ente/lib/models/code.dart

import 'package:ente_auth/utils/totp_util.dart';

class Code {
  static const defaultDigits = 6;
  static const defaultPeriod = 30;

  int? generatedID;
  final String account;
  final String issuer;
  final int digits;
  final int period;
  final String secret;
  final Algorithm algorithm;
  final Type type;
  final String rawData;
  final int counter;
  bool? hasSynced;

  Code(
    this.account,
    this.issuer,
    this.digits,
    this.period,
    this.secret,
    this.algorithm,
    this.type,
    this.counter,
    this.rawData, {
    this.generatedID,
  });

  Code copyWith({
    String? account,
    String? issuer,
    int? digits,
    int? period,
    String? secret,
    Algorithm? algorithm,
    Type? type,
    int? counter,
  }) {
    final String updateAccount = account ?? this.account;
    final String updateIssuer = issuer ?? this.issuer;
    final int updatedDigits = digits ?? this.digits;
    final int updatePeriod = period ?? this.period;
    final String updatedSecret = secret ?? this.secret;
    final Algorithm updatedAlgo = algorithm ?? this.algorithm;
    final Type updatedType = type ?? this.type;
    final int updatedCounter = counter ?? this.counter;

    return Code(
      updateAccount,
      updateIssuer,
      updatedDigits,
      updatePeriod,
      updatedSecret,
      updatedAlgo,
      updatedType,
      updatedCounter,
      "otpauth://${updatedType.name}/" +
          updateIssuer +
          ":" +
          updateAccount +
          "?algorithm=${updatedAlgo.name}&digits=$updatedDigits&issuer=" +
          updateIssuer +
          "&period=$updatePeriod&secret=" +
          updatedSecret + (updatedType == Type.hotp ? "&counter=$updatedCounter" : ""),
      generatedID: generatedID,
    );
  }

  static Code fromAccountAndSecret(
    String account,
    String issuer,
    String secret,
  ) {
    return Code(
      account,
      issuer,
      defaultDigits,
      defaultPeriod,
      secret,
      Algorithm.sha1,
      Type.totp,
      0,
      "otpauth://totp/" +
          issuer +
          ":" +
          account +
          "?algorithm=SHA1&digits=6&issuer=" +
          issuer +
          "&period=30&secret=" +
          secret,
    );
  }

  static Code fromRawData(String rawData) {
    Uri uri = Uri.parse(rawData);
    try {
    return Code(
      _getAccount(uri),
      _getIssuer(uri),
      _getDigits(uri),
      _getPeriod(uri),
      getSanitizedSecret(uri.queryParameters['secret']!),
      _getAlgorithm(uri),
      _getType(uri),
      _getCounter(uri),
      rawData,
    );
    } catch(e) {
      // if account name contains # without encoding,
      // rest of the url are treated as url fragment
      if(rawData.contains("#")) {
        return Code.fromRawData(rawData.replaceAll("#", '%23'));
      } else {
        rethrow;
      }
    }
  }

  static String _getAccount(Uri uri) {
    try {
      String path = Uri.decodeComponent(uri.path);
      if (path.startsWith("/")) {
        path = path.substring(1, path.length);
      }
      // Parse account name from documented auth URI
      // otpauth://totp/ACCOUNT?secret=SUPERSECRET&issuer=SERVICE
      if (uri.queryParameters.containsKey("issuer") && !path.contains(":")) {
        return path;
      }
      return path.split(':')[1];
    } catch (e) {
      return "";
    }
  }

  static String _getIssuer(Uri uri) {
    try {
      if (uri.queryParameters.containsKey("issuer")) {
        String issuerName = uri.queryParameters['issuer']!;
        // Handle issuer name with period
        // See https://github.com/ente-io/auth/pull/77
        if (issuerName.contains("period=")) {
          return issuerName.substring(0, issuerName.indexOf("period="));
        }
        return issuerName;
      }
      final String path = Uri.decodeComponent(uri.path);
      return path.split(':')[0].substring(1);
    } catch (e) {
      return "";
    }
  }

  static int _getDigits(Uri uri) {
    try {
      return int.parse(uri.queryParameters['digits']!);
    } catch (e) {
      return defaultDigits;
    }
  }

