speakeasy
speakeasy copied to clipboard
speakeasyjs
Error using base32 encoding (browser support)
Hi everybody,
I am using speakeasy in an Ember application with ember-browserify addon: https://www.npmjs.com/package/ember-browserify
Just encountered that the base32 encoding seems to not work at all. Considering the following code:
var secret = speakeasy.generateSecret(); // default length is 32
var secretKey = secret.base32;
var token = speakeasy.totp({
secret: secretKey,
encoding: 'base32'
});
So, just a secret generation and subsequent using it to create a new token leads to the following error:
"list" argument must be an Array of Buffers
The same issue with the speakeasy.totp.verify() method.
I've found the reason in the following code from index.js (lines 39-42):
// convert secret to buffer
if (!Buffer.isBuffer(secret)) {
secret = encoding === 'base32' ? base32.decode(secret)
: new Buffer(secret, encoding);
}
The base32.decode(secret) returns an array and not a Buffer.
I've changed the code and got it working:
// convert secret to buffer
if (!Buffer.isBuffer(secret)) {
secret = encoding === 'base32' ? new Buffer(base32.decode(secret)) : new Buffer(secret, encoding);
}
We can remove the conditional function to clean up the code as well:
// convert secret to buffer
if (!Buffer.isBuffer(secret)) {
if (encoding === 'base32') {
secret = base32.decode(secret);
}
secret = new Buffer(secret, encoding);
}
Would you have time to submit a pull request with test cases?
Pull request #66 patches Speakeasy to support this use case. I have tagged this issue as an enhancement for browser support.
A hotfix was committed on January 6. We have not published a new version to NPM yet. You may use the following URL in your package.json to use the hotfix version: https://docs.npmjs.com/files/package.json#github-urls
"dependencies": { "speakeasy": "speakeasyjs/speakeasy#5a3bb0f685fe0229afea53b73951570d2fbbd3f5” }
Please keep in mind that this commit includes other changes to speakeasy. To view the changes on GitHub see: https://github.com/speakeasyjs/speakeasy/compare/v2.0.0...d166c6e9dc93df50ed5ce7f002f0740fdd611880
On Feb 14, 2017, at 4:58 AM, ivands [email protected] wrote:
So when will this patch be merged? This bug is really annoying.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/speakeasyjs/speakeasy/issues/64#issuecomment-279700612, or mute the thread https://github.com/notifications/unsubscribe-auth/AAm4b1TiYe5iUZnTHmDkPRk-AgABD1PQks5rcaUCgaJpZM4LWF-d.
This would be hugely useful to me too, is there any timeline in place for a v2/v3 release with this in it?
@mikepb Not yet – I'm a bit busy at the moment and have to review potential issues with API changes before we're good to go.
@mikepb & @markbao No problem, thanks for the update anyway, sometimes it's nice just to know that the project/issue hasn't been forgotten about and there are people "on-it". 👍
Just thought of a more permanent fix. Instead of detecting whether the base32 returns a buffer, always import the client version and have speakeasy initialize a buffer with byte array.
On Mar 2, 2017, at 1:55 AM, Simon Mansfield [email protected] wrote:
@mikepb & @markbao No problem, thanks for the update anyway, sometimes it's nice just to know that the project/issue hasn't been forgotten about and there are people "on-it". 👍
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
@mikepb I don't understand your previous statement. Care to elaborate?
