Main table fails to load values after adding Amazon account to OTP Manager

[smarwei]

Environment:

• Nextcloud Version: 27.1.2
• OTP Manager Version: 0.3.0
• Operating System: Linux
• Browser: Firefox 118.0.1

After adding my third account to OTP Manager (Amazon), the main table showing the does not load any values any more. (Just an infinite loading animation) This happens on both, Android client and Webinterface. The /apps/otpmanager/accounts requests seems to work fine (returns all my Accounts), but I get a JavaScript exception:

Uncaught (in promise) TypeError: Invalid character found:
QC otpauth.esm.js:857 fromBase32 otpauth.esm.js:1054 eO otpauth.esm.js:1389 nO generateCodes.js:24 Ik AccountsTable.js:41 Ik AccountsTable.js:52 React 7 x scheduler.production.min.js:13 M scheduler.production.min.js:14

task.js:61 F task.js:35 k task.js:46 20261 task.js:84 Webpack 13 otpauth.esm.js:857:26 Ik AccountsTable.js:50 InterpretGeneratorResume self-hosted:1469 AsyncFunctionNext self-hosted:852 (Async: async) Ik AccountsTable.js:52 React 7 x scheduler.production.min.js:13 M scheduler.production.min.js:14 apply self-hosted:2287 task.js:61 F task.js:35 k task.js:46 (Async: EventHandlerNonNull) 20261 task.js:84 Webpack 13 I noticed that the secret for the Amazon account is significantly longer than the secrets for the other accounts. It also contains characters not present in the other secrets. I suspect I might have saved the wrong value as the secret. It looks similar to this: 12AbXyZJnUVwa3bJKL4rOPQRstUVWXyz8abcDeFGhijK56mnOpQRstUVWXyz8abcDeFGhijKlmNO1PQRstUVWXyz8abcDeF=

[matteo-convertino]

Hi smarwei, reading the error on the line where it says fromBase32 otpauth, I can understand that the decryption phase (where I think the problem may be) of the secret key was managed. The error is given when it tries to generate the totp code because the secret key it receives appears not to be in base32. This is quite strange because when you add a new account if you try to enter a secret key that is not correctly base32 it should block you from doing so. A temporary solution that I can give you is to manually delete the Amazon account that is giving you problems from the oc_otpmanager_accounts table in the db. In the meantime, I just ask you to check (even with an online tool) whether the secret key that Amazon gives you is a valid base32 string, and if so (and if the problem has been solved in this way), try adding it again to OTP Manager.

Did you always add the other two accounts you added previously with version 0.3.0? They didn't give you any problems?

[smarwei]

After removing the Amazon account, I can no longer reproduce the issue. However, the Android app on my phone was updated today. If the previous version of the Android app didn't correctly verify the secret, that might have been the cause. Amazon displays the secret with spaces, which I had to remove before it was accepted by the Android client.

[matteo-convertino]

That's right, the previous version of the app didn't check the validity of the base 32 encoding of the secret key when you added it manually. Given the spaces present in the secret key then the problem was most likely due to this. However, I'm happy that the problem hasn't recurred again and I'm sorry if I had to have you manually delete the account from the table. If you encounter the problem again, don't hesitate to reopen the issue.