Merge pull request #73 from constantoine/bump_msrv

Update dependencies and add msrv check

Author: constantoine

.github/workflows/rust.yml

@@ -13,14 +13,23 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Build
       run: cargo build --all-features
 
+  msrv:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install cargo-msrv
+        run: cargo install cargo-msrv
+      - name: Verify Minimum Supported Rust Version
+        run: cargo msrv verify
+
   test:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Install llvm-tools-preview
       run: rustup component add llvm-tools-preview
     - name: Download grcov
@@ -42,12 +51,12 @@ jobs:
     - name: Create coverage file
       run: ./grcov . --binary-path ./target/debug/deps/ -s . -t cobertura --branch --ignore-not-existing --ignore '../*' --ignore "/*" -o target/coverage/cobertura.xml
     - name: Upload to codecov.io
-      uses: codecov/codecov-action@v2
+      uses: codecov/codecov-action@v5
       with:
         token: ${{secrets.CODECOV_TOKEN}}
 
     - name: Archive code coverage results
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v4
       with:
         name: code-coverage-report
         path: target/coverage/cobertura.xml

CHANGELOG.md

@@ -1,3 +1,17 @@
+# [5.7.0](https://github.com/constantoine/totp-rs/releases/tag/v5.7.0) (12/04/2025)
+### Breaking changes.
+- MSRV has been set to Rust `1.66`.
+
+### Changes
+- Updated `base32` crate to `0.5`.
+- Updated `constant_time_eq` crate to `0.3`.
+- Updated `rand` crate to `0.9`.
+- Added a bit of documentation.
+
+### Note
+This is probably the last version update before the big `6.0`, which will be a big rewrite, and the `2024` edition.
+The goal will be to expose the same feature as before, but in a more harmonized and idiomatic way.
+
 # [5.6.0](https://github.com/constantoine/totp-rs/releases/tag/v5.6.0) (24/07/2024)
 ### Changes
 - [qrcodegen-image](https://crates.io/crates/qrcodegen-image) has now been moved to its own [repo](https://github.com/constantoine/qrcodegen-image).

Cargo.toml

@@ -1,8 +1,8 @@
 [package]
 name = "totp-rs"
-version = "5.6.0"
+version = "5.7.0"
 authors = ["Cleo Rebert <cleo.rebert@gmail.com>"]
-rust-version = "1.61"
+rust-version = "1.66"
 edition = "2021"
 readme = "README.md"
 license = "MIT"
@@ -29,10 +29,10 @@ serde = { version = "1.0", features = ["derive"], optional = true }
 sha2 = "0.10"
 sha1 = "0.10"
 hmac = "0.12"
-base32 = "0.4"
+base32 = "0.5"
 urlencoding = { version = "2.1", optional = true}
 url = { version = "2.4", optional = true }
-constant_time_eq = "0.2"
-rand = { version = "0.8", features = ["std_rng", "std"], optional = true, default-features = false }
+constant_time_eq = "0.3"
+rand = { version = "0.9", features = ["thread_rng"], optional = true, default-features = false }
 zeroize = { version = "1.6", features = ["alloc", "derive"], optional = true }
 qrcodegen-image = { version = "1.4", features = ["base64"], optional = true }

src/lib.rs

@@ -87,16 +87,22 @@ const STEAM_CHARS: &str = "23456789BCDFGHJKMNPQRTVWXY";
 #[derive(Debug, Copy, Clone, Eq, PartialEq)]
 #[cfg_attr(feature = "serde_support", derive(Serialize, Deserialize))]
 pub enum Algorithm {
+    /// HMAC-SHA1 is the default algorithm of most TOTP implementations.
+    /// Some will outright ignore the algorithm parameter to force using SHA1, leading to confusion.
     SHA1,
+    /// HMAC-SHA256. Supported in theory according to [yubico](https://docs.yubico.com/yesdk/users-manual/application-oath/uri-string-format.html).
+    /// Ignored in practice by most.
     SHA256,
+    /// HMAC-SHA512. Supported in theory according to [yubico](https://docs.yubico.com/yesdk/users-manual/application-oath/uri-string-format.html).
+    /// Ignored in practice by most.
     SHA512,
     #[cfg(feature = "steam")]
     #[cfg_attr(docsrs, doc(cfg(feature = "steam")))]
-    /// Steam TOTP token algorithm
+    /// Steam TOTP token algorithm.
     Steam,
 }
 
