5.4.0 (04/10/2023)
SecretParseError
now implementsstd::error::Error
.
- @FliegendeWurst for their work on #62.
5.3.0 (10/09/2023)
- Creation of a new
qrcodegen-image
subcrate to handle image creation, as the wrapper is actually nice and could be used in placed not related tototp-rs
. (#61)
TOTP::get_qr
was deprecated in favour ofTOTP::get_qr_base64
andTOTP::get_qr_png
.
- @tmpfs for their work on #60 and implementation in #61.
5.2.0 (10/08/2023)
- Updated
url
crate to2.4
.
5.1.0 (15/07/2023)
- Added some more documentation.
- Removed unnecessary allocation for
Secret.Display
for theRaw
variant.
5.0.2 (15/05/2023)
- Fix skew overflowing if value is over 128.
- @carl-wallace for discovering #58.
5.0.1 (31/03/2023)
- Normalize dependencies specifications since cargo uses range dependency by default.
- @bestia-dev for pointing out discrepancies in my dependency requirements.
5.0 (28/03/2023)
- MSRV has been set to Rust
1.61
. - Removed
SecretParseError::Utf8Error
.
- Updated
base64
to0.21
. - Updated
url
to2.3
. - Updated
zeroize
to1.6
.
This major release is a very small one, and is mostly here to respect semver. No major change was done, it is mostly maintenance and cleanup.
- @bestia-dev for opening #55.
4.2 (14/01/2023)
- Optionnals parameters in generated URLs are no longer present if their're the default value. (#49)
- The issuer part of the Path when using the couple Issuer:AccountName wasn't cut correctly if the
:
was URL-encoded. (#50)
- @timvisee for their work on #49 and discovering the bug leading to #50.
4.1 (06/01/2023)
- Add a "steam" feature which adds support for steam's non-standard totp.
- Add
_unchecked
variants forTOTP::new
andTOTP::from_url
, which skip certain checks like key_size and digit numbers.
- @colemickens for opening #45.
- @timvisee for their work on #47 and #48, implementing an idea from #44 and working on #45.
4.0 (29/12/2022)
- Default features have been set to none.
- MSRV has been set to Rust
1.59
. - Updated
base64
crate to0.20
.
- This was a relic from the beggining of the library, but
TOTP
is no longer generic. In my opinion, while having been used in the past for some historical reasons, the generic was mostly useless as almost everyone just used bytes as a secret, prevented us from doing some work like thezeroize
feature, and overall made it more complex to new users than it needed to be.
This is the last release for 2022. This project has thus far been a wild ride. Originally intended for a non-profit organization, it gained traction outside of it, and soon became one the projects I'm the most proud of. It has been a pleasure learning from amazing people, and getting precious feedback from real life users. The open-source community has always been a special place to me, and being able to put in the hours to finally give something back has been, is, an amazing opportunity.
The year 2023 should see a lot less of breaking changes, as the library slowly approaches a form most users can happily use. This doesn't mean the library will stop being maintained, but I (hopefully) will stop breaking your stuff so often.
As always for every new realease, please report any issue encountered while updating totp-rs to 4.0.0
.
3.1 (03/11/2022)
get_qr()
now returns aString
as an error.TOTP
now implementscore::fmt::Display
Rfc6238Error
andTotpUrlError
now implementstd::error::Error
- Add better coverage thanks to
llvm-tools-preview
andgrcov
- Finally
cargo fmt
'd the whole repo
- @tmpfs for making me notice #41.
3.0.1 (13/08/2022)
TotpUrlError
was unexported. This is now fixed. (#29)base32
was reexported instead. It is now private, and will need to be an explicit dependency for the user to encore/decode base32 data.
Secret
comparison is now done in constant time.
- @alexanderkja for discovering #29.
3.0 (09/08/2022)
- Secret handling is now less error prone thanks to #25
- Totp now implements the
Default
trait, which will generate a strong secret, and have sane default values according to RFC-6238 like #26 Rfc6238
struct is exposed for easy Totp buildingTotp.ttl
convenience method will tell remaining validity time of token (not taking skew into account)
- [gen_secret] uses
rand
to generate a secret
- TotpUrlError now contain a string explaining. Inspired by #23
- Totp fields
issuer
andaccount_name
won't be present anymore if featureotpauth
isn't enabled - The secret and digits field will now be validated for SecretSize (>= 128 bits)
- @sacovofor opening #23, from which the TotpUrlError rework was inspired
- @steven89 for the tremendous work and back and forth provided with #24 #25 and #26
This has been, I think, the update containing the most work. While a lot of unit testing have been done, and test cases added, coverage seems to have dropped. Please report any issue encountered while updating totp-rs to 3.0.0
2.1 (16/06/2022)
- [otpauth] now uses
urlencoding
, which has no dependencies, to url-encode and url-decode values. Because doing this with theurl
library was kind of awkward.
- Bug where your issuer would be incorrectly prefixed with a /, and comparison with the issuer parameter would fail.
- Bug where the issuer and account name in path would not be correctly url decoded in path, but correctly decoded in url query.
@wyhaya for discovering the first problem in #21
2.0 (30/05/2022)
issuer
andaccount_name
are now members of TOTP, and thus are not used anymore as function parameters for methodsfrom_url()
now extracts issuer and label- Method
get_url()
now needsotpauth
feature - Method
get_url()
now produces more correct urls - Methods
next_step(time: u64)
andnext_step_current
will return the timestamp of the next step's start - Feature
qr
enables featureotpauth
- @wyhaya for giving ideas and feedback for this release
1.4 (06/05/2022)
- Added url dependency for
otpauth
feature, which adds afrom_url
function to parse aTOTP
object from url. Thanks to @wyhaya (constantoine#19)
1.3 (06/05/2022)
- Added helper functions
generate_current
andcheck_current
. Thanks to @wyhaya (constantoine#17) - Clarified output format of get_qr in the docs
1.2.1 (05/05/2022)
- Disabled default image features to only enable png
1.2 (05/05/2022)
- Bumped "image" version to 0.24
- Removed "qrcode" library, which was abandoned years ago, to "qrcodegen", which is actively maintained
1.1 (24/04/2022)
- Mitigated possible timing attack as noticed per @gleb-chipiga in constantoine#13
- Added PartialEq support for TOTP and PartialEq + Eq support for Algorithm, suggestion from @gleb-chipiga in constantoine#14
1.0 (15/04/2022)
- Fixed wrongful results using hmac-256 and hmac-512 thanks to @ironhaven extensive researches within RFC's in constantoine#12
- The currently used "qrcode" library is abandonned. Preliminary work showed it was not compatible woth newer versions of the "image" library
- I'd like to take that opportunity to rethink the way the "qr" feature is presented