Additional check for negative numbers in #int_to_bytestring

gridl · Dec 13, 2017 · 2cbeee3 · 2cbeee3
1 parent 46c883c
commit 2cbeee3
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/lib/rotp/otp.rb b/lib/rotp/otp.rb
@@ -58,6 +58,10 @@ def byte_secret
     # along with the secret
     #
     def int_to_bytestring(int, padding = 8)
+      unless int >= 0
+        raise ArgumentError, "#int_to_bytestring requires a positive number"
+      end
+
       result = []
       until int == 0
         result << (int & 0xFF).chr

diff --git a/lib/rotp/totp.rb b/lib/rotp/totp.rb
@@ -20,6 +20,7 @@ def at(time, padding=true)
       unless time.class == Time
         time = Time.at(time.to_i)
       end
+
       generate_otp(timecode(time), padding)
     end
 

diff --git a/spec/lib/rotp/totp_spec.rb b/spec/lib/rotp/totp_spec.rb
@@ -161,6 +161,21 @@
 
   end
 
+  describe 'invalid_verification with nil time as argument' do
+    let(:verification) { totp.verify_with_drift token, drift, nil }
+
+    context 'positive drift' do
+      let(:token) { totp.at now - 30 }
+      let(:drift) { 60 }
+
+      it 'raises error' do
+        expect do
+          verification
+        end.to raise_error(ArgumentError)
+      end
+    end
+  end
+
   describe '#verify_with_drift' do
     let(:verification) { totp.verify_with_drift token, drift, now }
     let(:drift) { 0 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -20,6 +20,7 @@ def at(time, padding=true) @@
           unless time.class == Time
             time = Time.at(time.to_i)
           end
           generate_otp(timecode(time), padding)
         end
@@ Expand Down @@