From acefe4a3b9fb0d64a1025373cfad5c31d7e90a38 Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Mon, 16 Apr 2018 13:55:03 -0600
Subject: [PATCH] Don't assume our secret is base32 encoded.

According to https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm
secrets are only base32 encoded in gauthenticator and gauth friendly providers.
---
 hotp.go     | 3 ++-
 otp_test.go | 3 ---
 totp.go     | 3 ++-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/hotp.go b/hotp.go
index 7d2c752..abe3300 100644
--- a/hotp.go
+++ b/hotp.go
@@ -90,7 +90,8 @@ func hotpFromURL(u *url.URL) (*HOTP, string, error) {
 
 	key, err := base32.StdEncoding.DecodeString(secret)
 	if err != nil {
-		return nil, "", err
+		// secret isn't base32 encoded
+		key = []byte(secret)
 	}
 	otp := NewHOTP(key, counter, digits)
 	return otp, label, nil
diff --git a/otp_test.go b/otp_test.go
index 7fec809..3b5e993 100644
--- a/otp_test.go
+++ b/otp_test.go
@@ -79,10 +79,7 @@ func TestBadURL(t *testing.T) {
 		"foo",
 		"otpauth:/foo/bar/baz",
 		"://",
-		"otpauth://hotp/secret=bar",
-		"otpauth://hotp/?secret=QUJDRA&algorithm=SHA256",
 		"otpauth://hotp/?digits=",
-		"otpauth://hotp/?secret=123",
 		"otpauth://hotp/?secret=MFRGGZDF&digits=ABCD",
 		"otpauth://hotp/?secret=MFRGGZDF&counter=ABCD",
 	}
diff --git a/totp.go b/totp.go
index c3d6f3f..bb7c863 100644
--- a/totp.go
+++ b/totp.go
@@ -152,7 +152,8 @@ func totpFromURL(u *url.URL) (*TOTP, string, error) {
 
 	key, err := base32.StdEncoding.DecodeString(secret)
 	if err != nil {
-		return nil, "", err
+		// secret isn't base32 encoded
+		key = []byte(secret)
 	}
 	otp := NewTOTP(key, 0, period, digits, algo)
 	return otp, label, nil