This change is a follow-up to the discussion on #33, which proposes a
backward-compatible extension to the existing config file format to allow the
user to include otpauth URLs in addition to the standard format.
This is WIP, not ready to merge; it needs tests and a better story for the
progress indicator.
OpenSSL uses PKCS#5 padding, and the decryption code was not removing it
correctly. In some cases, this causes the last line of the decrypted config to
be mangled and produces invalid results.
To support this:
- Move config loading to gauth.LoadConfigFile.
- Inject a hook to read the user's password.
- Add unit tests that decryption doesn't corrupt the result.
- Update module dependencies.
- Update Go versions in CI, and fix some config-check warnings.
Rework gauth.Code as gauth.Codes, which returns the previous, current, and next
strings in one step. Remove authCodeOrDie, since there is now only one decode
step to check.
The implementation now uses the bitbucket.org/creachadair/otp package, which
makes the code simpler and subsumes normalizeSecret.
No functional changes are intended; the main package now imports the library
and uses it, but the implementation is unchanged.
Specific highlights:
- Change the names of the functions to avert stutter following the advice of
Effective Go: https://golang.org/doc/effective_go.html#package-names
- Reorganize the helpers in main so control flow is easier to follow.
- Add documentation comments.
- moving to crypto/ssh/terminal, which should also work on Windows
and be better maintained (code.google.com is going away)
- fix support for padding
Closes#2.
