From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.devel Subject: Re: New package for NonGNU ELPA : totp-auth Date: Wed, 07 Feb 2024 14:43:52 +0100 Message-ID: <87msscbd9j.fsf@gmx.de> References: <47974953-df92-4d26-a3d6-271a7d6003b7@etla.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="10455"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: emacs-devel@gnu.org To: Vivek Das Mohapatra Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Feb 07 14:44:26 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rXiDy-0002a9-35 for ged-emacs-devel@m.gmane-mx.org; Wed, 07 Feb 2024 14:44:26 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rXiDZ-0001vt-QE; Wed, 07 Feb 2024 08:44:01 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rXiDW-0001vg-0Z for emacs-devel@gnu.org; Wed, 07 Feb 2024 08:43:58 -0500 Original-Received: from mout.gmx.net ([212.227.15.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rXiDT-0002d5-Fr for emacs-devel@gnu.org; Wed, 07 Feb 2024 08:43:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1707313432; x=1707918232; i=michael.albinus@gmx.de; bh=VY80QOIJL115DmvRqIjQ1CRKbFd7QBaZVNfIik2dAR4=; h=X-UI-Sender-Class:From:To:Cc:Subject:In-Reply-To:References: Date; b=TEPREh14XxrqODOKhV8w+gT+utiMwUL0uengDMbhw1iFCT1QNkeYVT00J2RyPlY+ 95WsVA271uVf/3KqAjB3PCyCQ/FSaf/H/B8PsLpfY6KDh4hJ9a1nDr9pbXcyN4lag GkS8IdNjyhJLNb/97zl/lsNxTcHR84+UaHt/qI2rVvRE4L+yksPskdyVriOBBkYy8 8OaFbDd7Afn8bE0b1VG4AJxEBzPdnp5KObb0tDN3jVK4evxgij0XBsjDJ5Dvt4ZPA mkIJ1KAD94CKA25sMTZO261odqsQnm7pM+r4xGtiG+RCww3fKiOe+UYYJDN0Tf2Ic Fpkz88KcCYQGlb3ipQ== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Original-Received: from gandalf.gmx.de ([185.89.39.16]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MUXpK-1rP14K2xxw-00QTsN; Wed, 07 Feb 2024 14:43:52 +0100 In-Reply-To: <47974953-df92-4d26-a3d6-271a7d6003b7@etla.org> (Vivek Das Mohapatra's message of "Mon, 5 Feb 2024 15:35:40 +0000") X-Provags-ID: V03:K1:PXZom9OhBB1WYWHndi5ph+Z0UwrpUjo2DNSPJOZt+J6ZNoCK65V ikoDqjSBE7TrybE5FPS4KS43mccdXZx4vH0yvnMuAnfCxEmdgfYoYy9SWCgk7N0Xd57CNn2 EWl5PTN9f+Ukq2QAJ2pRjkm8nhD9EYhrsWYa4Zk/PX49i3oAe8+fLZAIAtA52GRT4IlyFMP sTuboozTDjuVnpadnzPMg== UI-OutboundReport: notjunk:1;M01:P0:kj+JO5EAj70=;4KRgZ5riPadicaE2wtxvXSCnLum kFiWsswrS2LVAIlsT0sMvVMjpDRIymrskWHjNmBcmxJwjkMmMAnxWppQi58MICYNT28WN63tN +2Bg/Hw4SeZ+BI5qRpk/FMvn2yhyNgKTR8K9uoKyrY1WHWkh+FPrME3vSL9q9z25/Ca88LQo7 uPJtH6PSSUnGeSrVzdxXnghqbJEQOsSXMBpcuTx/z/2+i4wFO562kATfrqWT7owquHqpt0tfi r8E3z8PynwhBEMDtZPXGcP01OIrQ92vFqpe+yH0rhOgjRg1f1qrCaR64MYJWg9YIRVypxKzTF v89wwOYLu4NeFkyRQSjQFuaGuznf/h2EOmm/9cOPxJ3zRJ9eP+jljOhLaITUICzFY++MNyPaJ N1ZPcuKpd8Jv+0NW8yA7TwLpIDbp9eVFHNyQ23eyl9Q79MZy5NBe9HDFNE1pR9qLue/vA6tec 1RWN5+Hqgzu8Irv3aV3UIpsJuH7MuiFrDumkOCIoeIKeuKRS+k+MXSfCR744wajifg6cqOvB+ TqhEIkAkA3mbtyS/p6JFpiQaKzuEqQ6kXoNkVJiDtUjpAV0IaR9nlWdk38eIggsl3NXCh46fD rIEm7vZ0ZztNSEpCDh3c1hwY4n2BcW/CJjQAMvnrBy+D22Rgjhsjf5B2iWhIl/q8Mp0dNXWx+ CQiNL9Eon5uGigVat36cFvJEkwiCp+isWRZEau8KJnlSl0CFhIP1XwaN07E27WT5NebjlO+4v h9GuGc+01imqtDuxpz2pPjZavnP0WCbW1y/A7FJkUeUlf3m8VAmgdQmbE5rK+9gbZ3POEvjD Received-SPF: pass client-ip=212.227.15.19; envelope-from=michael.albinus@gmx.de; helo=mout.gmx.net X-Spam_score_int: 5 X-Spam_score: 0.5 X-Spam_bar: / X-Spam_report: (0.