Reintroduce TOTP support #890
Conversation
While HOTP is a pain to add support for, TOTP is relatively easy and also the most commonly used variant. As per discussion in #806, it makes sense for us to add back TOTP at the very least as a reasonable middle path between maintainability for us and a healthy feature set for our users Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* develop: Update Public Suffix List data (#888)
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
|
Well kill me now, the click listener refuses to fire :D |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
|
Good news: the tests have been verified with a separate app to be correct which means my Kotlin port of the Otp class works well |
* develop: UI fixups (#892)
|
Uhh this works now for some reason? @erayd @charvp @Helianthella here's a signed build to test the functionality and UX with: https://dl.msfjarvis.dev/share/aps_1.10.0-SNAPSHOT.apk |
|
Thanks! I've logged into a few sites, seems to work without a hitch. |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Will push this separately Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
|
I think this covers our bases well. If someone has more |
|
@msfjarvis Initial testing with that APK seems to work well - I've tested a number of different entries, and the generated codes were all correct. One comment - there is no option to view the generated OTP code; the only option is to copy it to the clipboard. For those who are logging in on a device that isn't their phone, that will cause problems. Displaying it in a similar manner to how the password and username are displayed would address that issue. |
Yeah that makes sense, will get on it. |
|
Thanks @FabianHenneke 🙂.
|
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
You can still manually copy it while editing so IMO our current setup is fine. I've made the change to drop |
Does that commit also drop |
No, just |
|
Not It's not a URL scheme, but rather a key / value line, similar to how the username is encoded. |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Ah yeah, accidentally typed |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
|
If I understand Base32 padding correctly (don't let me down Wikipedia), this test covers that case as well which means this is good to go now. |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
|
I implemented parsing otpauth URLs in pyotp, so maybe the unit tests there may help too: https://github.com/pyauth/pyotp/blob/master/test.py#L342 |
|
See also pyauth/pyotp#84 for the feature itself and the checks to ensure the URL meets the standards |
Thanks a lot, this is helpful! This gave me a couple ideas that I'll implement right now. |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
This reverts commit 908d426.
|
@FabianHenneke reverted as per our discussion |
* develop: (62 commits) Scroll to files and enter folders when created (android-password-store#909) Run a treewide reformat (android-password-store#908) Improve how secrets and stored and used (android-password-store#907) Improve and refactor Autofill heuristics (android-password-store#905) Use PreferenceKeys file to manage SharedPreferences keys. (android-password-store#891) Revert "Support directly importing secrets" (android-password-store#904) Allow importing TOTP configuration through QR codes (android-password-store#903) Bump version Prepare release 1.9.2 update changelog Workaround to prevent crash on first run (android-password-store#898) Workaround to prevent crash on first run (android-password-store#898) Offer TOTP Autofill for OTP fields (android-password-store#899) Merge SshKeyGenFragment into its activity (android-password-store#897) Reintroduce TOTP support (android-password-store#890) Sync with release branch (android-password-store#896) build: bump version Prepare release 1.9.1 Backport Actions fixes (android-password-store#894) Rework GitHub Actions (android-password-store#893) ...
📢 Type of change
📜 Description
Re-introduces TOTP support backed by extensive automated tests.
💡 Motivation and Context
Users have been very unhappy about losing support for OTP features and while HOTP is very ugly to add,
TOTP is a relatively easier effort so as a good compromise between maintainability and user experience,
this PR reintroduces support for TOTP secrets.
💚 How did you test it?
Users are testing this with their TOTP secrets and reporting back with success, and all our unit and instrumentation tests pass.
📝 Checklist
🔮 Next steps
Follow the patterns established here to break more things down to testable units
📸 Screenshots / GIFs