rotp 6.2.2 → 6.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4ce425976dcf66314bf7217e6c5901c8e4cfd54d78919c058052ec2fc1d8c336
-  data.tar.gz: 6d0c496074dbe1d6d625e26b0408e33585c9783661077f322e7aa4c3585442c8
+  metadata.gz: 4d6cedb1952a6df3b069bb85d94e169d4aeb7878e6e4dde0dcb3fe4a2915a747
+  data.tar.gz: 2ad3bb2a4ef2575af9b976da0c59eb22b7e4d8b9e0a44e477329222feb567e09
 SHA512:
-  metadata.gz: f4d739d3cc3fed5ec4cdcd04b6c73b8fa30cfdc513d92f4e8c1130f45682b2aa37cd2029f66522c0648a8a8d3a905556e1ac1b42715f6ef6f2e95716dd010422
-  data.tar.gz: ada9184523ddc259caabedb7429704d7a952b19faf067dbdc6a65d29dbdb57f3ad4a0e4a9e9b07268518f6f239190882b0f9cfc60b39264f7b79b381566c436c
+  metadata.gz: 90ea9ec5403ad5e0953582e4a8c17369a0722c3f79d6b5a9d25e1f756a2cc024d01824a7e469a10dd98a7289aef6b34496dc6987565885fa01b3e8d0d6fb8e8c
+  data.tar.gz: aa7a667ef8de152cca8cd67df56d0f55a03ac7429f114d619bec1ac05178c015ba6c932f6fd651f27031c860927b81a3dc98bcd53ff7ef4080120a58404cd8f8

data/.devcontainer/devcontainer.json

@@ -32,6 +32,10 @@
 	// "postCreateCommand": "ruby --version",
 
 	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
-	"remoteUser": "vscode"
+	"remoteUser": "vscode",
+	"features": {
+		"ghcr.io/devcontainers-contrib/features/act:1": {},
+		"ghcr.io/devcontainers/features/docker-in-docker:2": {}
+	}
 
 }

data/.github/workflows/release.yaml

@@ -0,0 +1,36 @@
+name: Release
+
+on:
+  push:
+    branches:    
+      - 'main'
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        id: release
+        with:
+          release-type: ruby
+          package-name: rotp
+          version-file: "lib/rotp/version.rb"
+      # Checkout code if release was created
+      - uses: actions/checkout@v2
+        if: ${{ steps.release.outputs.release_created }}
+      # Setup ruby if a release was created
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.2
+          bundler-cache: true
+        if: ${{ steps.release.outputs.release_created }}
+      - name: Run tests
+        run: bundle exec rspec
+        if: ${{ steps.release.outputs.release_created }}
+      # build gem and add to release
+      - name: Upload Release Artifact
+        if: ${{ steps.release.outputs.release_created }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run:
+          gem build *.gemspec
+          gh release upload ${{ steps.release.outputs.tag_name }} *.gem

data/.github/workflows/test.yaml

@@ -4,7 +4,7 @@ on:
   push:
     branches: [ main ]
   pull_request:
-    branches: [ main ]
+    types: [opened, reopened, synchronize]
 
 jobs:
   test:
@@ -13,15 +13,14 @@ jobs:
 
     strategy:
       matrix:
-        ruby-version: ['3.1', '3.0', '2.7', '2.3']
+        ruby-version: ['3.2', '3.0', '2.7', '2.3', truffleruby-head]
 
     steps:
       - uses: actions/checkout@v3
       - name: Set up Ruby ${{ matrix.ruby-version }}
-        uses: ruby/setup-ruby@359bebbc29cbe6c87da6bc9ea3bc930432750108
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version }}
-      - name: Install dependencies
-        run: bundle install
+          bundler-cache: true
       - name: Run tests
-        run: bundle exec rspec
+        run: bundle exec rspec

data/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "6.3.0"
+}

data/CHANGELOG.md

@@ -1,27 +1,34 @@
-### Changelog
+# Changelog
 
-### 6.2.2
+## [6.3.0](https://github.com/mdp/rotp/compare/v6.2.2...v6.3.0) (2023-08-30)
+
+
+### Features
+
+* Allow for non-standard provisioning URI params, eg. image/icon ([#91](https://github.com/mdp/rotp/issues/91)) ([45d8aac](https://github.com/mdp/rotp/commit/45d8aac8356424897faf3a0dbda59f88b22df775))
+
+## 6.2.2
 
 - Removed `rjust` from `generate_otp` in favor of more time constant version
 
-### 6.2.1
+## 6.2.1
 
 - Removed old rdoc folder that was triggering a security warning due to an
   old version of JQuery being included in the HTML docs. This has no impact
   on the Ruby library.
 
