Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

otpclient: with FreeOTP+ export, spaces in key URIs are not encoded #367

Closed
fvcr opened this issue Jun 26, 2024 · 7 comments
Closed

otpclient: with FreeOTP+ export, spaces in key URIs are not encoded #367

fvcr opened this issue Jun 26, 2024 · 7 comments
Assignees
Milestone

Comments

@fvcr
Copy link
Contributor

fvcr commented Jun 26, 2024

Hi @paolostivanin,

When using Export → FreeOTP+ (key URI), the URIs in the generated file
have raw space characters. Such characters should be encoded as %20.

Please, see:
https://bugs.debian.org/1074263

Maybe you can tell us if this happens on your side too.

Thanks!

@paolostivanin
Copy link
Owner

hmmm doesn't happened here. I have exported my tokens and all is fine, e.g.:

otpauth://totp/Amazon%20Web%20Services...
otpauth://totp/Nextcloud%20Personal...

@paolostivanin
Copy link
Owner

paolostivanin commented Jun 27, 2024

internally, it's using g_uri_escape_string to generate the escaped string. I'm on Tumbleweed, which is using the same version as the OP (2.80.3)

@paolostivanin
Copy link
Owner

I'll check on Debian testing what's going on

@paolostivanin
Copy link
Owner

paolostivanin commented Jun 27, 2024

Can confirm that it works fine for me also on Debian testing. I would need a reproducer in order to debug what's happening.

@vinc17fr
Copy link

Apparently the issue occurs only for the issuer. For instance:

otpauth://totp/test%20123%3Atest%20123?secret=GEZDGNBVGY3TQOIK&issuer=test 123&digits=6&algorithm=SHA1&period=30

The space for the account is correctly encoded, but not the one for the issuer.

@paolostivanin
Copy link
Owner

paolostivanin commented Jun 27, 2024

ahhh found the issue! Will fix it asap, thanks @vinc17fr

EDIT: it will be part of release 3.7.0 which I plan to release either tomorrow or on the weekend

@fvcr
Copy link
Contributor Author

fvcr commented Jun 27, 2024

I've reproduced on both debian 12.5, testing and unstable.

Maybe that will help,

You can generate a base32 encoded string like this:
$ echo 123456789 | base32
MVRWQ3ZAGEZDGNBVGY3TQOIK

And add a new token manually:
Add token > Manually
TOTP - SHA1 - Account: "test 123" - Issuer: "test 123" - Secret: MVRWQ3ZAGEZDGNBVGY3TQOIK - Digits: 6 - Period: 30
f1dae1480466927cb57d9bc3a191b13e

Export > FreeOTP+ (Key URI)
It generated a file called freeotpplus-exports.txt, with the content:

otpauth://totp/test%20123%3Atest%20123?secret=MVRWQ3ZAGEZDGNBVGY3TQOIK&issuer=test 123&digits=6&algorithm=SHA1&period=30

The same content I showed in the bug.

In my opinion, the field issuer is coming with uncoded space.

@paolostivanin paolostivanin added this to the 3.7.0 milestone Jun 27, 2024
paolostivanin added a commit that referenced this issue Jun 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants