[PM-10080] Don't constrain OTP auth codes to base-32 secrets (#784)

KatherineInCode · web-flow · commit 1fcae32aca18 · 2024-08-02T12:53:39.000-05:00
diff --git a/BitwardenShared/Core/Vault/Services/TOTP/OTPAuthModel.swift b/BitwardenShared/Core/Vault/Services/TOTP/OTPAuthModel.swift
@@ -66,8 +66,7 @@ public struct OTPAuthModel: Equatable, Hashable, Sendable {
         guard let urlComponents = URLComponents(string: otpAuthKey),
               urlComponents.scheme == "otpauth",
               let queryItems = urlComponents.queryItems,
-              let secret = queryItems.first(where: { $0.name == "secret" })?.value,
-              secret.uppercased().isBase32 else {
+              let secret = queryItems.first(where: { $0.name == "secret" })?.value else {
             return nil
         }
 
diff --git a/BitwardenShared/Core/Vault/Services/TOTP/OTPAuthModelTests.swift b/BitwardenShared/Core/Vault/Services/TOTP/OTPAuthModelTests.swift
@@ -85,6 +85,23 @@ class OTPAuthModelTests: BitwardenTestCase {
         )
     }
 
+    /// Tests that an OTP Auth string with a non-base32 key creates a model.
+    func test_init_otpAuthKey_success_nonbase32() {
+        let subject = OTPAuthModel(otpAuthKey: .otpAuthUriKeyNonBase32)
+        XCTAssertEqual(
+            subject,
+            OTPAuthModel(
+                accountName: nil,
+                algorithm: .sha1,
+                digits: 6,
+                issuer: nil,
+                key: "1234567890",
+                period: 30,
+                uri: .otpAuthUriKeyNonBase32
+            )
+        )
+    }
+
     /// Tests that a partially formatted OTP Auth string creates the model.
     func test_init_otpAuthKey_success_partial() {
         let subject = OTPAuthModel(otpAuthKey: .otpAuthUriKeyPartial)
diff --git a/BitwardenShared/UI/Vault/PreviewContent/String+TOTPFixtures.swift b/BitwardenShared/UI/Vault/PreviewContent/String+TOTPFixtures.swift
@@ -5,6 +5,7 @@ extension String {
     // swiftlint:disable:next line_length
     static let otpAuthUriKeyComplete = "otpauth://totp/Example:user@bitwarden.com?secret=JBSWY3DPEHPK3PXP&issuer=Example&algorithm=SHA256&digits=6&period=30"
     static let otpAuthUriKeyMinimum = "otpauth://totp/:?secret=JBSWY3DPEHPK3PXP"
+    static let otpAuthUriKeyNonBase32 = "otpauth://totp/:?secret=1234567890"
     static let otpAuthUriKeyPartial = "otpauth://totp/Example:user@bitwarden.com?secret=JBSWY3DPEHPK3PXP"
     // swiftlint:disable:next line_length
     static let otpAuthUriKeySHA512 = "otpauth://totp/Example:user@bitwarden.com?secret=JBSWY3DPEHPK3PXP&algorithm=SHA512"

Original file line number	Diff line number	Diff line change
`@@ -66,8 +66,7 @@ public struct OTPAuthModel: Equatable, Hashable, Sendable {`
`66`	`66`	`guard let urlComponents = URLComponents(string: otpAuthKey),`
`67`	`67`	`urlComponents.scheme == "otpauth",`
`68`	`68`	`let queryItems = urlComponents.queryItems,`
`69`		`- let secret = queryItems.first(where: { $0.name == "secret" })?.value,`
`70`		`- secret.uppercased().isBase32 else {`
	`69`	`+ let secret = queryItems.first(where: { $0.name == "secret" })?.value else {`
`71`	`70`	`return nil`
`72`	`71`	`}`
`73`	`72`
-Original file line number
+Diff line change
     // swiftlint:disable:next line_length
     static let otpAuthUriKeyComplete = "otpauth://totp/Example:[email protected]?secret=JBSWY3DPEHPK3PXP&issuer=Example&algorithm=SHA256&digits=6&period=30"
     static let otpAuthUriKeyMinimum = "otpauth://totp/:?secret=JBSWY3DPEHPK3PXP"
 +    static let otpAuthUriKeyNonBase32 = "otpauth://totp/:?secret=1234567890"
     static let otpAuthUriKeyPartial = "otpauth://totp/Example:[email protected]?secret=JBSWY3DPEHPK3PXP"
     // swiftlint:disable:next line_length
     static let otpAuthUriKeySHA512 = "otpauth://totp/Example:[email protected]?secret=JBSWY3DPEHPK3PXP&algorithm=SHA512"