-### 6.2.0
+## 6.2.0
 
 - Update to expand compatibility with Ruby 3. This was only a change to the
   gemspec, no code changes were necessary.
 
-### 6.1.0
+## 6.1.0
 
 - Fixing URI encoding issues again, breaking out into it's own module
   due to the complexity - closes #100 (@atcruice)
 - Add docker-compose.yml to help with easier testing
 
-### 6.0.0
+## 6.0.0
 
 - Dropping support for Ruby <2.3 (Major version bump)
 - Fix issue when using --enable-frozen-string-literal Ruby option #95 (jeremyevans)
@@ -29,33 +36,33 @@
 - Update gems (rake, addressable)
 - Update Travis tests to include Ruby 2.7
 
-### 5.1.0
+## 5.1.0
 
 - Create `random_base32` to perform `random` to avoid breaking changes
   - Still needed to bump to 5.x due to Base32 cleanup
 
-### 5.0.0
+## 5.0.0
 
 - Clean up base32 implementation to match Google Autheticator
 - BREAKING `Base32.random_base32` renamed to random
   - The argument is now byte length vs output string length for more precise bit strengths
 
-### 4.1.0
+## 4.1.0
 
 - Add a digest option to the CLI #83
 - Fix provisioning URI is README #82
 - Improvements to docs
 
-### 4.0.2
+## 4.0.2
 
 - Fix gemspec requirment for Addressable
 
-### 4.0.1
+## 4.0.1
 
 - Rubocop for style fixes
 - Replace deprecated URI.encode with Addressable's version
 
-#### 4.0.0
+## 4.0.0
 
 - Simplify API
 - Remove support for Ruby < 2.0
@@ -65,96 +72,96 @@
   - `TOTP#at`
   - `TOTP#now` (first argument)
 
-#### 3.3.1
+## 3.3.1
 
 - Add OpenSSL as a requirement for Ruby 2.5. Fixes #70 & #64
 - Allow Base32 with padding. #71
 - Prevent verify with drift being negative #69
 
-#### 3.3.0
+## 3.3.0
 
 - Add digest algorithm parameter for non SHA1 digests - #62 from @btalbot
 
-#### 3.2.0
+## 3.2.0
 
 - Add 'verify_with_drift_and_prior' to prevent prior token use - #58 from @jlfaber
 
-#### 3.1.0
+## 3.1.0
 
 - Add Add digits paramater to provisioning URI. #54 from @sbc100
 
-#### 3.0.1
+## 3.0.1
 
 - Use SecureRandom. See mdp/rotp/pull/52
 
-#### 3.0.0
+## 3.0.0
 
 - Provisioning URL includes issuer label per RFC 5234 See mdp/rotp/pull/51
 
-#### 2.1.2
+## 2.1.2
 
 - Remove string literals to prepare immutable strings in Ruby 3.0
 
-#### 2.1.1
+## 2.1.1
 
 - Reorder the params for Windows Phone Authenticator - #43
 
-#### 2.1.0
+## 2.1.0
 
 - Add a CLI for generating OTP's mdp/rotp/pull/35
 
-#### 2.0.0
+## 2.0.0
 
 - Move to only comparing string OTP's.
 
-#### 1.7.0
+## 1.7.0
 
 - Move to only comparing string OTP's. See mdp/rotp/issues/32 - Moved to 2.0.0 - yanked from RubyGems
 
-#### 1.6.1
+## 1.6.1
 
 - Remove deprecation warning in Ruby 2.1.0 (@ylansegal)
 - Add Ruby 2.0 and 2.1 to Travis
 
-#### 1.6.0
+## 1.6.0
 
 - Add verify_with_retries to HOTP
 - Fix 'cgi' require and global DEFAULT_INTERVAL
 
-#### 1.5.0
+## 1.5.0
 
 - Add support for "issuer" parameter on provisioning url
 - Add support for "period/interval" parameter on provisioning url
 
-#### 1.4.6
+## 1.4.6
 
 - Revert to previous Base32
 
-#### 1.4.5
+## 1.4.5
 
 - Fix and test correct implementation of Base32
 
-#### 1.4.4
+## 1.4.4
 
 - Fix issue with base32 decoding of strings in a length that's not a multiple of 8
 
-#### 1.4.3
+## 1.4.3
 
 - Bugfix on padding
 
-#### 1.4.2
+## 1.4.2
 
 - Better padding options (Pad the output with leading 0's)
 
-#### 1.4.1
+## 1.4.1
 
 - Clean up drift logic
 
-#### 1.4.0
+## 1.4.0
 
 - Added clock drift support via 'verify_with_drift' for TOTP
 
-####1.3.0
+## 1.3.0
 
 - Added support for Ruby 1.9.x
 - Removed dependency on Base32

data/{Dockerfile-3.0-rc → Dockerfile-3.0}

@@ -1,4 +1,4 @@
-FROM ruby:3.0-rc
+FROM ruby:3.0
 
 RUN mkdir -p /usr/src/app
 WORKDIR /usr/src/app

data/README.md

@@ -149,7 +149,7 @@ totp = ROTP::TOTP.new("base32secret3232", issuer: "My Service")
 totp.provisioning_uri("alice@google.com") # => 'otpauth://totp/My%20Service:alice%40google.com?secret=base32secret3232&issuer=My%20Service'
 
