From ac978bf27c28e8b9d99c04e75aff393c423235df Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Sun, 6 Aug 2017 19:59:10 -0700 Subject: [PATCH] be more careful with secret input. Fixes #17 --- hotp/hotp.go | 3 ++- otp.go | 6 ++++-- otp_test.go | 8 ++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/hotp/hotp.go b/hotp/hotp.go index 674ad1c..951cd0b 100644 --- a/hotp/hotp.go +++ b/hotp/hotp.go @@ -70,8 +70,9 @@ func GenerateCode(secret string, counter uint64) (string, error) { // GenerateCodeCustom uses a counter and secret value and options struct to // create a passcode. func GenerateCodeCustom(secret string, counter uint64, opts ValidateOpts) (passcode string, err error) { - // As noted in issue #10 this adds support for TOTP secrets that are + // As noted in issue #10 and #17 this adds support for TOTP secrets that are // missing their padding. + secret = strings.TrimSpace(secret) if n := len(secret) % 8; n != 0 { secret = secret + strings.Repeat("=", 8-n) } diff --git a/otp.go b/otp.go index 0fa9709..88d0da1 100644 --- a/otp.go +++ b/otp.go @@ -57,14 +57,16 @@ type Key struct { // https://github.com/google/google-authenticator/wiki/Key-Uri-Format // func NewKeyFromURL(orig string) (*Key, error) { - u, err := url.Parse(orig) + s := strings.TrimSpace(orig) + + u, err := url.Parse(s) if err != nil { return nil, err } return &Key{ - orig: orig, + orig: s, url: u, }, nil } diff --git a/otp_test.go b/otp_test.go index 97ee226..832ae51 100644 --- a/otp_test.go +++ b/otp_test.go @@ -45,3 +45,11 @@ func TestKeyNoIssuer(t *testing.T) { require.Equal(t, "", k.Issuer(), "Extracting Issuer") require.Equal(t, "alice@google.com", k.AccountName(), "Extracting Account Name") } + +func TestKeyWithNewLine(t *testing.T) { + w, err := NewKeyFromURL(`otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP +`) + require.NoError(t, err) + sec := w.Secret() + require.Equal(t, "JBSWY3DPEHPK3PXP", sec) +}