feat: support variable time period for a token (#137)

Resolves #136

References:
- #136

Signed-off-by: Victoria Nadasdi <[email protected]>

Author: yitsushi

internal/cmd/add_token.go

@@ -20,6 +20,7 @@ func AddTokenCommand() *cli.Command {
 			flagLength(),
 			flagPrefix(),
 			flagAlgorithm(),
+			flagTimePeriod(),
 		},
 		Action: func(ctx *cli.Context) error {
 			var (
@@ -48,11 +49,12 @@ func AddTokenCommand() *cli.Command {
 			}
 
 			account = &s.Account{
-				Name:      accName,
-				Token:     token,
-				Prefix:    ctx.String("prefix"),
-				Length:    ctx.Uint("length"),
-				Algorithm: ctx.String("algorithm"),
+				Name:       accName,
+				Token:      token,
+				Prefix:     ctx.String("prefix"),
+				Length:     ctx.Uint("length"),
+				Algorithm:  ctx.String("algorithm"),
+				TimePeriod: ctx.Int64("time-period"),
 			}
 			namespace.Accounts = append(namespace.Accounts, account)
 

internal/cmd/error.go

@@ -6,7 +6,7 @@ type DownloadError struct {
 }
 
 func (e DownloadError) Error() string {
-	return "download error: %s" + e.Message
+	return "download error: " + e.Message
 }
 
 // CommandError is an error during downloading an update.
@@ -15,7 +15,7 @@ type CommandError struct {
 }
 
 func (e CommandError) Error() string {
-	return "error: %s" + e.Message
+	return "error: " + e.Message
 }
 
 func resourceNotFoundError(name string) CommandError {
@@ -28,7 +28,7 @@ type FlagError struct {
 }
 
 func (e FlagError) Error() string {
-	return "flag error: %s" + e.Message
+	return "flag error: " + e.Message
 }
 
 func invalidAlgorithmError(value string) FlagError {

internal/cmd/flags.go

@@ -2,7 +2,7 @@ package cmd
 
 import (
 	"github.com/urfave/cli/v2"
-	"github.com/yitsushi/totp-cli/internal/storage"
+	"github.com/yitsushi/totp-cli/internal/security"
 )
 
 func flagAlgorithm() *cli.StringFlag {
@@ -31,7 +31,7 @@ func flagShowRemaining() *cli.BoolFlag {
 func flagLength() *cli.UintFlag {
 	return &cli.UintFlag{
 		Name:  "length",
-		Value: storage.DefaultTokenLength,
+		Value: security.DefaultLength,
 		Usage: "Length of the generated token.",
 	}
 }
@@ -83,3 +83,11 @@ func flagClearPrefix() *cli.BoolFlag {
 		Usage: "Clear prefix from account.",
 	}
 }
+
+func flagTimePeriod() *cli.Int64Flag {
+	return &cli.Int64Flag{
+		Name:  "time-period",
+		Value: security.DefaultTimePeriod,
+		Usage: "Time period in seconds.",
+	}
+}

internal/cmd/generate.go

@@ -30,6 +30,8 @@ func GenerateCommand() *cli.Command {
 				return CommandError{Message: "account is not defined"}
 			}
 
+			ctx.Args().First()
+
 			follow := ctx.Bool("follow")
 
 			storage := s.NewFileStorage()
@@ -43,6 +45,7 @@ func GenerateCommand() *cli.Command {
 			}
 
 			code, remaining := generateCode(account)
+
 			fmt.Println(formatCode(code, remaining, ctx.Bool("show-remaining")))
 
 			if !follow {

internal/cmd/generatehelper.go

@@ -31,7 +31,13 @@ func generateCode(account *s.Account) (string, int64) {
 		algorithm = algo.Default{}
 	}
 
-	code, remaining, err := security.GenerateOTPCode(account.Token, time.Now(), account.Length, algorithm)
+	code, remaining, err := security.GenerateOTPCode(security.GenerateOptions{
+		Token:      account.Token,
+		When:       time.Now(),
+		Length:     account.Length,
+		Algorithm:  algorithm,
+		TimePeriod: account.TimePeriod,
+	})
 	if err != nil {
 		fmt.Printf("Error: %s\n", err.Error())
 

internal/cmd/instant.go

@@ -19,13 +19,15 @@ func InstantCommand() *cli.Command {
 			flagLength(),
 			flagShowRemaining(),
 			flagAlgorithm(),
+			flagTimePeriod(),
 		},
 		Action: func(ctx *cli.Context) error {
 			account := storage.Account{
-				Name:      "instant",
-				Token:     os.Getenv("TOTP_TOKEN"),
-				Length:    ctx.Uint("length"),
-				Algorithm: ctx.String("algorithm"),
+				Name:       "instant",
+				Token:      os.Getenv("TOTP_TOKEN"),
+				Length:     ctx.Uint("length"),
+				Algorithm:  ctx.String("algorithm"),
+				TimePeriod: ctx.Int64("time-period"),
 			}
 
 			if account.Token == "" {

internal/security/otp.go

@@ -16,38 +16,63 @@ const (
 	mask1              = 0xf
 	mask2              = 0x7f
 	mask3              = 0xff
-	timeSplitInSeconds = 30
-	shift24            = 24
+	passwordHashLength = 32
 	shift16            = 16
+	shift24            = 24
 	shift8             = 8
 	sumByteLength      = 8
-	passwordHashLength = 32
+
+	// DefaultLength is the default length of the generated OTP code.
+	DefaultLength = 6
+	// DefaultTimePeriod is the default time period for the TOTP.
+	DefaultTimePeriod = 30
 )
 