 hotp = ROTP::HOTP.new("base32secret3232", issuer: "My Service")
-hotp.provisioning_uri("alice@google.com", 0) # => 'otpauth://hotp/alice%40google.com?secret=base32secret3232&counter=0'
+hotp.provisioning_uri("alice@google.com", 0) # => 'otpauth://hotp/My%20Service:alice%40google.com?secret=base32secret3232&issuer=My%20Service&counter=0'
 ```
 
 This can then be rendered as a QR Code which the user can scan using their mobile phone and the appropriate application.

data/docker-compose.yml

@@ -28,10 +28,10 @@ services:
     volumes:
       - "./lib:/usr/src/app/lib"
       - "./spec:/usr/src/app/spec"
-  ruby_3_0_rc:
+  ruby_3_0:
     build:
       context: .
-      dockerfile: Dockerfile-3.0-rc
+      dockerfile: Dockerfile-3.0
     volumes:
       - "./lib:/usr/src/app/lib"
       - "./spec:/usr/src/app/spec"

data/lib/rotp/hotp.rb

@@ -24,8 +24,8 @@ module ROTP
     # @param [String] name of the account
     # @param [Integer] initial_count starting counter value, defaults to 0
     # @return [String] provisioning uri
-    def provisioning_uri(name, initial_count = 0)
-      OTP::URI.new(self, account_name: name, counter: initial_count).to_s
+    def provisioning_uri(name = nil, initial_count = 0)
+      OTP::URI.new(self, account_name: name || @name, counter: initial_count).to_s
     end
   end
 end

data/lib/rotp/otp/uri.rb

@@ -2,9 +2,9 @@ module ROTP
   class OTP
     # https://github.com/google/google-authenticator/wiki/Key-Uri-Format
     class URI
-      def initialize(otp, account_name:, counter: nil)
+      def initialize(otp, account_name: nil, counter: nil)
         @otp = otp
-        @account_name = account_name
+        @account_name = account_name || ''
         @counter = counter
       end
 
@@ -34,8 +34,6 @@ module ROTP
       end
 
       def issuer
-        return if @otp.is_a?(HOTP)
-
         @otp.issuer&.strip&.tr(':', '_')
       end
 
@@ -56,6 +54,7 @@ module ROTP
           period: period,
           counter: counter,
         }
+          .merge(@otp.provisioning_params)
           .reject { |_, v| v.nil? }
           .map { |k, v| "#{k}=#{ERB::Util.url_encode(v)}" }
           .join('&')

data/lib/rotp/otp.rb

@@ -1,6 +1,6 @@
 module ROTP
   class OTP
-    attr_reader :secret, :digits, :digest
+    attr_reader :secret, :digits, :digest, :name, :issuer, :provisioning_params
     DEFAULT_DIGITS = 6
 
     # @param [String] secret in the form of base32
@@ -10,10 +10,22 @@ module ROTP
     # @option options digest [String] (sha1)
     #     Digest used in the HMAC.
     #     Google Authenticate only supports 'sha1' currently
+    # @option options name [String]
+    #     The name of the account for the OTP.
+    #     Used in the provisioning URL
+    # @option options issuer [String]
+    #     The issuer of the OTP.
+    #     Used in the provisioning URL
+    # @option options provisioning_params [Hash] ({})
+    #     Additional non-standard params you may want appended to the
+    #     provisioning URI. Ex. `image: 'https://example.com/icon.png'`
     # @returns [OTP] OTP instantiation
     def initialize(s, options = {})
       @digits = options[:digits] || DEFAULT_DIGITS
       @digest = options[:digest] || 'sha1'
+      @name = options[:name]
+      @issuer = options[:issuer]
+      @provisioning_params = options[:provisioning_params] || {}
       @secret = s
     end
 

data/lib/rotp/totp.rb

@@ -53,8 +53,8 @@ module ROTP
     # to provision the Google Authenticator app
     # @param [String] name of the account
     # @return [String] provisioning URI
-    def provisioning_uri(name)
-      OTP::URI.new(self, account_name: name).to_s
+    def provisioning_uri(name = nil)
+      OTP::URI.new(self, account_name: name || @name).to_s
     end
 
     private

data/lib/rotp/version.rb

@@ -1,3 +1,3 @@
 module ROTP
-  VERSION = '6.2.2'.freeze
+  VERSION = '6.3.0'.freeze
 end

data/release-please-config.json

@@ -0,0 +1,12 @@
+{
+  "packages": {
+    ".": {
+      "changelog-path": "CHANGELOG.md",
+      "bump-minor-pre-major": false,
+      "bump-patch-for-minor-pre-major": false,
+      "draft": false,
+      "prerelease": false
+    }
+  },
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
+}

data/spec/lib/rotp/hotp_spec.rb

@@ -108,7 +108,15 @@ RSpec.describe ROTP::HOTP do
   end
 
   describe '#provisioning_uri' do
-    it 'accepts the account name' do
+    let(:hotp) { ROTP::HOTP.new('a' * 32, name: "m@mdp.im") }
+    let(:params) { CGI.parse URI.parse(uri).query }
+
+    it 'created from the otp instance data' do
+      expect(hotp.provisioning_uri())
+        .to eq 'otpauth://hotp/m%40mdp.im?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&counter=0'
+    end
+
+    it 'allow passing a name to override the OTP name' do
       expect(hotp.provisioning_uri('mark@percival'))
