Throw exception if algorithm is not valid

antonioribeiro · Sep 23, 2019 · c9bd429 · c9bd429
1 parent 0ebe6b2
commit c9bd429
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 20 deletions.
diff --git a/src/Exceptions/Contracts/InvalidAlgorithm.php b/src/Exceptions/Contracts/InvalidAlgorithm.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace PragmaRX\Google2FA\Exceptions\Contracts;
+
+interface InvalidAlgorithm
+{
+}
diff --git a/src/Exceptions/InvalidAlgorithmException.php b/src/Exceptions/InvalidAlgorithmException.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace PragmaRX\Google2FA\Exceptions;
+
+use Exception;
+use PragmaRX\Google2FA\Exceptions\Contracts\Google2FA as Google2FAExceptionContract;
+use PragmaRX\Google2FA\Exceptions\Contracts\InvalidAlgorithm as InvalidAlgorithmExceptionContract;
+
+class InvalidAlgorithmException extends Google2FAException implements Google2FAExceptionContract, InvalidAlgorithmExceptionContract
+{
+    protected $message = 'Invalid HMAC algorithm.';
+}
diff --git a/src/Google2FA.php b/src/Google2FA.php
@@ -2,10 +2,11 @@
 
 namespace PragmaRX\Google2FA;
 
-use PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException;
 use PragmaRX\Google2FA\Support\Base32;
-use PragmaRX\Google2FA\Support\Constants;
 use PragmaRX\Google2FA\Support\QRCode;
+use PragmaRX\Google2FA\Support\Constants;
+use PragmaRX\Google2FA\Exceptions\InvalidAlgorithmException;
+use PragmaRX\Google2FA\Exceptions\SecretKeyTooShortException;
 
 class Google2FA
 {
@@ -84,7 +85,7 @@ public function findValidOTP(
      * @param $counter
      * @return string
      */
-    protected function generateHotp($secret, $counter): string
+    protected function generateHotp($secret, $counter)
     {
         return hash_hmac(
             $this->getAlgorithm(),
@@ -181,6 +182,20 @@ public function getTimestamp()
         return (int) floor(microtime(true) / $this->keyRegeneration);
     }
 
+    /**
+     * Get a list of valid HMAC algorithms.
+     *
+     * @return array
+     */
+    protected function getValidAlgorithms()
+    {
+        return [
+            Constants::SHA1,
+            Constants::SHA256,
+            Constants::SHA512,
+        ];
+    }
+
     /**
      * Get the OTP window.
      *
@@ -308,23 +323,18 @@ public function setEnforceGoogleAuthenticatorCompatibility(
      * Set the HMAC hashing algorithm.
      *
      * @param mixed $algorithm
+     * @return \PragmaRX\Google2FA\Google2FA
      */
     public function setAlgorithm($algorithm)
     {
-        $validAlgorithms = [
-            Constants::SHA1,
-            Constants::SHA256,
-            Constants::SHA512,
-        ];
-
         // Default to SHA1 HMAC algorithm
-        if (! in_array($algorithm, $validAlgorithms)) {
-            $this->algorithm = Constants::SHA1;
-
-            return;
+        if (! in_array($algorithm, $this->getValidAlgorithms())) {
+            throw new InvalidAlgorithmException();
         }
 
         $this->algorithm = $algorithm;
+
+        return $this;
     }
 
     /**

diff --git a/src/Support/Base32.php b/src/Support/Base32.php
@@ -72,7 +72,7 @@ public function base32Decode($b32)
      * @param $b32
      * @return bool
      */
-    protected function isCharCountNotAPowerOfTwo($b32): bool
+    protected function isCharCountNotAPowerOfTwo($b32)
     {
         return (strlen($b32) & (strlen($b32) - 1)) !== 0;
     }

diff --git a/tests/Google2FATest.php b/tests/Google2FATest.php
@@ -303,6 +303,7 @@ public function testVerifiesSha256Keys()
                 26213400
             )
         ); // 26213398
+
         $this->assertTrue(
             $this->google2fa->verifyKey(
                 Constants::SECRET,
@@ -311,6 +312,7 @@ public function testVerifiesSha256Keys()
                 26213400
             )
         ); // 26213399
+
         $this->assertTrue(
             $this->google2fa->verifyKey(
                 Constants::SECRET,
@@ -319,6 +321,7 @@ public function testVerifiesSha256Keys()
                 26213400
             )
         ); // 26213400
+
         $this->assertTrue(
             $this->google2fa->verifyKey(
                 Constants::SECRET,
@@ -327,6 +330,7 @@ public function testVerifiesSha256Keys()
                 26213400
             )
         ); // 26213401
+
         $this->assertTrue(
             $this->google2fa->verifyKey(
                 Constants::SECRET,
@@ -344,6 +348,7 @@ public function testVerifiesSha256Keys()
                 26213400
             )
         ); // 26213403
+
         $this->assertFalse(
             $this->google2fa->verifyKey(
                 Constants::SECRET,
@@ -691,12 +696,6 @@ public function testSetsTheSecret()
 
     public function testGetsAlgorithm()
     {
-        $this->google2fa->setAlgorithm('md5');
-
-        $this->assertNotEquals('md5', $this->google2fa->getAlgorithm());
-        $this->assertEquals('sha1', $this->google2fa->getAlgorithm());
-        $this->assertEquals(Google2FAConstants::SHA1, $this->google2fa->getAlgorithm());
-
         $this->google2fa->setAlgorithm('sha1');
 
         $this->assertEquals('sha1', $this->google2fa->getAlgorithm());
@@ -713,6 +712,16 @@ public function testGetsAlgorithm()
         $this->assertEquals(Google2FAConstants::SHA512, $this->google2fa->getAlgorithm());
     }
 
+    public function testSetWrongAlgorithm()
+    {
+        $this->expectException(\PragmaRX\Google2FA\Exceptions\InvalidAlgorithmException::class);
+
+        $this->google2fa->setAlgorithm('md5');
+
+        $this->assertEquals('sha1', $this->google2fa->getAlgorithm());
+        $this->assertEquals(Google2FAConstants::SHA1, $this->google2fa->getAlgorithm());
+    }
+
     public function testGetsKeyRegeneration()
     {
         $this->google2fa->setKeyRegeneration(11);