-// GenerateOTPCode generates a 6 digit TOTP from the secret Token.
-func GenerateOTPCode(token string, when time.Time, length uint, algorithm algo.Algorithm) (string, int64, error) {
-	timer := uint64(math.Floor(float64(when.Unix()) / float64(timeSplitInSeconds)))
-	remainingTime := timeSplitInSeconds - when.Unix()%timeSplitInSeconds
+// GenerateOptions is the option list for the GenerateOTPCode function.
+type GenerateOptions struct {
+	Token      string
+	When       time.Time
+	Length     uint
+	Algorithm  algo.Algorithm
+	TimePeriod int64
+}
+
+func (opts *GenerateOptions) normalise() {
+	if opts.Length == 0 {
+		opts.Length = DefaultLength
+	}
+
+	if opts.Algorithm == nil {
+		opts.Algorithm = algo.SHA1{}
+	}
+
+	if opts.TimePeriod == 0 {
+		opts.TimePeriod = DefaultTimePeriod
+	}
 
 	// Remove spaces, some providers are giving us in a readable format,
 	// so they add spaces in there. If it's not removed while pasting in,
 	// remove it now.
-	token = strings.ReplaceAll(token, " ", "")
+	opts.Token = strings.ReplaceAll(opts.Token, " ", "")
 
 	// It should be uppercase always
-	token = strings.ToUpper(token)
+	opts.Token = strings.ToUpper(opts.Token)
+}
 
-	secretBytes, err := base32.StdEncoding.WithPadding(base32.NoPadding).DecodeString(token)
+// GenerateOTPCode generates an N digit TOTP from the secret Token.
+func GenerateOTPCode(opts GenerateOptions) (string, int64, error) {
+	opts.normalise()
+
+	timer := uint64(math.Floor(float64(opts.When.Unix()) / float64(opts.TimePeriod)))
+	remainingTime := opts.TimePeriod - opts.When.Unix()%opts.TimePeriod
+
+	secretBytes, err := base32.StdEncoding.WithPadding(base32.NoPadding).DecodeString(opts.Token)
 	if err != nil {
 		return "", 0, OTPError{Message: err.Error()}
 	}
 
-	if length == 0 {
-		length = 6
-	}
-
 	buf := make([]byte, sumByteLength)
-	mac := hmac.New(algorithm.Hasher(), secretBytes)
+	mac := hmac.New(opts.Algorithm.Hasher(), secretBytes)
 
 	binary.BigEndian.PutUint64(buf, timer)
 	_, _ = mac.Write(buf)
@@ -61,9 +86,9 @@ func GenerateOTPCode(token string, when time.Time, length uint, algorithm algo.A
 		(int(sum[offset+3]) & mask3))
 
 	//nolint:gosec // If the user sets a size that high to get an overflow, it's on them.
-	modulo := int32(value % int64(math.Pow10(int(length))))
+	modulo := int32(value % int64(math.Pow10(int(opts.Length))))
 
-	format := fmt.Sprintf("%%0%dd", length)
+	format := fmt.Sprintf("%%0%dd", opts.Length)
 
 	return fmt.Sprintf(format, modulo), remainingTime, nil
 }

internal/security/otp_test.go

@@ -32,7 +32,10 @@ func (suite *GenerateOTPCodeTestSuite) TestDefault() {
 	}
 
 	for when, expected := range table {
-		code, _, err := security.GenerateOTPCode(input, when, storage.DefaultTokenLength, algo.SHA1{})
+		code, _, err := security.GenerateOTPCode(security.GenerateOptions{
+			Token: input,
+			When:  when,
+		})
 
 		suite.Require().NoError(err)
 		suite.Equal(expected, code, when.String())
@@ -52,7 +55,12 @@ func (suite *GenerateOTPCodeTestSuite) TestDifferentLength() {
 	}
 
 	for when, expected := range table {
-		code, _, err := security.GenerateOTPCode(input, when, 8, algo.SHA1{})
+		code, _, err := security.GenerateOTPCode(security.GenerateOptions{
+			Token:     input,
+			When:      when,
+			Length:    8,
+			Algorithm: algo.SHA1{},
+		})
 
 		suite.Require().NoError(err)
 		suite.Equal(expected, code, when.String())
@@ -72,7 +80,11 @@ func (suite *GenerateOTPCodeTestSuite) TestSpaceSeparatedToken() {
 	}
 