  static int _getPeriod(Uri uri) {
    try {
      return int.parse(uri.queryParameters['period']!);
    } catch (e) {
      return defaultPeriod;
    }
  }

  static int _getCounter(Uri uri) {
    try {
      final bool hasCounterKey = uri.queryParameters.containsKey('counter');
      if (!hasCounterKey) {
        return 0;
      }
      return int.parse(uri.queryParameters['counter']!);
    } catch (e) {
      return defaultPeriod;
    }
  }

  static Algorithm _getAlgorithm(Uri uri) {
    try {
      final algorithm =
          uri.queryParameters['algorithm'].toString().toLowerCase();
      if (algorithm == "sha256") {
        return Algorithm.sha256;
      } else if (algorithm == "sha512") {
        return Algorithm.sha512;
      }
    } catch (e) {
      // nothing
    }
    return Algorithm.sha1;
  }

  static Type _getType(Uri uri) {
    if (uri.host == "totp") {
      return Type.totp;
    } else if (uri.host == "hotp") {
      return Type.hotp;
    }
    throw UnsupportedError("Unsupported format with host ${uri.host}");
  }

  @override
  bool operator ==(Object other) {
    if (identical(this, other)) return true;

    return other is Code &&
        other.account == account &&
        other.issuer == issuer &&
        other.digits == digits &&
        other.period == period &&
        other.secret == secret &&
        other.counter == counter &&
        other.type == type &&
        other.rawData == rawData;
  }

  @override
  int get hashCode {
    return account.hashCode ^
        issuer.hashCode ^
        digits.hashCode ^
        period.hashCode ^
        secret.hashCode ^
        type.hashCode ^
        counter.hashCode ^
        rawData.hashCode;
  }
}

enum Type {
  totp,
  hotp,
}

enum Algorithm {
  sha1,
  sha256,
  sha512,
}
Sanitize the secret 2022-11-11 14:21:54 +00:00			`import 'package:ente_auth/utils/totp_util.dart';`

Hello, world 2022-11-01 06:13:06 +00:00			`class Code {`
			`static const defaultDigits = 6;`
			`static const defaultPeriod = 30;`

Rename variable 2022-11-22 08:07:09 +00:00			`int? generatedID;`
Hello, world 2022-11-01 06:13:06 +00:00			`final String account;`
			`final String issuer;`
			`final int digits;`
			`final int period;`
			`final String secret;`
			`final Algorithm algorithm;`
			`final Type type;`
			`final String rawData;`
Add support for parsing counter 2023-08-01 10:20:28 +00:00			`final int counter;`
Add indicator for codes that haven't synced to remote yet 2022-11-15 12:14:04 +00:00			`bool? hasSynced;`
Hello, world 2022-11-01 06:13:06 +00:00
			`Code(`
			`this.account,`
			`this.issuer,`
			`this.digits,`
			`this.period,`
			`this.secret,`
			`this.algorithm,`
			`this.type,`
Add support for parsing counter 2023-08-01 10:20:28 +00:00			`this.counter,`
Hello, world 2022-11-01 06:13:06 +00:00			`this.rawData, {`
Rename variable 2022-11-22 08:07:09 +00:00			`this.generatedID,`
Hello, world 2022-11-01 06:13:06 +00:00			`});`

Fix bug in edit code 2023-04-30 03:58:25 +00:00			`Code copyWith({`
			`String? account,`
			`String? issuer,`
			`int? digits,`
			`int? period,`
			`String? secret,`
			`Algorithm? algorithm,`
			`Type? type,`
Add support for parsing counter 2023-08-01 10:20:28 +00:00			`int? counter,`
Fix bug in edit code 2023-04-30 03:58:25 +00:00			`}) {`
			`final String updateAccount = account ?? this.account;`
			`final String updateIssuer = issuer ?? this.issuer;`
			`final int updatedDigits = digits ?? this.digits;`
			`final int updatePeriod = period ?? this.period;`
			`final String updatedSecret = secret ?? this.secret;`
			`final Algorithm updatedAlgo = algorithm ?? this.algorithm;`
			`final Type updatedType = type ?? this.type;`
Add support for parsing counter 2023-08-01 10:20:28 +00:00			`final int updatedCounter = counter ?? this.counter;`
Fix bug in edit code 2023-04-30 03:58:25 +00:00
			`return Code(`
			`updateAccount,`
			`updateIssuer,`
			`updatedDigits,`
			`updatePeriod,`
			`updatedSecret,`
			`updatedAlgo,`
			`updatedType,`
Add support for parsing counter 2023-08-01 10:20:28 +00:00			`updatedCounter,`
Fix bug in edit code 2023-04-30 03:58:25 +00:00			`"otpauth://${updatedType.name}/" +`
			`updateIssuer +`
			`":" +`
			`updateAccount +`
			`"?algorithm=${updatedAlgo.name}&digits=$updatedDigits&issuer=" +`
			`updateIssuer +`
			`"&period=$updatePeriod&secret=" +`
Add support for incrementing hotp counter 2023-08-01 12:04:58 +00:00			`updatedSecret + (updatedType == Type.hotp ? "&counter=$updatedCounter" : ""),`
Fix bug in edit code 2023-04-30 03:58:25 +00:00			`generatedID: generatedID,`
			`);`
			`}`

