From c45ad21e187ff59350ad560ba66c2b4dcbf2b093 Mon Sep 17 00:00:00 2001
From: Oscar Hinton <Hinton@users.noreply.github.com>
Date: Mon, 8 Jan 2024 10:46:54 +0100
Subject: [PATCH] Convert totp secret to uppercase (#485)

Some totp providers use lowercase secrets. This isn't valid base32
though and needs to be transformed into uppercase prior to parsing.
---
 crates/bitwarden/src/vault/totp.rs | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/crates/bitwarden/src/vault/totp.rs b/crates/bitwarden/src/vault/totp.rs
index 4adbe4dac..9bc92229b 100644
--- a/crates/bitwarden/src/vault/totp.rs
+++ b/crates/bitwarden/src/vault/totp.rs
@@ -129,7 +129,7 @@ impl FromStr for Totp {
     fn from_str(key: &str) -> Result<Self> {
         fn decode_secret(secret: &str) -> Result<Vec<u8>> {
             BASE32
-                .decode(secret.as_bytes())
+                .decode(secret.to_uppercase().as_bytes())
                 .map_err(|_| "Unable to decode secret".into())
         }
 
@@ -230,6 +230,20 @@ mod tests {
         assert_eq!(response.period, 30);
     }
 
+    #[test]
+    fn test_lowercase_secret() {
+        let key = "wqiq25brkzycjvyp".to_string();
+        let time = Some(
+            DateTime::parse_from_rfc3339("2023-01-01T00:00:00.000Z")
+                .unwrap()
+                .with_timezone(&Utc),
+        );
+        let response = generate_totp(key, time).unwrap();
+
+        assert_eq!(response.code, "194506".to_string());
+        assert_eq!(response.period, 30);
+    }
+
     #[test]
     fn test_generate_otpauth() {
         let key = "otpauth://totp/test-account?secret=WQIQ25BRKZYCJVYP".to_string();