search

tadfisher / pass-otp

A pass extension for managing one-time-password (OTP) tokens
GNU General Public License v3.0
1.28k stars 85 forks source link

OTP URL with port number results in error #144

Closed runejuhl closed 2 years ago

runejuhl commented 3 years ago

I just encountered an OTP URL with a HTTP port number, and that breaks pass-otp with a message like the following:

Cannot parse OTP key URI: otpauth://totp/some.domain.com:username@some.domain.com:443?secret=ABCDEF

The issue is obviously in the regex match:

  local pattern='^otpauth:\/\/(totp|hotp)(\/(([^:?]+)?(:([^:?]*))?))?\?(.+)$'
  [[ "$uri" =~ $pattern ]] || die "Cannot parse OTP key URI: $uri"

Removing the :443 from the OTP key URI makes everything work. Simply changing the character class for OTP URLs to allow a trailing (:[0-9]+)? should do the trick.

...and thank you for pass-otp! :smile:

ccdd13 commented 3 years ago

https://github.com/tadfisher/pass-otp/blob/cabf09206d598fde7c9ae8f4795b834d2cf2b0ed/otp.bash#L52

@@ -49,7 +49,7 @@
uri="${uri//\`/%60}"
uri="${uri//\"/%22}"
-  local pattern='^otpauth:\/\/(totp|hotp)(\/(([^:?]+)?(:([^:?]*))?))?\?(.+)$'
+  local pattern='^otpauth:\/\/(totp|hotp)(\/(([^:?]+(:[0-9]+)?)?(:([^:?]*(:[0-9]+)?))?))?\?(.+)$'
[[ "$uri" =~ $pattern ]] || die "Cannot parse OTP key URI: $uri"
otp_uri=${BASH_REMATCH[0]}

tested against otpauth://totp/some.domain.com:username@some.domain.com:443?secret=ABCDEF