From b6ff55662e0281c0d6e111f9307625ef695df2fa Mon Sep 17 00:00:00 2001 From: kim Date: Thu, 22 May 2025 16:27:55 +0200 Subject: [chore] update dependencies (#4188) Update dependencies: - github.com/gin-gonic/gin v1.10.0 -> v1.10.1 - github.com/gin-contrib/sessions v1.10.3 -> v1.10.4 - github.com/jackc/pgx/v5 v5.7.4 -> v5.7.5 - github.com/minio/minio-go/v7 v7.0.91 -> v7.0.92 - github.com/pquerna/otp v1.4.0 -> v1.5.0 - github.com/tdewolff/minify/v2 v2.23.5 -> v2.23.8 - github.com/yuin/goldmark v1.7.11 -> v1.7.12 - go.opentelemetry.io/otel{,/*} v1.35.0 -> v1.36.0 - modernc.org/sqlite v1.37.0 -> v1.37.1 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4188 Reviewed-by: Daenney Co-authored-by: kim Co-committed-by: kim --- vendor/github.com/pquerna/otp/hotp/hotp.go | 35 ++++++++++++++++++++++++------ vendor/github.com/pquerna/otp/otp.go | 27 ++++++++++++++++++----- vendor/github.com/pquerna/otp/totp/totp.go | 7 ++++-- 3 files changed, 54 insertions(+), 15 deletions(-) (limited to 'vendor/github.com/pquerna/otp') diff --git a/vendor/github.com/pquerna/otp/hotp/hotp.go b/vendor/github.com/pquerna/otp/hotp/hotp.go index 13a193e94..bc23b660b 100644 --- a/vendor/github.com/pquerna/otp/hotp/hotp.go +++ b/vendor/github.com/pquerna/otp/hotp/hotp.go @@ -57,6 +57,8 @@ type ValidateOpts struct { Digits otp.Digits // Algorithm to use for HMAC. Defaults to SHA1. Algorithm otp.Algorithm + // Encoder to use for output code. + Encoder otp.Encoder } // GenerateCode creates a HOTP passcode given a counter and secret. @@ -112,15 +114,34 @@ func GenerateCodeCustom(secret string, counter uint64, opts ValidateOpts) (passc (int(sum[offset+3]) & 0xff)) l := opts.Digits.Length() - mod := int32(value % int64(math.Pow10(l))) + switch opts.Encoder { + case otp.EncoderDefault: + mod := int32(value % int64(math.Pow10(l))) + + if debug { + fmt.Printf("offset=%v\n", offset) + fmt.Printf("value=%v\n", value) + fmt.Printf("mod'ed=%v\n", mod) + } + passcode = opts.Digits.Format(mod) + case otp.EncoderSteam: + // Define the character set used by Steam Guard codes. + alphabet := []byte{ + '2', '3', '4', '5', '6', '7', '8', '9', 'B', 'C', + 'D', 'F', 'G', 'H', 'J', 'K', 'M', 'N', 'P', 'Q', + 'R', 'T', 'V', 'W', 'X', 'Y', + } + radix := int64(len(alphabet)) - if debug { - fmt.Printf("offset=%v\n", offset) - fmt.Printf("value=%v\n", value) - fmt.Printf("mod'ed=%v\n", mod) + for i := 0; i < l; i++ { + digit := value % radix + value /= radix + c := alphabet[digit] + passcode += string(c) + } } - return opts.Digits.Format(mod), nil + return } // ValidateCustom validates an HOTP with customizable options. Most users should @@ -194,7 +215,7 @@ func Generate(opts GenerateOpts) (*otp.Key, error) { v.Set("secret", b32NoPadding.EncodeToString(opts.Secret)) } else { secret := make([]byte, opts.SecretSize) - _, err := opts.Rand.Read(secret) + _, err := io.ReadFull(opts.Rand, secret) if err != nil { return nil, err } diff --git a/vendor/github.com/pquerna/otp/otp.go b/vendor/github.com/pquerna/otp/otp.go index 02b08f317..6d2ea6379 100644 --- a/vendor/github.com/pquerna/otp/otp.go +++ b/vendor/github.com/pquerna/otp/otp.go @@ -154,12 +154,7 @@ func (k *Key) Digits() Digits { q := k.url.Query() if u, err := strconv.ParseUint(q.Get("digits"), 10, 64); err == nil { - switch u { - case 8: - return DigitsEight - default: - return DigitsSix - } + return Digits(u) } // Six is the most common value. @@ -183,6 +178,19 @@ func (k *Key) Algorithm() Algorithm { } } +// Encoder returns the encoder used or the default ("") +func (k *Key) Encoder() Encoder { + q := k.url.Query() + + a := strings.ToLower(q.Get("encoder")) + switch a { + case "steam": + return EncoderSteam + default: + return EncoderDefault + } +} + // URL returns the OTP URL as a string func (k *Key) URL() string { return k.url.String() @@ -253,3 +261,10 @@ func (d Digits) Length() int { func (d Digits) String() string { return fmt.Sprintf("%d", d) } + +type Encoder string + +const ( + EncoderDefault Encoder = "" + EncoderSteam Encoder = "steam" +) diff --git a/vendor/github.com/pquerna/otp/totp/totp.go b/vendor/github.com/pquerna/otp/totp/totp.go index a2fb7d557..35a95f9c6 100644 --- a/vendor/github.com/pquerna/otp/totp/totp.go +++ b/vendor/github.com/pquerna/otp/totp/totp.go @@ -73,6 +73,8 @@ type ValidateOpts struct { Digits otp.Digits // Algorithm to use for HMAC. Defaults to SHA1. Algorithm otp.Algorithm + // Encoder to use for output code. + Encoder otp.Encoder } // GenerateCodeCustom takes a timepoint and produces a passcode using a @@ -86,6 +88,7 @@ func GenerateCodeCustom(secret string, t time.Time, opts ValidateOpts) (passcode passcode, err = hotp.GenerateCodeCustom(secret, counter, hotp.ValidateOpts{ Digits: opts.Digits, Algorithm: opts.Algorithm, + Encoder: opts.Encoder, }) if err != nil { return "", err @@ -113,8 +116,8 @@ func ValidateCustom(passcode string, secret string, t time.Time, opts ValidateOp rv, err := hotp.ValidateCustom(passcode, counter, secret, hotp.ValidateOpts{ Digits: opts.Digits, Algorithm: opts.Algorithm, + Encoder: opts.Encoder, }) - if err != nil { return false, err } @@ -184,7 +187,7 @@ func Generate(opts GenerateOpts) (*otp.Key, error) { v.Set("secret", b32NoPadding.EncodeToString(opts.Secret)) } else { secret := make([]byte, opts.SecretSize) - _, err := opts.Rand.Read(secret) + _, err := io.ReadFull(opts.Rand, secret) if err != nil { return nil, err } -- cgit v1.3