         .to eq 'otpauth://hotp/mark%40percival?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&counter=0'
     end
@@ -117,5 +125,29 @@ RSpec.describe ROTP::HOTP do
       expect(hotp.provisioning_uri('mark@percival', 17))
         .to eq 'otpauth://hotp/mark%40percival?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&counter=17'
     end
+
+    context 'with non-standard provisioning_params' do
+      let(:hotp) { ROTP::HOTP.new('a' * 32, digits: 8, provisioning_params: {image: 'https://example.com/icon.png'}) }
+      let(:uri)    { hotp.provisioning_uri("mark@percival") }
+
+      it 'includes the issuer as parameter' do
+        expect(params['image'].first).to eq 'https://example.com/icon.png'
+      end
+    end
+
+    context "with an issuer" do
+      let(:hotp) { ROTP::HOTP.new('a' * 32, name: "m@mdp.im", issuer: "Example.com") }
+
+      it 'created from the otp instance data' do
+        expect(hotp.provisioning_uri())
+          .to eq 'otpauth://hotp/Example.com:m%40mdp.im?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&issuer=Example.com&counter=0'
+      end
+
+      it 'allow passing a name to override the OTP name' do
+        expect(hotp.provisioning_uri('mark@percival'))
+          .to eq 'otpauth://hotp/Example.com:mark%40percival?secret=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&issuer=Example.com&counter=0'
+      end
+    end
+
   end
 end

data/spec/lib/rotp/totp_spec.rb

@@ -2,11 +2,12 @@ require 'spec_helper'
 
 TEST_TIME = Time.utc 2016, 9, 23, 9 # 2016-09-23 09:00:00 UTC
 TEST_TOKEN = '082630'.freeze
+TEST_SECRET = 'JBSWY3DPEHPK3PXP'
 
 RSpec.describe ROTP::TOTP do
   let(:now)   { TEST_TIME }
   let(:token) { TEST_TOKEN }
-  let(:totp)  { ROTP::TOTP.new 'JBSWY3DPEHPK3PXP' }
+  let(:totp)  { ROTP::TOTP.new TEST_SECRET }
 
   describe '#at' do
     let(:token) { totp.at now }
@@ -220,11 +221,52 @@ RSpec.describe ROTP::TOTP do
     end
   end
 
+
   describe '#provisioning_uri' do
-    it 'accepts the account name' do
-      expect(totp.provisioning_uri('mark@percival'))
-        .to eq 'otpauth://totp/mark%40percival?secret=JBSWY3DPEHPK3PXP'
+    let(:params) { CGI.parse URI.parse(uri).query }
+
+    context "with a provided name on the TOTP instance" do
+      let(:totp) { ROTP::TOTP.new(TEST_SECRET, name: "m@mdp.im") }
+      it 'creates a provisioning uri from the OTP instance' do
+        expect(totp.provisioning_uri())
+          .to eq 'otpauth://totp/m%40mdp.im?secret=JBSWY3DPEHPK3PXP'
+      end
+
+      it 'allow passing a name to override the OTP name' do
+        expect(totp.provisioning_uri('mark@percival'))
+          .to eq 'otpauth://totp/mark%40percival?secret=JBSWY3DPEHPK3PXP'
+      end
+    end
+
+    context 'with non-standard provisioning_params' do
+      let(:totp)    {
+        ROTP::TOTP.new(TEST_SECRET,
+          provisioning_params: { image: 'https://example.com/icon.png' }
+        )
+      }
+      let(:uri)    { totp.provisioning_uri("mark@percival") }
+
+      it 'includes the issuer as parameter' do
+        expect(params['image'].first).to eq 'https://example.com/icon.png'
+      end
+
     end
+
+    context "with an issuer" do
+      let(:totp) { ROTP::TOTP.new(TEST_SECRET, name: "m@mdp.im", issuer: "Example.com") }
+
+      it 'creates a provisioning uri from the OTP instance' do
+        expect(totp.provisioning_uri())
+          .to eq 'otpauth://totp/Example.com:m%40mdp.im?secret=JBSWY3DPEHPK3PXP&issuer=Example.com'
+      end
+
+      it 'allow passing a name to override the OTP name' do
+        expect(totp.provisioning_uri('mark@percival'))
+          .to eq 'otpauth://totp/Example.com:mark%40percival?secret=JBSWY3DPEHPK3PXP&issuer=Example.com'
+      end
+
+    end
+
   end
 
   describe '#now' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rotp
 version: !ruby/object:Gem::Version
-  version: 6.2.2
+  version: 6.3.0
 platform: ruby
 authors:
 - Mark Percival
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-12-13 00:00:00.000000000 Z
+date: 2023-08-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -77,12 +77,14 @@ files:
 - ".devcontainer/Dockerfile"
 - ".devcontainer/devcontainer.json"
 - ".dockerignore"
+- ".github/workflows/release.yaml"
 - ".github/workflows/test.yaml"
 - ".gitignore"
+- ".release-please-manifest.json"
 - CHANGELOG.md
 - Dockerfile-2.3
 - Dockerfile-2.7
-- Dockerfile-3.0-rc
+- Dockerfile-3.0
 - Gemfile
 - Guardfile
 - LICENSE
@@ -98,6 +100,7 @@ files:
 - lib/rotp/otp/uri.rb
 - lib/rotp/totp.rb
 - lib/rotp/version.rb
+- release-please-config.json
 - rotp.gemspec
 - spec/lib/rotp/arguments_spec.rb
 - spec/lib/rotp/base32_spec.rb
@@ -125,7 +128,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
+rubygems_version: 3.4.10
 signing_key: 
 specification_version: 4
 summary: A Ruby library for generating and verifying one time passwords