Issue #65 ValidateTwoFactorPin always returns false, if the secretKey parameter is base32 encoded string - fixed #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

ahwm merged 4 commits into BrandonPotter:master from kateryna-novak:master

Jul 9, 2021

ghost commented Jul 7, 2021

Fix for issue # 65;
Support for .net5;
Small refactoring.


          Issue BrandonPotter#65 ValidateTwoFactorPin always returns false, if …

b5ea257

…the secretKey parameter is base32 encoded string - fixed

Fix for issue # 65;
Support for .net5;
Small refactoring.

ahwm requested a review from flytzen

July 7, 2021 21:42


          Issue BrandonPotter#65 - ValidateTwoFactorPin always returns false, i…

ff44a79

…f the secretKey parameter is base32 encoded string

Added parameter secretIsBase32 into ValidateTwoFactorPIN

flytzen requested changes

View reviewed changes

Collaborator

flytzen left a comment

Thank you for this and for fixing the issue.
I would prefer to leave {} around the body of if/else; it is more verbose but is recommended practice because it prevents subtle errors.
If at all possible, could you add a unit test that would have failed before the fix and passes after? Reason is, the code looks good, but I don't actually know if it works and a unit test would show that.

Thank you again, great work!

Google.Authenticator/Base32Encoding.cs

    
                          {

                              throw new ArgumentNullException("input");

                          }

                              throw new ArgumentNullException(nameof(input));

Collaborator

flytzen Jul 8, 2021

Please don't remove {} here :)

Author

ghost Jul 8, 2021

Done :)

Google.Authenticator/Base32Encoding.cs

    
                          //if we didn't end with a full byte

                          if (arrayIndex != byteCount)

                          {

                              returnArray[arrayIndex] = curByte;

Collaborator

flytzen Jul 8, 2021

Please don't remove {} here

Author

ghost Jul 8, 2021

Done :)

Google.Authenticator/Base32Encoding.cs

    
                          {

                              throw new ArgumentNullException("input");

                          }

                              throw new ArgumentNullException(nameof(input));

Collaborator

flytzen Jul 8, 2021

Please don't remove {} here

Author

ghost Jul 8, 2021

Done

Google.Authenticator/Base32Encoding.cs

    
                          var value = (int)c;

                          //65-90 == uppercase letters

                          if (value < 91 && value > 64)

Collaborator

flytzen Jul 8, 2021

Please don't remove {} here

Author

ghost Jul 8, 2021

Done

Google.Authenticator/Base32Encoding.cs

    
                          }

                          //50-55 == numbers 2-7

                          if (value < 56 && value > 49)

Collaborator

flytzen Jul 8, 2021

Please don't remove {} here

Google.Authenticator/TwoFactorAuthenticator.cs

    
                          }

                          else

                          {

                              //  https://github.com/google/google-authenticator/wiki/Conflicting-Accounts

Collaborator

flytzen Jul 8, 2021

Please don't remove these comments

Author

ghost Jul 8, 2021

Sorry, that was not on purpose. Returned it.

Google.Authenticator/TwoFactorAuthenticator.cs

    
                              {

                                  result.Append(symbol);

                              }

                              if (validChars.IndexOf(symbol) == -1)

Collaborator

flytzen Jul 8, 2021

Please don't remove {} here

Google.Authenticator/TwoFactorAuthenticator.cs

    
                              {

                                  result.Append('%' + String.Format("{0:X2}", (int)symbol));

                              }

                                  result.Append(symbol);

Collaborator

flytzen Jul 8, 2021

Please don't remove {} here

Google.Authenticator/TwoFactorAuthenticator.cs Outdated

    
                          bool secretIsBase32,

                          int digits = 6)

                          => GenerateHashedCode(

                              secretIsBase32 ? Base32Encoding.ToBytes(secret):Encoding.UTF8.GetBytes(secret),

Collaborator

flytzen Jul 8, 2021

👍

Google.Authenticator/TwoFactorAuthenticator.cs Outdated

    
                          string twoFactorCodeFromClient,

                          TimeSpan timeTolerance,

                          bool secretIsBase32 = false) =>

                          GetCurrentPINs(accountSecretKey, timeTolerance, secretIsBase32).Any(c => c == twoFactorCodeFromClient);

Collaborator

flytzen Jul 8, 2021

I agree this is more compact, but I think it hurts legibility. I am not too bothered, but I prefer the previous form here.


          Issue BrandonPotter#65 ValidateTwoFactorPin always returns false, if …

3cdfd22

…the secretKey parameter is base32 encoded string - fixes for review

flytzen approved these changes

View reviewed changes

Google.Authenticator.Tests/AuthCodeTest.cs

    
                          actual.ShouldBe(expected);

                      }

Collaborator

flytzen Jul 8, 2021

💯

Collaborator

flytzen commented Jul 8, 2021

@ahwm LGTM, you happy to merge?
Given that we are changing the public interface, we should probably increment the major version?
And then we need to raise @BrandonPotter to get a deploy running :)

Author

ghost commented Jul 8, 2021

@ahwm LGTM, you happy to merge?
Given that we are changing the public interface, we should probably increment the major version?
And then we need to raise @BrandonPotter to get a deploy running :)

It will be great if the Nuget package is upgraded! Then I will be able to use it in our product ;) Thank you in advance!

Owner

BrandonPotter commented Jul 8, 2021

Good stuff here!

Collaborator

ahwm commented Jul 8, 2021 •

edited

Loading

@ahwm LGTM, you happy to merge?
Given that we are changing the public interface, we should probably increment the major version?
And then we need to raise @BrandonPotter to get a deploy running :)

I'm happy to merge. Yes the public API is being changed, but it's been done in a backwards-compatible way (parameters with a default value last in the list) so it's not going to break existing integrations that update to it. So I think we can get by with a minor version increment.

So instead of 2.1.2 it would be 2.2.0.

@flytzen @BrandonPotter if you're both good with that version number then I'll make the version edit and merge.

Collaborator

flytzen commented Jul 9, 2021

@ahwm agreed, thank you 💯

Owner

BrandonPotter commented Jul 9, 2021

Agreed!


          Updating version

b759503

ahwm merged commit ba2c632 into BrandonPotter:master

ahwm mentioned this pull request

ValidateTwoFactorPin always returns false, if the secretKey parameter is base32 encoded string #65

Closed

Author

ghost commented Jul 12, 2021

@awhm could you please update the Nuget package to include these changes? Thank you very much in advance.

Collaborator

ahwm commented Jul 12, 2021

@caterina-novak pending #67

Collaborator

ahwm commented Jul 13, 2021

@caterina-novak NuGet is pushed and should be live in a short period.

Author

ghost commented Jul 13, 2021 via email

@ahwm Adam, thank you very much! Best regards,Caterina mailto: ***@***.*** On Tuesday, 13 July 2021, 04:36:18 EEST, Adam ***@***.***> wrote: @caterina-novak NuGet is pushed and should be live in a short period. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet