Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #8 from dvrensk/master

Bug fix: TOTP#verify_with_drift produced wrong result when drift was not
  • Loading branch information...
commit 27020acc01cc72afccbbb77d57eb202891a05ca7 2 parents 7700314 + a11b94c
@mdp authored
Showing with 13 additions and 3 deletions.
  1. +4 −2 lib/rotp/totp.rb
  2. +9 −1 spec/totp_spec.rb
View
6 lib/rotp/totp.rb
@@ -38,8 +38,10 @@ def verify(otp, time = Time.now)
# @param [Integer] drift the number of seconds that the client
# and server are allowed to drift apart
def verify_with_drift(otp, drift, time = Time.now)
- drift_intervals = drift / interval
- (-drift_intervals..drift_intervals).any? { |n| verify(otp, time + n * interval) }
+ time = time.to_i
+ times = (time-drift..time+drift).step(interval).to_a
+ times << time + drift if times.last < time + drift
+ times.any? { |ti| verify(otp, ti) }
end
# Returns the provisioning URI for the OTP
View
10 spec/totp_spec.rb
@@ -26,10 +26,18 @@
subject.verify_with_drift(subject.at(@now - 30), 60, @now).should be_true
end
it "should verify a slightly new number" do
- subject.verify_with_drift(subject.at(@now - 60), 60, @now).should be_true
+ subject.verify_with_drift(subject.at(@now + 60), 60, @now).should be_true
end
it "should reject a number that is outside the allowed drift" do
subject.verify_with_drift(subject.at(@now - 60), 30, @now).should be_false
end
+ context "with drift that is not a multiple of the TOTP interval" do
+ it "should verify a slightly old number" do
+ subject.verify_with_drift(subject.at(@now - 45), 45, @now).should be_true
+ end
+ it "should verify a slightly new number" do
+ subject.verify_with_drift(subject.at(@now + 40), 40, @now).should be_true
+ end
+ end
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.