 	for when, expected := range table {
-		code, _, err := security.GenerateOTPCode(input, when, storage.DefaultTokenLength, algo.SHA1{})
+		code, _, err := security.GenerateOTPCode(security.GenerateOptions{
+			Token:     input,
+			When:      when,
+			Algorithm: algo.SHA1{},
+		})
 
 		suite.Require().NoError(err)
 		suite.Equal(expected, code, when.String())
@@ -92,7 +104,12 @@ func (suite *GenerateOTPCodeTestSuite) TestNonPaddedHashes() {
 	}
 
 	for when, expected := range table {
-		code, _, err := security.GenerateOTPCode(input, when, storage.DefaultTokenLength, algo.SHA1{})
+		code, _, err := security.GenerateOTPCode(security.GenerateOptions{
+			Token:     input,
+			When:      when,
+			Length:    storage.DefaultTokenLength,
+			Algorithm: algo.SHA1{},
+		})
 
 		suite.Require().NoError(err)
 		suite.Equal(expected, code, when.String())
@@ -107,7 +124,12 @@ func (suite *GenerateOTPCodeTestSuite) TestInvalidPadding() {
 	}
 
 	for when, expected := range table {
-		code, _, err := security.GenerateOTPCode(input, when, storage.DefaultTokenLength, algo.SHA1{})
+		code, _, err := security.GenerateOTPCode(security.GenerateOptions{
+			Token:     input,
+			When:      when,
+			Length:    storage.DefaultTokenLength,
+			Algorithm: algo.SHA1{},
+		})
 
 		suite.Require().Error(err)
 		suite.Equal(expected, code, when.String())
@@ -128,7 +150,12 @@ func (suite *GenerateOTPCodeTestSuite) TestSHA256() {
 	}
 
 	for when, expected := range table {
-		code, _, err := security.GenerateOTPCode(input, when, storage.DefaultTokenLength, algo.SHA256{})
+		code, _, err := security.GenerateOTPCode(security.GenerateOptions{
+			Token:     input,
+			When:      when,
+			Length:    storage.DefaultTokenLength,
+			Algorithm: algo.SHA256{},
+		})
 
 		suite.Require().NoError(err)
 		suite.Equal(expected, code, when.String())
@@ -149,7 +176,39 @@ func (suite *GenerateOTPCodeTestSuite) TestSHA512() {
 	}
 
 	for when, expected := range table {
-		code, _, err := security.GenerateOTPCode(input, when, storage.DefaultTokenLength, algo.SHA512{})
+		code, _, err := security.GenerateOTPCode(security.GenerateOptions{
+			Token:     input,
+			When:      when,
+			Length:    storage.DefaultTokenLength,
+			Algorithm: algo.SHA512{},
+		})
+
+		suite.Require().NoError(err)
+		suite.Equal(expected, code, when.String())
+	}
+}
+
+func (suite *GenerateOTPCodeTestSuite) TestSHA256WithLongerPeriod() {
+	input := "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP"
+	table := map[time.Time]string{
+		time.Date(2025, 02, 26, 18, 12, 1, 0, time.UTC):  "195134",
+		time.Date(2025, 02, 26, 18, 12, 11, 0, time.UTC): "195134",
+		time.Date(2025, 02, 26, 18, 12, 23, 0, time.UTC): "195134",
+		time.Date(2025, 02, 26, 18, 12, 33, 0, time.UTC): "195134",
+		time.Date(2025, 02, 26, 18, 12, 43, 0, time.UTC): "195134",
+		time.Date(2025, 02, 26, 18, 12, 53, 0, time.UTC): "195134",
+		time.Date(2025, 02, 26, 18, 13, 3, 0, time.UTC):  "042795",
+		time.Date(2025, 02, 26, 18, 13, 13, 0, time.UTC): "042795",
+	}
+
+	for when, expected := range table {
+		code, _, err := security.GenerateOTPCode(security.GenerateOptions{
+			Token:      input,
+			When:       when,
+			Length:     storage.DefaultTokenLength,
+			TimePeriod: 60,
+			Algorithm:  algo.SHA256{},
+		})
 
 		suite.Require().NoError(err)
 		suite.Equal(expected, code, when.String())

internal/storage/account.go

@@ -6,9 +6,10 @@ const DefaultTokenLength = 6
 
 // Account represents a TOTP account.
 type Account struct {
-	Name      string `json:"name"      yaml:"name"`
-	Token     string `json:"token"     yaml:"token"`
-	Prefix    string `json:"prefix"    yaml:"prefix"`
-	Length    uint   `json:"length"    yaml:"length"`
-	Algorithm string `json:"algorithm" yaml:"algorithm"`
+	Name       string `json:"name"       yaml:"name"`
+	Token      string `json:"token"      yaml:"token"`
+	Prefix     string `json:"prefix"     yaml:"prefix"`
+	Length     uint   `json:"length"     yaml:"length"`
+	Algorithm  string `json:"algorithm"  yaml:"algorithm"`
+	TimePeriod int64  `json:"timePeriod" yaml:"timePeriod"`
 }