Apps/MobileApp
2
1
Fork 0
Code Issues Pull Requests Releases 5 Wiki Activity

Add Base32 validation, better URL entity decoding

Browse Source
This commit is contained in:
Skylar Ittner 2017-12-09 22:34:01 -07:00
parent 01ba58322d
commit 88dbc75f5d
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
www/views/addotp.html
View File

@ -55,6 +55,12 @@
navigator.notification.alert("Missing secret key.", null, "Error", 'Dismiss'); navigator.notification.alert("Missing secret key.", null, "Error", 'Dismiss');
return; return;
} }
key = key.toUpperCase();
/* Thanks to https://stackoverflow.com/a/27362880 for the regex */
if (!key.match(/^(?:[A-Z2-7]{8})*(?:[A-Z2-7]{2}={6}|[A-Z2-7]{4}={4}|[A-Z2-7]{5}={3}|[A-Z2-7]{7}=)?$/)) {
navigator.notification.alert("Secret key is not valid base32.", null, "Error", 'Dismiss');
return;
}
if (label == "") { if (label == "") {
navigator.notification.alert("Missing label.", null, "Error", 'Dismiss'); navigator.notification.alert("Missing label.", null, "Error", 'Dismiss');
return; return;
@ -112,6 +118,14 @@
return; return;
} }
} }
try {
secret = decodeURIComponent(secret);
issuer = decodeURIComponent(issuer);
label = decodeURIComponent(label);
} catch (e) {
navigator.notification.alert("Could not decode OTP URI.", null, "Error", 'Dismiss');
return;
}
addOTP(secret, label, issuer); addOTP(secret, label, issuer);
} }
}, },