commit c2c7c6d581fded00910515b8f78fc5d4414aadb7
parent b940061e42226fbca6f4ce91bfeedbbadd9d7171
Author: Sean Enck <sean@ttypty.com>
Date: Mon, 10 Oct 2022 19:43:34 -0400
prevent use of restricted key for totp tokens
Diffstat:
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/internal/backend/actions.go b/internal/backend/actions.go
@@ -189,7 +189,11 @@ func (t *Transaction) Move(src QueryEntity, dst string) error {
field = notesKey
}
v := src.Value
- if NewSuffix(dTitle) == NewSuffix(inputs.TOTPToken()) {
+ ok, err := isTOTP(dTitle)
+ if err != nil {
+ return err
+ }
+ if ok {
v = inputs.FormatTOTP(v)
e.Values = append(e.Values, protectedValue("otp", v))
}
diff --git a/internal/backend/core.go b/internal/backend/core.go
@@ -71,3 +71,11 @@ func pathExists(path string) bool {
}
return true
}
+
+func isTOTP(title string) (bool, error) {
+ t := inputs.TOTPToken()
+ if t == notesKey || t == passKey || t == titleKey {
+ return false, errors.New("invalid totp field, uses restricted name")
+ }
+ return NewSuffix(title) == NewSuffix(t), nil
+}
