{\Aotpauth:\/\/totp.+}
-      end
-
-      it 'includes the secret as parameter' do
-        expect(params['secret'].first).to eq 'JBSWY3DPEHPK3PXP'
-      end
-
-      it 'includes the digest as algorithm parameter' do
-        expect(params['algorithm'].first).to eq 'SHA256'
-      end
+    it 'accepts the account name' do
+      expect(totp.provisioning_uri('mark@percival'))
+        .to eq 'otpauth://totp/mark%40percival?secret=JBSWY3DPEHPK3PXP'
     end
   end
 

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: rotp
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.1.0
 platform: ruby
 authors:
 - Mark Percival
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-23 00:00:00.000000000 Z
+date: 2020-08-03 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: addressable
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -100,7 +86,6 @@ files:
 - Guardfile
 - LICENSE
 - README.md
-- Rakefile
 - bin/rotp
 - doc/ROTP/HOTP.html
 - doc/ROTP/OTP.html
@@ -120,12 +105,14 @@ files:
 - doc/js/jquery.js
 - doc/method_list.html
 - doc/top-level-namespace.html
+- docker-compose.yml
 - lib/rotp.rb
 - lib/rotp/arguments.rb
 - lib/rotp/base32.rb
 - lib/rotp/cli.rb
 - lib/rotp/hotp.rb
 - lib/rotp/otp.rb
+- lib/rotp/otp/uri.rb
 - lib/rotp/totp.rb
 - lib/rotp/version.rb
 - rotp.gemspec
@@ -133,6 +120,7 @@ files:
 - spec/lib/rotp/base32_spec.rb
 - spec/lib/rotp/cli_spec.rb
 - spec/lib/rotp/hotp_spec.rb
+- spec/lib/rotp/otp/uri_spec.rb
 - spec/lib/rotp/totp_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/mdp/rotp
@@ -154,7 +142,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: A Ruby library for generating and verifying one time passwords

data/Rakefile

@@ -1,9 +0,0 @@
-require 'bundler'
-Bundler::GemHelper.install_tasks
-require 'rspec/core/rake_task'
-
-RSpec::Core::RakeTask.new(:rspec) do |spec|
-  spec.pattern = 'spec/**/*_spec.rb'
-end
-
-task default: :rspec