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:315978 Archived-At: Vivek Das Mohapatra writes: > Hi Hi Vivek, > I've recently made a package that implements RFC6238 TOTP and was > wondering if nongnu elpa would consider carrying it: Thanks for the offer. It looks like your package is already available via MELPA, so I'm using this for review. First of all, could you pls explain what's the relation of your package and the package totp, also available via MELPA? Similarities and differences? And a short search shows also the package emacs-totp on Github, how is the relation whith that package? Some comments on first test. I've naively installed the package from MELPA. In a new Emacs session, I've called 'M-x totp-auth RET RET'. This returns --8<---------------cut here---------------start------------->8--- Error running timer =E2=80=98totp-auth-update-token-notification=E2=80=99: = (wrong-type-argument char-or-string-p nil) [nn times] --8<---------------cut here---------------end--------------->8--- Well, likely due to a missing secret. Should be told to me. So I call the following 'M-x totp-auth-add-secret RET 1234567890 RET RET RET'. The secret I've entered was visible in clear text - bad. You shouldn't use read-string for this job, but let auth-source-search and its :create feature do the job. If you really want to read the password on your own, use password-read instead of read-string . I was asked for Service, User, and Size. Since I didn't get any hint what it means, I've entered RET, hoping for defaults. Well, in the GNOME passwords I could see now a new item in the Login collection, w/o a label and with the secret "otpauth://totp/?secret=3D1234567890;digits=3D6". Looks like related, but without a label it isn't useful I guess. I've deleted it. Next approach: 'M-x totp-auth-add-secret RET 1234567890 RET foo RET RET RET'. Voila, that works! There's now a new item in the Login collection labelled "foo", with the same secret. Promising. I recommend to enhance your documentation, in the Commentary section of totp-auth.el and/or via tooltips. Now ruuning again 'M-x totp-auth RET foo RET'. "foo" is offered for completion, good. But I get the error message --8<---------------cut here---------------start------------->8--- Error running timer =E2=80=98totp-auth-update-token-notification=E2=80=99: = (error "Invalid base32 payload length: 10") [73 times] --8<---------------cut here---------------end--------------->8--- So the default length (6) does not match the real length (10). Should be handled by the package. Adding a new secret, 'M-x totp-auth-add-secret RET 0987654321 RET bla RET RET 10 RET'. But 'M-x totp-auth RET bla RET' shows the same error. Last check: Using 6 digits via 'M-x totp-auth-add-secret RET 123456 RET baz RET RET RET'. 'M-x totp-auth RET baz RET' shows now --8<---------------cut here---------------start------------->8--- Error running timer =E2=80=98totp-auth-update-token-notification=E2=80=99: = (args-out-of-range "\267\316\370\0" 5) [76 times] --8<---------------cut here---------------end--------------->8--- Stopping my tests. Pls fix the package (still in MELPA, no problem) that it is useful for uninitiated users. I will continue to check then. Best regards, Michael.