[fix] URL - Various fixes for otpauthURL

- Convert secret to base32 before constructing query - Default encoding to ASCII (used to be null, couldn't be passed into new Buffer()) - Fix call from generateSecret() to otpauthURL() to specify ascii - Added new test for correct conversion for ASCII to Base32 in otpauthURL()
speakeasyjs · Jan 24, 2016 · 5331938 · 5331938
1 parent cd14b0f
commit 5331938
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 8 deletions.
diff --git a/index.js b/index.js
@@ -408,7 +408,7 @@ exports.generateSecret = function generateSecret (options) {
   // options
   if (!options) options = {};
   var length = options.length || 32;
-  var name = encodeURIComponent(options.name) || 'SecretKey';
+  var name = encodeURIComponent(options.name || 'SecretKey');
   var qr_codes = options.qr_codes || false;
   var google_auth_qr = options.google_auth_qr || false;
   var otpauth_url = options.otpauth_url != null ? options.otpauth_url : true;
@@ -439,8 +439,8 @@ exports.generateSecret = function generateSecret (options) {
   // add in the Google Authenticator-compatible otpauth URL
   if (otpauth_url) {
     SecretKey.otpauth_url = exports.otpauthURL({
-      secret: SecretKey.base32,
-      label: name
+      secret: SecretKey.ascii,
+      label: name,
     });
   }
 
@@ -528,7 +528,7 @@ exports.otpauthURL = function otpauthURL (options) {
   var algorithm = options.algorithm;
   var digits = options.digits;
   var period = options.period;
-  var encoding = options.encoding;
+  var encoding = options.encoding || 'ascii';
 
   // validate type
   switch (type) {
@@ -548,6 +548,10 @@ exports.otpauthURL = function otpauthURL (options) {
     throw new Error('missing counter value for HOTP');
   }
 
+  // convert secret to base32
+  if (encoding !== 'base32') secret = new Buffer(secret, encoding);
+  if (Buffer.isBuffer(secret)) secret = base32.encode(secret);
+
   // build query while validating
   var query = {secret: secret};
   if (issuer) query.issuer = issuer;
@@ -586,10 +590,6 @@ exports.otpauthURL = function otpauthURL (options) {
     query.period = period;
   }
 
-  // convert secret to base32
-  if (encoding !== 'base32') secret = new Buffer(secret, encoding);
-  if (Buffer.isBuffer(secret)) secret = base32.encode(secret);
-
   // return url
   return url.format({
     protocol: 'otpauth',

diff --git a/test/url_test.js b/test/url_test.js
@@ -174,4 +174,17 @@ describe('#url', function () {
       url.parse(expect)
     );
   });
+
+  it('should generate an URL compatible with the Google Authenticator app and convert an ASCII-encoded string', function () {
+    var answer = speakeasy.otpauthURL({
+      secret: 'MKiNHTvmfQ',
+      label: 'Example:alice@google.com',
+      issuer: 'Example'
+    });
+    var expect = 'otpauth://totp/Example:alice@google.com?secret=JVFWSTSIKR3G2ZSR&issuer=Example';
+    assert.deepEqual(
+      url.parse(answer),
+      url.parse(expect)
+    );
+  });
 });