-impl std::default::Default for Algorithm {
+impl Default for Algorithm {
     fn default() -> Self {
         Algorithm::SHA1
     }
@@ -486,7 +492,7 @@ impl TOTP {
     /// Will return the base32 representation of the secret, which might be useful when users want to manually add the secret to their authenticator
     pub fn get_secret_base32(&self) -> String {
         base32::encode(
-            base32::Alphabet::RFC4648 { padding: false },
+            base32::Alphabet::Rfc4648 { padding: false },
             self.secret.as_ref(),
         )
     }
@@ -586,7 +592,7 @@ impl TOTP {
                 }
                 "secret" => {
                     secret = base32::decode(
-                        base32::Alphabet::RFC4648 { padding: false },
+                        base32::Alphabet::Rfc4648 { padding: false },
                         value.as_ref(),
                     )
                     .ok_or_else(|| TotpUrlError::Secret(value.to_string()))?;
@@ -1056,7 +1062,7 @@ mod tests {
         assert_eq!(
             totp.secret,
             base32::decode(
-                base32::Alphabet::RFC4648 { padding: false },
+                base32::Alphabet::Rfc4648 { padding: false },
                 "KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ"
             )
             .unwrap()
@@ -1074,7 +1080,7 @@ mod tests {
         assert_eq!(
             totp.secret,
             base32::decode(
-                base32::Alphabet::RFC4648 { padding: false },
+                base32::Alphabet::Rfc4648 { padding: false },
                 "KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ"
             )
             .unwrap()
@@ -1092,7 +1098,7 @@ mod tests {
         assert_eq!(
             totp.secret,
             base32::decode(
-                base32::Alphabet::RFC4648 { padding: false },
+                base32::Alphabet::Rfc4648 { padding: false },
                 "KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ"
             )
             .unwrap()
@@ -1127,7 +1133,7 @@ mod tests {
         assert_eq!(
             totp.secret,
             base32::decode(
-                base32::Alphabet::RFC4648 { padding: false },
+                base32::Alphabet::Rfc4648 { padding: false },
                 "KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ"
             )
             .unwrap()
@@ -1201,7 +1207,7 @@ mod tests {
         assert_eq!(
             totp.secret,
             base32::decode(
-                base32::Alphabet::RFC4648 { padding: false },
+                base32::Alphabet::Rfc4648 { padding: false },
                 "KRSXG5CTMVRXEZLUKN2XAZLSKNSWG4TFOQ"
             )
             .unwrap()

src/rfc.rs

@@ -33,6 +33,8 @@ impl std::fmt::Display for Rfc6238Error {
     }
 }
 
+// Check that the number of digits is RFC-compliant.
+// (between 6 and 8 inclusive).
 pub fn assert_digits(digits: &usize) -> Result<(), Rfc6238Error> {
     if !(&6..=&8).contains(&digits) {
         Err(Rfc6238Error::InvalidDigits(*digits))
@@ -41,6 +43,8 @@ pub fn assert_digits(digits: &usize) -> Result<(), Rfc6238Error> {
     }
 }
 
+// Check that the secret is AT LEAST 128 bits long, as per the RFC's requirements.
+// It is still RECOMMENDED to have an at least 160 bits long secret.
 pub fn assert_secret_length(secret: &[u8]) -> Result<(), Rfc6238Error> {
     if secret.as_ref().len() < 16 {
         Err(Rfc6238Error::SecretTooSmall(secret.as_ref().len() * 8))

src/secret.rs

@@ -131,7 +131,7 @@ impl Secret {
     pub fn to_bytes(&self) -> Result<Vec<u8>, SecretParseError> {
         match self {
             Secret::Raw(s) => Ok(s.to_vec()),
-            Secret::Encoded(s) => match base32::decode(Alphabet::RFC4648 { padding: false }, s) {
+            Secret::Encoded(s) => match base32::decode(Alphabet::Rfc4648 { padding: false }, s) {
                 Some(bytes) => Ok(bytes),
                 None => Err(SecretParseError::ParseBase32),
             },
@@ -142,7 +142,7 @@ impl Secret {
     pub fn to_raw(&self) -> Result<Self, SecretParseError> {
         match self {
             Secret::Raw(_) => Ok(self.clone()),
-            Secret::Encoded(s) => match base32::decode(Alphabet::RFC4648 { padding: false }, s) {
+            Secret::Encoded(s) => match base32::decode(Alphabet::Rfc4648 { padding: false }, s) {
                 Some(buf) => Ok(Secret::Raw(buf)),
                 None => Err(SecretParseError::ParseBase32),
             },
@@ -153,7 +153,7 @@ impl Secret {
     pub fn to_encoded(&self) -> Self {
         match self {
             Secret::Raw(s) => {
-                Secret::Encoded(base32::encode(Alphabet::RFC4648 { padding: false }, s))
+                Secret::Encoded(base32::encode(Alphabet::Rfc4648 { padding: false }, s))
             }
             Secret::Encoded(_) => self.clone(),
         }
@@ -171,7 +171,7 @@ impl Secret {
     pub fn generate_secret() -> Secret {
         use rand::Rng;
 
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
         let mut secret: [u8; 20] = Default::default();
         rng.fill(&mut secret[..]);
         Secret::Raw(secret.to_vec())