Rename variable 2022-11-22 08:07:09 +00:00			`static Code fromAccountAndSecret(`
			`String account,`
			`String issuer,`
			`String secret,`
			`) {`
Hello, world 2022-11-01 06:13:06 +00:00			`return Code(`
			`account,`
Add the ability to add and edit issuers 2022-11-22 07:53:06 +00:00			`issuer,`
Hello, world 2022-11-01 06:13:06 +00:00			`defaultDigits,`
			`defaultPeriod,`
			`secret,`
			`Algorithm.sha1,`
			`Type.totp,`
Add support for parsing counter 2023-08-01 10:20:28 +00:00			`0,`
Hello, world 2022-11-01 06:13:06 +00:00			`"otpauth://totp/" +`
Add the ability to add and edit issuers 2022-11-22 07:53:06 +00:00			`issuer +`
Hello, world 2022-11-01 06:13:06 +00:00			`":" +`
			`account +`
			`"?algorithm=SHA1&digits=6&issuer=" +`
Add the ability to add and edit issuers 2022-11-22 07:53:06 +00:00			`issuer +`
Fix typo 2023-03-21 08:46:40 +00:00			`"&period=30&secret=" +`
Hello, world 2022-11-01 06:13:06 +00:00			`secret,`
			`);`
			`}`

			`static Code fromRawData(String rawData) {`
			`Uri uri = Uri.parse(rawData);`
Fix: Handle # value in the account name 2023-07-13 15:02:57 +00:00			`try {`
Hello, world 2022-11-01 06:13:06 +00:00			`return Code(`
			`_getAccount(uri),`
			`_getIssuer(uri),`
			`_getDigits(uri),`
			`_getPeriod(uri),`
Sanitize the secret 2022-11-11 14:21:54 +00:00			`getSanitizedSecret(uri.queryParameters['secret']!),`
Hello, world 2022-11-01 06:13:06 +00:00			`_getAlgorithm(uri),`
			`_getType(uri),`
Add support for parsing counter 2023-08-01 10:20:28 +00:00			`_getCounter(uri),`
Hello, world 2022-11-01 06:13:06 +00:00			`rawData,`
			`);`
Fix: Handle # value in the account name 2023-07-13 15:02:57 +00:00			`} catch(e) {`
			`// if account name contains # without encoding,`
			`// rest of the url are treated as url fragment`
			`if(rawData.contains("#")) {`
			`return Code.fromRawData(rawData.replaceAll("#", '%23'));`
			`} else {`
			`rethrow;`
			`}`
			`}`
Hello, world 2022-11-01 06:13:06 +00:00			`}`

			`static String _getAccount(Uri uri) {`
			`try {`
Fix parsing and add tests 2023-04-03 06:58:27 +00:00			`String path = Uri.decodeComponent(uri.path);`
			`if (path.startsWith("/")) {`
			`path = path.substring(1, path.length);`
			`}`
Fix: Parsing of account name 2023-04-03 06:43:43 +00:00			`// Parse account name from documented auth URI`
			`// otpauth://totp/ACCOUNT?secret=SUPERSECRET&issuer=SERVICE`
			`if (uri.queryParameters.containsKey("issuer") && !path.contains(":")) {`
			`return path;`
			`}`
Fix: Url decode the path value 2023-01-28 12:57:59 +00:00			`return path.split(':')[1];`
Hello, world 2022-11-01 06:13:06 +00:00			`} catch (e) {`
			`return "";`
			`}`
			`}`

