chore: Validate the TOTP secret string

This commit is contained in:
Awiteb 2024-05-19 04:27:09 +03:00
parent 00694e6f86
commit 0680189723
Signed by: awiteb
GPG key ID: 3F6B55640AA6682F
2 changed files with 22 additions and 6 deletions

View file

@ -19,7 +19,7 @@ use clap::Args;
use crate::{ use crate::{
clap_parsers, clap_parsers,
utils, utils,
vault::{Vault, Vaults}, vault::{cipher, Vault, Vaults},
LprsCommand, LprsCommand,
LprsError, LprsError,
LprsResult, LprsResult,
@ -64,10 +64,16 @@ impl Add {
impl LprsCommand for Add { impl LprsCommand for Add {
fn run(mut self, mut vault_manager: Vaults) -> LprsResult<()> { fn run(mut self, mut vault_manager: Vaults) -> LprsResult<()> {
if !self.is_empty() { if !self.is_empty() {
if let Some(totp_secret) = utils::user_secret(self.totp_secret, "TOTP Secret:", false)?
{
cipher::base32_decode(&totp_secret).map_err(|_| {
LprsError::Base32("Invalid TOTP secret, must be valid base32 string".to_owned())
})?;
self.vault_info.totp_secret = Some(totp_secret);
}
self.vault_info.name = self.vault_info.name.trim().to_string(); self.vault_info.name = self.vault_info.name.trim().to_string();
self.vault_info.password = utils::user_secret(self.password, "Vault password:", false)?; self.vault_info.password = utils::user_secret(self.password, "Vault password:", false)?;
self.vault_info.totp_secret =
utils::user_secret(self.totp_secret, "TOTP Secret:", false)?;
self.vault_info.custom_fields = self.custom_fields.into_iter().collect(); self.vault_info.custom_fields = self.custom_fields.into_iter().collect();
vault_manager.add_vault(self.vault_info); vault_manager.add_vault(self.vault_info);
vault_manager.try_export()?; vault_manager.try_export()?;

View file

@ -16,7 +16,14 @@
use clap::Args; use clap::Args;
use crate::{clap_parsers, utils, vault::Vaults, LprsCommand, LprsError, LprsResult}; use crate::{
clap_parsers,
utils,
vault::{cipher, Vaults},
LprsCommand,
LprsError,
LprsResult,
};
#[derive(Debug, Args)] #[derive(Debug, Args)]
#[command(author, version, about, long_about = None)] #[command(author, version, about, long_about = None)]
@ -79,8 +86,11 @@ impl LprsCommand for Edit {
if self.password.is_some() { if self.password.is_some() {
vault.password = utils::user_secret(self.password, "New vault password:", false)?; vault.password = utils::user_secret(self.password, "New vault password:", false)?;
} }
if self.totp_secret.is_some() { if let Some(totp_secret) = utils::user_secret(self.totp_secret, "TOTP Secret:", false)? {
vault.totp_secret = utils::user_secret(self.totp_secret, "TOTP Secret:", false)?; cipher::base32_decode(&totp_secret).map_err(|_| {
LprsError::Base32("Invalid TOTP secret, must be valid base32 string".to_owned())
})?;
vault.totp_secret = Some(totp_secret);
} }
if let Some(new_username) = self.username { if let Some(new_username) = self.username {
vault.username = Some(new_username); vault.username = Some(new_username);