Validate secret on manual entry

Closes #500
This commit is contained in:
Jakob Nixdorf 2020-05-06 06:44:05 +02:00
parent d52d1cb0a1
commit 57ab645314
No known key found for this signature in database
GPG key ID: BE99BF86574A7DBC
3 changed files with 73 additions and 49 deletions

View file

@ -523,4 +523,14 @@ public class Entry {
public int getColor() { public int getColor() {
return color; return color;
} }
public static boolean validateSecret(String secret) {
try {
new Base32().decode(secret.toUpperCase());
} catch (Exception e) {
return false;
}
return true;
}
} }

View file

@ -194,55 +194,7 @@ public class ManualEntryDialog {
AlertDialog.Builder builder = new AlertDialog.Builder(callingActivity); AlertDialog.Builder builder = new AlertDialog.Builder(callingActivity);
builder.setTitle(R.string.dialog_title_manual_entry) builder.setTitle(R.string.dialog_title_manual_entry)
.setView(inputView) .setView(inputView)
.setPositiveButton(R.string.button_save, new DialogInterface.OnClickListener() { .setPositiveButton(R.string.button_save, null)
@Override
public void onClick(DialogInterface dialogInterface, int i) {
Entry.OTPType type = (Entry.OTPType) typeInput.getSelectedItem();
TokenCalculator.HashAlgorithm algorithm = (TokenCalculator.HashAlgorithm) algorithmInput.getSelectedItem();
String issuer = issuerInput.getText().toString();
String label = labelInput.getText().toString();
//Replace spaces with empty characters
String secret = secretInput.getText().toString().replaceAll("\\s+","");
int digits = Integer.parseInt(digitsInput.getText().toString());
if (type == Entry.OTPType.TOTP || type == Entry.OTPType.STEAM) {
int period = Integer.parseInt(periodInput.getText().toString());
if (oldEntry == null) {
Entry e = new Entry(type, secret, period, digits, issuer, label, algorithm, tagsAdapter.getActiveTags());
e.updateOTP();
e.setLastUsed(System.currentTimeMillis());
adapter.addEntry(e);
} else {
oldEntry.setIssuer(issuer);
oldEntry.setLabel(label);
oldEntry.setTags(tagsAdapter.getActiveTags());
adapter.saveAndRefresh(settings.getAutoBackupEncryptedFullEnabled());
}
callingActivity.refreshTags();
} else if (type == Entry.OTPType.HOTP) {
long counter = Long.parseLong(counterInput.getText().toString());
if (oldEntry == null) {
Entry e = new Entry(type, secret, counter, digits, issuer, label, algorithm, tagsAdapter.getActiveTags());
e.updateOTP();
e.setLastUsed(System.currentTimeMillis());
adapter.addEntry(e);
} else {
oldEntry.setIssuer(issuer);
oldEntry.setLabel(label);
oldEntry.setTags(tagsAdapter.getActiveTags());
adapter.saveAndRefresh(settings.getAutoBackupEncryptedFullEnabled());
}
}
}
})
.setNegativeButton(android.R.string.cancel, new DialogInterface.OnClickListener() { .setNegativeButton(android.R.string.cancel, new DialogInterface.OnClickListener() {
@Override @Override
public void onClick(DialogInterface dialogInterface, int i) {} public void onClick(DialogInterface dialogInterface, int i) {}
@ -252,6 +204,65 @@ public class ManualEntryDialog {
dialog.show(); dialog.show();
final Button positiveButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE); final Button positiveButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE);
positiveButton.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
//Replace spaces with empty characters
String secret = secretInput.getText().toString().replaceAll("\\s+","");
if (!Entry.validateSecret(secret)) {
secretInput.setError(callingActivity.getString(R.string.error_invalid_secret));
return;
}
Entry.OTPType type = (Entry.OTPType) typeInput.getSelectedItem();
TokenCalculator.HashAlgorithm algorithm = (TokenCalculator.HashAlgorithm) algorithmInput.getSelectedItem();
int digits = Integer.parseInt(digitsInput.getText().toString());
String issuer = issuerInput.getText().toString();
String label = labelInput.getText().toString();
if (type == Entry.OTPType.TOTP || type == Entry.OTPType.STEAM) {
int period = Integer.parseInt(periodInput.getText().toString());
if (oldEntry == null) {
Entry e = new Entry(type, secret, period, digits, issuer, label, algorithm, tagsAdapter.getActiveTags());
e.updateOTP();
e.setLastUsed(System.currentTimeMillis());
adapter.addEntry(e);
} else {
oldEntry.setIssuer(issuer);
oldEntry.setLabel(label);
oldEntry.setTags(tagsAdapter.getActiveTags());
adapter.saveAndRefresh(settings.getAutoBackupEncryptedFullEnabled());
}
callingActivity.refreshTags();
} else if (type == Entry.OTPType.HOTP) {
long counter = Long.parseLong(counterInput.getText().toString());
if (oldEntry == null) {
Entry e = new Entry(type, secret, counter, digits, issuer, label, algorithm, tagsAdapter.getActiveTags());
e.updateOTP();
e.setLastUsed(System.currentTimeMillis());
adapter.addEntry(e);
} else {
oldEntry.setIssuer(issuer);
oldEntry.setLabel(label);
oldEntry.setTags(tagsAdapter.getActiveTags());
adapter.saveAndRefresh(settings.getAutoBackupEncryptedFullEnabled());
}
}
dialog.dismiss();
}
});
positiveButton.setEnabled(false); positiveButton.setEnabled(false);
TextWatcher watcher = new TextWatcher() { TextWatcher watcher = new TextWatcher() {

View file

@ -73,6 +73,9 @@
<string name="toast_qr_unsuported">QR Code not supported</string> <string name="toast_qr_unsuported">QR Code not supported</string>
<string name="toast_qr_failed_to_generate">Failed to generate QR Code</string> <string name="toast_qr_failed_to_generate">Failed to generate QR Code</string>
<!-- Errors -->
<string name="error_invalid_secret">Invalid secret</string>
<!-- Dialogs --> <!-- Dialogs -->
<string name="dialog_title_auth">Authenticate</string> <string name="dialog_title_auth">Authenticate</string>
<string name="dialog_title_manual_entry">Enter details</string> <string name="dialog_title_manual_entry">Enter details</string>