			`static String _getIssuer(Uri uri) {`
			`try {`
Read issuer name from query params 2023-03-21 09:07:47 +00:00			`if (uri.queryParameters.containsKey("issuer")) {`
Handle bad issuerName 2023-04-03 06:40:32 +00:00			`String issuerName = uri.queryParameters['issuer']!;`
			`// Handle issuer name with period`
			`// See https://github.com/ente-io/auth/pull/77`
			`if (issuerName.contains("period=")) {`
			`return issuerName.substring(0, issuerName.indexOf("period="));`
			`}`
Fix parsing and add tests 2023-04-03 06:58:27 +00:00			`return issuerName;`
Read issuer name from query params 2023-03-21 09:07:47 +00:00			`}`
Fix: Url decode the path value 2023-01-28 12:57:59 +00:00			`final String path = Uri.decodeComponent(uri.path);`
			`return path.split(':')[0].substring(1);`
Hello, world 2022-11-01 06:13:06 +00:00			`} catch (e) {`
			`return "";`
			`}`
			`}`

			`static int _getDigits(Uri uri) {`
			`try {`
			`return int.parse(uri.queryParameters['digits']!);`
			`} catch (e) {`
			`return defaultDigits;`
			`}`
			`}`

			`static int _getPeriod(Uri uri) {`
			`try {`
			`return int.parse(uri.queryParameters['period']!);`
			`} catch (e) {`
			`return defaultPeriod;`
			`}`
			`}`

Add support for parsing counter 2023-08-01 10:20:28 +00:00			`static int _getCounter(Uri uri) {`
			`try {`
			`final bool hasCounterKey = uri.queryParameters.containsKey('counter');`
			`if (!hasCounterKey) {`
			`return 0;`
			`}`
			`return int.parse(uri.queryParameters['counter']!);`
			`} catch (e) {`
			`return defaultPeriod;`
			`}`
			`}`

Hello, world 2022-11-01 06:13:06 +00:00			`static Algorithm _getAlgorithm(Uri uri) {`
			`try {`
			`final algorithm =`
			`uri.queryParameters['algorithm'].toString().toLowerCase();`
			`if (algorithm == "sha256") {`
			`return Algorithm.sha256;`
			`} else if (algorithm == "sha512") {`
			`return Algorithm.sha512;`
			`}`
			`} catch (e) {`
			`// nothing`
			`}`
			`return Algorithm.sha1;`
			`}`

			`static Type _getType(Uri uri) {`
Fix incorrect 2fa type detection 2023-02-04 19:32:16 +00:00			`if (uri.host == "totp") {`
			`return Type.totp;`
			`} else if (uri.host == "hotp") {`
			`return Type.hotp;`
			`}`
			`throw UnsupportedError("Unsupported format with host ${uri.host}");`
Hello, world 2022-11-01 06:13:06 +00:00			`}`

			`@override`
			`bool operator ==(Object other) {`
			`if (identical(this, other)) return true;`

			`return other is Code &&`
			`other.account == account &&`
			`other.issuer == issuer &&`
			`other.digits == digits &&`
			`other.period == period &&`
			`other.secret == secret &&`
Add support for incrementing hotp counter 2023-08-01 12:04:58 +00:00			`other.counter == counter &&`
Hello, world 2022-11-01 06:13:06 +00:00			`other.type == type &&`
			`other.rawData == rawData;`
			`}`

			`@override`
			`int get hashCode {`
			`return account.hashCode ^`
			`issuer.hashCode ^`
			`digits.hashCode ^`
			`period.hashCode ^`
			`secret.hashCode ^`
			`type.hashCode ^`
Add support for incrementing hotp counter 2023-08-01 12:04:58 +00:00			`counter.hashCode ^`
Hello, world 2022-11-01 06:13:06 +00:00			`rawData.hashCode;`
			`}`
			`}`

			`enum Type {`
			`totp,`
			`hotp,`
			`}`

			`enum Algorithm {`
			`sha1,`
			`sha256,`
			`sha512,`
			`}`