- github.com/creachadair/otp to v0.4.0
- golang.org/x/crypto to v0.1.0
- Update go mod vendor
- Update gofmt (changes from 1.19)
- Update CI configuration.
- Fix CI status badge.
No functional changes.
I commented out this test while writing #45. Split the Codes function so we can
plumb in a time step for testing, and update the test. This does not change the
observed behaviour for the user.
The example for how to encrypt a gauth.csv file using openssl implicitly assumes
the input and output are different files. But if you run that command while already
in the output directory, they will be the same path, and it appears openssl may
clobber the output.
To avert this, explicitly indicate in the example that the input is in the home
directory, and the output is elsewhere. The actual paths do not matter, this
is just to keep the example safe.
This change is a follow-up to the discussion on #33, which proposes a
backward-compatible extension to the existing config file format to allow the
user to include otpauth URLs in addition to the standard format.
This is WIP, not ready to merge; it needs tests and a better story for the
progress indicator.
The performance of GitHub Actions is faster and more consistent than the free
tier of Travis CI. Build, lint, tests, and staticcheck for the same versions of
Go using Actions instead.
OpenSSL uses PKCS#5 padding, and the decryption code was not removing it
correctly. In some cases, this causes the last line of the decrypted config to
be mangled and produces invalid results.
To support this:
- Move config loading to gauth.LoadConfigFile.
- Inject a hook to read the user's password.
- Add unit tests that decryption doesn't corrupt the result.
- Update module dependencies.
- Update Go versions in CI, and fix some config-check warnings.
Rework gauth.Code as gauth.Codes, which returns the previous, current, and next
strings in one step. Remove authCodeOrDie, since there is now only one decode
step to check.
The implementation now uses the bitbucket.org/creachadair/otp package, which
makes the code simpler and subsumes normalizeSecret.
No functional changes are intended; the main package now imports the library
and uses it, but the implementation is unchanged.
Specific highlights:
- Change the names of the functions to avert stutter following the advice of
Effective Go: https://golang.org/doc/effective_go.html#package-names
- Reorganize the helpers in main so control flow is easier to follow.
- Add documentation comments.
