Catch exception during Base32 decoding process (#96)

* Catch exception during Base32 decoding process * Tests added

Catch exception during Base32 decoding process (#96)
* Catch exception during Base32 decoding process * Tests added
26d19c0b · Spomky · GitHub · 84d0ac40 · 26d19c0b · 26d19c0b
Unverified Commit 26d19c0b authored 7 years ago by Spomky Committed by GitHub 7 years ago
Hide whitespace changes
Inline Side-by-side

Showing

with 33 additions and 5 deletions
+33 -5
--- a/src/HOTP.php
+++ b/src/HOTP.php
@@ -39,7 +39,7 @@ final class HOTP extends OTP implements HOTPInterface
     *
     * @return self
     */
-    public static function create(?string $secret = null, int $counter = 0, string $digest = 'sha1', int $digits = 6): HOTP
+    public static function create(?string $secret = null, int $counter = 0, string $digest = 'sha1', int $digits = 6): self
    {
        return new self($secret, $counter, $digest, $digits);
    }
@@ -119,7 +119,7 @@ final class HOTP extends OTP implements HOTPInterface
    {
        $window = $this->getWindow($window);

-        for ($i = $counter; $i <= $counter + $window; ++$i) {
+        for ($i = $counter; $i <= $counter + $window; $i++) {
            if ($this->compareOTP($this->at($i), $otp)) {
                $this->updateCounter($i + 1);


--- a/src/OTP.php
+++ b/src/OTP.php
@@ -108,7 +108,11 @@ abstract class OTP implements OTPInterface
     */
    private function getDecodedSecret(): string
    {
-        $secret = Base32::decodeUpper($this->getSecret());
+        try {
+            $secret = Base32::decodeUpper($this->getSecret());
+        } catch (\Exception $e) {
+            throw new \RuntimeException('Unable to decode the secret. Is it correctly base32 encoded?');
+        }

        return $secret;
    }

--- a/src/TOTP.php
+++ b/src/TOTP.php
@@ -41,7 +41,7 @@ final class TOTP extends OTP implements TOTPInterface
     *
     * @return self
     */
-    public static function create(?string $secret = null, int $period = 30, string $digest = 'sha1', int $digits = 6): TOTP
+    public static function create(?string $secret = null, int $period = 30, string $digest = 'sha1', int $digits = 6): self
    {
        return new self($secret, $period, $digest, $digits);
    }
@@ -104,7 +104,7 @@ final class TOTP extends OTP implements TOTPInterface
    {
        $window = abs($window);

-        for ($i = -$window; $i <= $window; ++$i) {
+        for ($i = -$window; $i <= $window; $i++) {
            $at = (int) $i * $this->getPeriod() + $timestamp;
            if ($this->compareOTP($this->at($at), $otp)) {
                return true;

--- a/tests/HOTPTest.php
+++ b/tests/HOTPTest.php
@@ -100,6 +100,18 @@ final class HOTPTest extends TestCase
        HOTP::create('JDDK4U6G3BJLEZ7Y', 0, 'foo');
    }

+    /**
+     * @expectedException \RuntimeException
+     * @expectedExceptionMessage Unable to decode the secret. Is it correctly base32 encoded?
+     */
+    public function testSecretShouldBeBase32Encoded()
+    {
+        $secret = random_bytes(32);
+
+        $otp = HOTP::create($secret);
+        $otp->at(0);
+    }
+
    public function testObjectCreationValid()
    {
        $otp = HOTP::create();

--- a/tests/TOTPTest.php
+++ b/tests/TOTPTest.php
@@ -56,6 +56,18 @@ final class TOTPTest extends TestCase
        TOTP::create('JDDK4U6G3BJLEZ7Y', -20, 'sha512', 8);
    }

+    /**
+     * @expectedException \RuntimeException
+     * @expectedExceptionMessage Unable to decode the secret. Is it correctly base32 encoded?
+     */
+    public function testSecretShouldBeBase32Encoded()
+    {
+        $secret = random_bytes(32);
+
+        $otp = TOTP::create($secret);
+        $otp->now();
+    }
+
    public function testGetProvisioningUri()
    {
        $otp = $this->createTOTP(6, 'sha1', 30);