Convert totp secret to uppercase (#485)

Some totp providers use lowercase secrets. This isn't valid base32 though and needs to be transformed into uppercase prior to parsing.
bitwarden · Jan 8, 2024 · c45ad21 · c45ad21
1 parent f998613
commit c45ad21
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/crates/bitwarden/src/vault/totp.rs b/crates/bitwarden/src/vault/totp.rs
@@ -129,7 +129,7 @@ impl FromStr for Totp {
     fn from_str(key: &str) -> Result<Self> {
         fn decode_secret(secret: &str) -> Result<Vec<u8>> {
             BASE32
-                .decode(secret.as_bytes())
+                .decode(secret.to_uppercase().as_bytes())
                 .map_err(|_| "Unable to decode secret".into())
         }
 
@@ -230,6 +230,20 @@ mod tests {
         assert_eq!(response.period, 30);
     }
 
+    #[test]
+    fn test_lowercase_secret() {
+        let key = "wqiq25brkzycjvyp".to_string();
+        let time = Some(
+            DateTime::parse_from_rfc3339("2023-01-01T00:00:00.000Z")
+                .unwrap()
+                .with_timezone(&Utc),
+        );
+        let response = generate_totp(key, time).unwrap();
+
+        assert_eq!(response.code, "194506".to_string());
+        assert_eq!(response.period, 30);
+    }
+
     #[test]
     fn test_generate_otpauth() {
         let key = "otpauth://totp/test-account?secret=WQIQ25BRKZYCJVYP".to_string();