From 17d4b803f74e393bd4626ababd2b0a2f0cdef16f Mon Sep 17 00:00:00 2001
From: Harsh Shandilya <me@msfjarvis.dev>
Date: Tue, 26 Mar 2024 01:41:31 +0530
Subject: fix(format/common): validate TOTP secret ahead of time

Fixes #2949
---
 .../kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt   | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'format/common/src/test')

diff --git a/format/common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt b/format/common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt
index 865a13c1..95fb3e62 100644
--- a/format/common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt
+++ b/format/common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt
@@ -13,6 +13,7 @@ import app.passwordstore.util.totp.UriTotpFinder
 import java.util.Locale
 import kotlin.test.Test
 import kotlin.test.assertEquals
+import kotlin.test.assertFalse
 import kotlin.test.assertNotNull
 import kotlin.test.assertNull
 import kotlin.test.assertTrue
@@ -181,6 +182,13 @@ class PasswordEntryTest {
     }
   }
 
+  // https://github.com/android-password-store/Android-Password-Store/issues/2949
+  @Test
+  fun disablesTotpForInvalidUri() = runTest {
+    val entry = makeEntry("password\notpauth://totp/otp-secret?secret=")
+    assertFalse(entry.hasTotp())
+  }
+
   @Test
   fun onlyLooksForUriInFirstLine() {
     val entry = makeEntry("id:\n$TOTP_URI")
-- 
cgit v1.2.3