10000 [PM-10080] Don't constrain OTP auth codes to base-32 secrets by KatherineInCode · Pull Request #784 · bitwarden/ios · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[PM-10080] Don't constrain OTP auth codes to base-32 secrets #784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 2, 2024
Merged

[PM-10080] Don't constrain OTP auth codes to base-32 secrets #784

merged 1 commit into from
Aug 2, 2024

Conversation

KatherineInCode
Copy link
Contributor

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-10080

📔 Objective

OTP-auth URLs were still doing base-32 checking on their secrets. This changes that so any secret will be allowed, even if it's not base-32 encoded. In practice, we should never see things that aren't base-32, but since the SDK handles it, it seems reasonable for us to allow it.

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@KatherineInCode KatherineInCode marked this pull request as ready for review August 1, 2024 21:02
@github-actions GitHub Actions
Copy link
Contributor
github-actions bot commented Aug 1, 2024

Logo
Checkmarx One – Scan Summary & Details47587af7-a701-4a98-82da-96d8f7a8565e

No New Or Fixed Issues Found

@codecov Codecov
Copy link
codecov bot commented Aug 1, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.17%. Comparing base (d849744) to head (8b4ee91).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #784      +/-   ##
==========================================
- Coverage   88.19%   88.17%   -0.02%     
==========================================
  Files         577      577              
  Lines       29213    29212       -1     
==========================================
- Hits        25763    25759       -4     
- Misses       3450     3453       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

fedemkr
fedemkr reviewed Aug 2, 2024
View reviewed changes
Copy link
Member
@fedemkr fedemkr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the user see totp codes being generated when the OTP Auth model has a key that has all its characters as non-base32?
e.g.
key = 111111111

@KatherineInCode
Copy link
Contributor Author

Does the user see totp codes being generated when the OTP Auth model has a key that has all its characters as non-base32? e.g. key = 111111111

It works the same as if that secret was entered manually.

@KatherineInCode KatherineInCode merged commit 1fcae32 into main Aug 2, 2024
8 checks passed
@KatherineInCode KatherineInCode deleted the pm-10080/totp-errors branch August 2, 2024 17:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fedemkr fedemkr fedemkr approved these changes

@matt-livefront matt-livefront matt-livefront approved these changes

@phil-livefront phil-livefront phil-livefront approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@KatherineInCode @fedemkr @matt-livefront @phil-livefront
0