tadfisher/pass-otp

OTP URL with port number results in error

Closed this issue · 1 comments

runejuhl commented

I just encountered an OTP URL with a HTTP port number, and that breaks pass-otp with a message like the following:

Cannot parse OTP key URI: otpauth://totp/some.domain.com:username@some.domain.com:443?secret=ABCDEF

The issue is obviously in the regex match:

  local pattern='^otpauth:\/\/(totp|hotp)(\/(([^:?]+)?(:([^:?]*))?))?\?(.+)$'
  [[ "$uri" =~ $pattern ]] || die "Cannot parse OTP key URI: $uri"

Removing the :443 from the OTP key URI makes everything work. Simply changing the character class for OTP URLs to allow a trailing (:[0-9]+)? should do the trick.

...and thank you for pass-otp! 😄

ccdd13 commented

pass-otp/otp.bash

Line 52 in cabf092

local pattern='^otpauth:\/\/(totp|hotp)(\/(([^:?]+)?(:([^:?]*))?))?\?(.+)$' 

@@ -49,7 +49,7 @@
uri="${uri//\`/%60}"
uri="${uri//\"/%22}"
-  local pattern='^otpauth:\/\/(totp|hotp)(\/(([^:?]+)?(:([^:?]*))?))?\?(.+)$'
+  local pattern='^otpauth:\/\/(totp|hotp)(\/(([^:?]+(:[0-9]+)?)?(:([^:?]*(:[0-9]+)?))?))?\?(.+)$'
[[ "$uri" =~ $pattern ]] || die "Cannot parse OTP key URI: $uri"
otp_uri=${BASH_REMATCH[0]}

tested against otpauth://totp/some.domain.com:username@some.domain.com:443?secret=ABCDEF