'@' symbol in name argument of `build_uri` utility function

pyauth / pyotp

Python One-Time Password Library

https://pyauth.github.io/pyotp/

Other

2.97k stars 323 forks source link

'@' symbol in name argument of `build_uri` utility function #137

Closed mergenchik closed 2 years ago

mergenchik commented 2 years ago

https://github.com/pyauth/pyotp/blob/6568c1a83af8e0229f3c4b28d03552d601e2b7fe/src/pyotp/utils.py#L47

I am working on similar issue here, checked that you may have the same problem.

>>> from urllib.parse import quote
>>> quote('mergenchik@gmail.com')
'mergenchik%40gmail.com'

name should be URI encoded than URL.

kislyuk commented 2 years ago

Thanks for letting me know. In practice, all authenticators I am familiar with correctly decode URL-encoded OTP URIs, and I have never seen any reports of a practical issue related to this behavior before, so I'm going to close this for now. If you know of an application affected by this, please feel free to add that information.

mergenchik commented 2 years ago

I checked with Google Authenticator, it does not correctly decode it, which was reported by @rhysjtevans in issue 21. That's why I reported same issue here.

kislyuk commented 2 years ago

Google Authenticator works fine for me. Feel free to paste a complete reproduction of the steps you used.

mergenchik commented 2 years ago

sorry for bothering, issue is closed, in gotp, '@' was encoding as %2540, so it was twice encoded and that is the reason, in pyotp everything works fine :).