Closed barathrm closed 1 year ago
thanks for testing that @barathrm ! i'll give it a look
I think one issue might be time, is there a way to display the current time the Mooltipass has on file?
I don't think the internal time is an issue here, since OTP works when requesting an OTP code manually via the minible's scroll wheel and display. It just doesn't work when requesting an OTP code via the HID protocol message https://github.com/mooltipass/minible/wiki/Mooltipass-Protocol#0x0041-get-totp-code. Note that this message isn't actually used by moolticute or the browser extension yet (last I checked), I tested this manually with my own application.
one thing that might be worth checking is if the index is borked somewhere on the way.
e.g. 1) make a clean db with a few entries and get the TOTPs via HID, important: note the times when obtained. 2) make the TOTPs manually with the same params, and see if they are perhaps moved
you can equally try this on the database you already have but moolticute doesnt let you export your seeds (usually it isnt a good idea anyway)
sorry I should have gotten to this sooner... will try to tackle it next week :/
I can't believe it took me that long :/
I can't believe it took me that long :/
Don't worry about that, we all have lives! :) And thank you! Can't wait to test :grin:
the recently released moolticute does have the feature, bundle v13 and the upcoming extension will implement the rest. However i still prefer the "display totp after login" setting :)
cool, cant wait for v13
bundle v13 is available at https://beta-updates.themooltipass.com/ , extension to be released in a week or so :)
Finally tested this, works great :)
Expected behavior
The TOTP codes you get from this message should be valid and the same as when you request a code manually from the minible via the scroll wheel.
Actual behavior
The get TOTP code message returns codes which don't work. It's a bit tricky to do, but the OTP codes you get from this message don't seem to be the same as the codes you get by manually requesting TOTP codes from the minible.
Step by step guide to reproduce the problem
Use moolticuted + json WS requests to ask for TOTP tokens for a service. Test the token.
One can also enable
Display TOTP After Login Into Website
, then requesting a login. You'll see how long a token is valid, so you can time it to request a token via the new protocol message within that time. The tokens seem to be different.Firmware Version
AUX MCU version: 0.73 Main MCU version: 0.84 Bundle version: 12
Moolticute Version - If Involved'
1.00.1, but also tested manually sending the request via usb.
Operating System
Mention if you are using either:
Linux
I'm attaching a simple python script to test TOTP with. It connets to moolticuted, asks for a TOTP token and then a credential. You can run it with
./wstest.py <service> <login>
. wstest.py.txt