From a515ac6326c5d76d76c62b9f6e7798aaecb7eb99 Mon Sep 17 00:00:00 2001
From: Austin Riba <austin@m51.io>
Date: Mon, 16 Sep 2024 16:37:57 -0700
Subject: [PATCH] Relax requirement for 128 bit totp secrets

totp-rs is strictly RFC6238 compliant. This is a good thing, but the
reality is many sites/apps are still using 80 bit secrets for TOTP.
These include Github, Discord, Paypal, among others. The author of
totp-rs added a function `from_url_unchecked` to address this in this
issue: https://github.com/constantoine/totp-rs/issues/46. I suggest we
use it here so that ripasso can be used practically for totp.
---
 src/pass.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pass.rs b/src/pass.rs
index b9cae17..25bbaa8 100644
--- a/src/pass.rs
+++ b/src/pass.rs
@@ -1041,7 +1041,9 @@ impl PasswordEntry {
                 }
                 end_pos
             };
-            let totp = TOTP::from_url(&secret[start_pos..end_pos])?;
+            // Use unchecked for sites like Discord, Github that still use 80
+            // bit secrets. https://github.com/constantoine/totp-rs/issues/46
+            let totp = TOTP::from_url_unchecked(&secret[start_pos..end_pos])?;
             secret.zeroize();
             Ok(totp.generate_current()?)
         } else {