From 81fcbac0ec51c1b60fe30ae862321da2c71fa689 Mon Sep 17 00:00:00 2001 From: Neeraj Gupta <254676+ua741@users.noreply.github.com> Date: Thu, 10 Aug 2023 11:59:19 +0530 Subject: [PATCH 1/2] Fix: use safeDecode while decoding account & issuer --- lib/onboarding/view/setup_enter_secret_key_page.dart | 4 ++-- lib/ui/code_widget.dart | 9 --------- lib/utils/totp_util.dart | 11 +++++++++++ 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/lib/onboarding/view/setup_enter_secret_key_page.dart b/lib/onboarding/view/setup_enter_secret_key_page.dart index 4d0aab9ec..5a72f9cb4 100644 --- a/lib/onboarding/view/setup_enter_secret_key_page.dart +++ b/lib/onboarding/view/setup_enter_secret_key_page.dart @@ -23,12 +23,12 @@ class _SetupEnterSecretKeyPageState extends State { void initState() { _issuerController = TextEditingController( text: widget.code != null - ? Uri.decodeFull(widget.code!.issuer).trim() + ? safeDecode(widget.code!.issuer).trim() : null, ); _accountController = TextEditingController( text: widget.code != null - ? Uri.decodeFull(widget.code!.account).trim() + ? safeDecode(widget.code!.account).trim() : null, ); _secretController = TextEditingController( diff --git a/lib/ui/code_widget.dart b/lib/ui/code_widget.dart index 09b81f559..85f78b05b 100644 --- a/lib/ui/code_widget.dart +++ b/lib/ui/code_widget.dart @@ -306,15 +306,6 @@ class _CodeWidgetState extends State { ); } - String safeDecode(String value) { - try { - return Uri.decodeComponent(value); - } catch (e) { - // note: don't log the value, it might contain sensitive information - logger.severe("Failed to decode", e); - return value; - } - } String _getCurrentOTP() { try { diff --git a/lib/utils/totp_util.dart b/lib/utils/totp_util.dart index d76318280..a49448524 100644 --- a/lib/utils/totp_util.dart +++ b/lib/utils/totp_util.dart @@ -1,4 +1,5 @@ import 'package:ente_auth/models/code.dart'; +import 'package:flutter/foundation.dart'; import 'package:otp/otp.dart' as otp; String getOTP(Code code) { @@ -50,3 +51,13 @@ otp.Algorithm _getAlgorithm(Code code) { String getSanitizedSecret(String secret) { return secret.toUpperCase().trim().replaceAll(' ', ''); } + +String safeDecode(String value) { + try { + return Uri.decodeComponent(value); + } catch (e) { + // note: don't log the value, it might contain sensitive information + debugPrint("Failed to decode $e"); + return value; + } +} \ No newline at end of file From 7d5bbfdadd5f12f6f66d93fa9d0a115652e67204 Mon Sep 17 00:00:00 2001 From: Neeraj Gupta <254676+ua741@users.noreply.github.com> Date: Thu, 10 Aug 2023 12:25:47 +0530 Subject: [PATCH 2/2] Add test --- test/models/code_test.dart | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/models/code_test.dart b/test/models/code_test.dart index 9a0d18e03..30ea23a4f 100644 --- a/test/models/code_test.dart +++ b/test/models/code_test.dart @@ -39,4 +39,16 @@ void main() { expect(code.account, "Acc !@#444", reason: "accountMismatch"); expect(code.secret, "NI4CTTFEV4G2JFE6"); }); + + test("parseAndUpdateInChinese", () { + const String rubberDuckQr = + 'otpauth://totp/%E6%A9%A1%E7%9A%AE%E9%B8%AD?secret=2CWDCK4EOIN5DJDRMYUMYBBO4MKSR5AX&issuer=ente.io'; + final code = Code.fromRawData(rubberDuckQr); + expect(code.account, '橡皮鸭'); + final String updatedRawCode = + code.copyWith(account: '伍迪', issuer: '鸭子').rawData; + final updateCode = Code.fromRawData(updatedRawCode); + expect(updateCode.account, '伍迪', reason: 'updated accountMismatch'); + expect(updateCode.issuer, '鸭子', reason: 'updated issuerMismatch'); + }); }