search

pyauth / pyotp

Python One-Time Password Library
https://pyauth.github.io/pyotp/
Other
2.96k stars 323 forks source link

Secret stripper #55

Closed wittrup closed 6 years ago

wittrup commented 6 years ago

Added function that strips secret string from all non base32 characters. As many Two-step-verification providers tend to show the secrets this way, i.e. "JBSW Y3DP EHPK 3PXP" instead of "JBSWY3DPEHPK3PXP" This feature make pyotp way easier to use with the console.

Fixed pull request #54 issues:

src/pyotp/otp.py:23:27: E261 at least two spaces before inline comment
src/pyotp/otp.py:23:121: E501 line too long (150 > 120 characters)
codecov-io commented 6 years ago

Codecov Report

Merging #55 into master will increase coverage by <.01%. The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #55      +/-   ##
==========================================
+ Coverage   98.46%   98.47%   +<.01%     
==========================================
  Files           8        8              
  Lines         326      328       +2     
==========================================
+ Hits          321      323       +2     
  Misses          5        5
Impacted Files Coverage Δ
setup.py 100% <ø> (ø) :arrow_up:
src/pyotp/otp.py 100% <100%> (ø) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 5418044...f9f4246. Read the comment docs.

kislyuk commented 6 years ago

Hi @wittrup, thank you for your pull request, and sorry it took me a while to get to reviewing it.

Most OTP secrets are expected to be transmitted via QR code. For situations where the code is copied verbatim, sanitizing input like this violates the principle of least surprise and is outside the scope of this library's functionality.

You are welcome to re-submit a PR that updates the package documentation with an appropriate recipe for how to sanitize user secret input.

In addition, please do not submit PRs that update the version number. The version is automatically managed by the release infrastructure in https://github.com/pyotp/pyotp/blob/master/common.mk.

tilkinsc commented 6 years ago

Maybe a pull request to add a function that sanitizes, which wouldn't violate that 'principle of least surprise'