[PM-10080] Don't constrain OTP auth codes to base-32 secrets (#784)

bitwarden · Aug 2, 2024 · 1fcae32 · 1fcae32
1 parent 926c990
commit 1fcae32
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/BitwardenShared/Core/Vault/Services/TOTP/OTPAuthModel.swift b/BitwardenShared/Core/Vault/Services/TOTP/OTPAuthModel.swift
@@ -66,8 +66,7 @@ public struct OTPAuthModel: Equatable, Hashable, Sendable {
         guard let urlComponents = URLComponents(string: otpAuthKey),
               urlComponents.scheme == "otpauth",
               let queryItems = urlComponents.queryItems,
-              let secret = queryItems.first(where: { $0.name == "secret" })?.value,
-              secret.uppercased().isBase32 else {
+              let secret = queryItems.first(where: { $0.name == "secret" })?.value else {
             return nil
         }
 

diff --git a/BitwardenShared/Core/Vault/Services/TOTP/OTPAuthModelTests.swift b/BitwardenShared/Core/Vault/Services/TOTP/OTPAuthModelTests.swift
@@ -85,6 +85,23 @@ class OTPAuthModelTests: BitwardenTestCase {
         )
     }
 
+    /// Tests that an OTP Auth string with a non-base32 key creates a model.
+    func test_init_otpAuthKey_success_nonbase32() {
+        let subject = OTPAuthModel(otpAuthKey: .otpAuthUriKeyNonBase32)
+        XCTAssertEqual(
+            subject,
+            OTPAuthModel(
+                accountName: nil,
+                algorithm: .sha1,
+                digits: 6,
+                issuer: nil,
+                key: "1234567890",
+                period: 30,
+                uri: .otpAuthUriKeyNonBase32
+            )
+        )
+    }
+
     /// Tests that a partially formatted OTP Auth string creates the model.
     func test_init_otpAuthKey_success_partial() {
         let subject = OTPAuthModel(otpAuthKey: .otpAuthUriKeyPartial)

diff --git a/BitwardenShared/UI/Vault/PreviewContent/String+TOTPFixtures.swift b/BitwardenShared/UI/Vault/PreviewContent/String+TOTPFixtures.swift
@@ -5,6 +5,7 @@ extension String {
     // swiftlint:disable:next line_length
     static let otpAuthUriKeyComplete = "otpauth://totp/Example:[email protected]?secret=JBSWY3DPEHPK3PXP&issuer=Example&algorithm=SHA256&digits=6&period=30"
     static let otpAuthUriKeyMinimum = "otpauth://totp/:?secret=JBSWY3DPEHPK3PXP"
+    static let otpAuthUriKeyNonBase32 = "otpauth://totp/:?secret=1234567890"
     static let otpAuthUriKeyPartial = "otpauth://totp/Example:[email protected]?secret=JBSWY3DPEHPK3PXP"
     // swiftlint:disable:next line_length
     static let otpAuthUriKeySHA512 = "otpauth://totp/Example:[email protected]?secret=JBSWY3DPEHPK3PXP&algorithm=SHA512"