2FAS/2fas-ios
1
0
Fork 0
mirror of https://github.com/twofas/2fas-ios.git synced 2024-11-23 02:40:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

TF-1020 Fixes for secret sanitization

Browse Source
This commit is contained in:
Zbigniew Cisiński 2023-01-23 21:01:37 +01:00
parent e5dca70a6e
commit c9c0484603
4 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TwoFAS/CodeSupport/Code+GoogleAuth.swift
View File

@ -34,7 +34,7 @@ extension Code {
else { return nil }
return unpacked.otpParameters.compactMap { param -> Code? in
guard let secret = param.secretValue else { return nil }
guard let secret = param.secretValue?.sanitazeSecret(), secret.isValidSecret() else { return nil }
let digits: Digits = {
if let value = param.digitsValue {
return value

3
TwoFAS/CodeSupport/CodeParser.swift
View File

@ -44,8 +44,7 @@ final class CodeParser {
guard let secret = items.find(forType: .secret(""))?
.value
.trimmingCharacters(in: .init(charactersIn: "="))
.uppercased(),
.sanitazeSecret(),
secret.isValidSecret()
else { return nil }

7
TwoFAS/Common/String+.swift
View File

@ -74,7 +74,9 @@ public extension String {
let chars = Array(self)
for char in chars {
if char.isASCII && (char.isLetter || char.isNumber || char.isPadding) {
// valid
if let num = Int(String(char)), char.isNumber, num < 2 || num > 7 {
return false
}
} else {
return false
}
@ -87,7 +89,8 @@ public extension String {
}
func sanitazeSecret() -> String {
replacingOccurrences(of: " ", with: "")
trimmingCharacters(in: .init(charactersIn: "="))
.replacingOccurrences(of: " ", with: "")
.replacingOccurrences(of: "\\", with: "")
.replacingOccurrences(of: "-", with: "")
.uppercased()

19
TwoFAS/TwoFAS/Interactors/ImportFromFileInteractor.swift
View File

@ -178,7 +178,7 @@ extension ImportFromFileInteractor: ImportFromFileInteracting {
let date = Date()
return services
.sorted { $0.order.position < $1.order.position }
.map { item in
.compactMap { item in
let modificationDate: Date = {
guard let updatedAt = item.updatedAt else { return date }
return Date(timeIntervalSince1970: TimeInterval(Double(updatedAt) / 1000.0))
@ -218,9 +218,12 @@ extension ImportFromFileInteractor: ImportFromFileInteracting {
return secID
}()
let secret = item.secret.sanitazeSecret()
guard secret.isValidSecret() else { return nil }
return ServiceData(
name: item.name.sanitazeName(),
secret: item.secret.sanitazeSecret(),
secret: secret,
serviceTypeID: serviceDefinitionInteractor.findLegacyService(using: item.type),
additionalInfo: item.otp.account,
rawIssuer: item.otp.issuer,
@ -251,7 +254,7 @@ extension ImportFromFileInteractor: ImportFromFileInteracting {
let date = Date()
return services
.sorted { $0.order.position < $1.order.position }
.map { item in
.compactMap { item in
let modificationDate: Date = {
guard let updatedAt = item.updatedAt else { return date }
return Date(timeIntervalSince1970: TimeInterval(Double(updatedAt) / 1000.0))
@ -298,9 +301,12 @@ extension ImportFromFileInteractor: ImportFromFileInteracting {
return secID
}()
let secret = item.secret.sanitazeSecret()
guard secret.isValidSecret() else { return nil }
return ServiceData(
name: item.name.sanitazeName(),
secret: item.secret.sanitazeSecret(),
secret: secret,
serviceTypeID: itemServiceTypeID,
additionalInfo: item.otp.account,
rawIssuer: item.otp.issuer,
@ -353,10 +359,13 @@ extension ImportFromFileInteractor: ImportFromFileInteracting {
period = periodParsed
}
let secret = entry.info.secret.sanitazeSecret()
guard secret.isValidSecret() else { return nil }
let serviceDef = serviceDefinitionInteractor.findService(using: entry.issuer)
return ServiceData(
name: entry.name.sanitazeName(),
secret: entry.info.secret.sanitazeSecret(),
secret: secret,
serviceTypeID: serviceDef?.serviceTypeID,
additionalInfo: entry.note,
rawIssuer: entry.issuer,