New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reintroduce TOTP support #890
Reintroduce TOTP support #890
Conversation
While HOTP is a pain to add support for, TOTP is relatively easy and also the most commonly used variant. As per discussion in #806, it makes sense for us to add back TOTP at the very least as a reasonable middle path between maintainability for us and a healthy feature set for our users Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
* develop: Update Public Suffix List data (#888)
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Well kill me now, the click listener refuses to fire :D |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Good news: the tests have been verified with a separate app to be correct which means my Kotlin port of the Otp class works well |
* develop: UI fixups (#892)
Uhh this works now for some reason? @erayd @charvp @Helianthella here's a signed build to test the functionality and UX with: https://dl.msfjarvis.dev/share/aps_1.10.0-SNAPSHOT.apk |
Thanks! I've logged into a few sites, seems to work without a hitch. |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Will push this separately Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
I think this covers our bases well. If someone has more |
@msfjarvis Initial testing with that APK seems to work well - I've tested a number of different entries, and the generated codes were all correct. One comment - there is no option to view the generated OTP code; the only option is to copy it to the clipboard. For those who are logging in on a device that isn't their phone, that will cause problems. Displaying it in a similar manner to how the password and username are displayed would address that issue. |
Yeah that makes sense, will get on it. |
Thanks @FabianHenneke 🙂.
|
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
You can still manually copy it while editing so IMO our current setup is fine. I've made the change to drop |
Does that commit also drop |
No, just |
Not It's not a URL scheme, but rather a key / value line, similar to how the username is encoded. |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Ah yeah, accidentally typed |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
If I understand Base32 padding correctly (don't let me down Wikipedia), this test covers that case as well which means this is good to go now. |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
I implemented parsing otpauth URLs in pyotp, so maybe the unit tests there may help too: https://github.com/pyauth/pyotp/blob/master/test.py#L342 |
See also pyauth/pyotp#84 for the feature itself and the checks to ensure the URL meets the standards |
Thanks a lot, this is helpful! This gave me a couple ideas that I'll implement right now. |
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
This reverts commit 908d426.
@FabianHenneke reverted as per our discussion |
* develop: (62 commits) Scroll to files and enter folders when created (android-password-store#909) Run a treewide reformat (android-password-store#908) Improve how secrets and stored and used (android-password-store#907) Improve and refactor Autofill heuristics (android-password-store#905) Use PreferenceKeys file to manage SharedPreferences keys. (android-password-store#891) Revert "Support directly importing secrets" (android-password-store#904) Allow importing TOTP configuration through QR codes (android-password-store#903) Bump version Prepare release 1.9.2 update changelog Workaround to prevent crash on first run (android-password-store#898) Workaround to prevent crash on first run (android-password-store#898) Offer TOTP Autofill for OTP fields (android-password-store#899) Merge SshKeyGenFragment into its activity (android-password-store#897) Reintroduce TOTP support (android-password-store#890) Sync with release branch (android-password-store#896) build: bump version Prepare release 1.9.1 Backport Actions fixes (android-password-store#894) Rework GitHub Actions (android-password-store#893) ...
📢 Type of change
📜 Description
Re-introduces TOTP support backed by extensive automated tests.
💡 Motivation and Context
Users have been very unhappy about losing support for OTP features and while HOTP is very ugly to add,
TOTP is a relatively easier effort so as a good compromise between maintainability and user experience,
this PR reintroduces support for TOTP secrets.
💚 How did you test it?
Users are testing this with their TOTP secrets and reporting back with success, and all our unit and instrumentation tests pass.
📝 Checklist
🔮 Next steps
Follow the patterns established here to break more things down to testable units
📸 Screenshots / GIFs