From fbaf247ec7fb5b4452e3a89207087d2dc9572584 Mon Sep 17 00:00:00 2001 From: mickael e Date: Fri, 4 Jul 2025 09:32:22 -0400 Subject: [PATCH 1/2] secrets/totp: trim space before processing request --- builtin/logical/totp/backend_test.go | 2 ++ builtin/logical/totp/path_code.go | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/builtin/logical/totp/backend_test.go b/builtin/logical/totp/backend_test.go index 1d3ba4d4f9c..98d7da0ff40 100644 --- a/builtin/logical/totp/backend_test.go +++ b/builtin/logical/totp/backend_test.go @@ -339,6 +339,8 @@ func TestBackend_keyCrudDefaultValues(t *testing.T) { testAccStepReadKey(t, "test", expected), testAccStepValidateCode(t, "test", code, true, false), // Next step should fail because it should be in the used cache + testAccStepValidateCode(t, "test", code+" ", false, true), + testAccStepValidateCode(t, "test", " "+code, false, true), testAccStepValidateCode(t, "test", code, false, true), testAccStepValidateCode(t, "test", invalidCode, false, false), testAccStepDeleteKey(t, "test"), diff --git a/builtin/logical/totp/path_code.go b/builtin/logical/totp/path_code.go index 7e7278c10f8..38ba176c3fc 100644 --- a/builtin/logical/totp/path_code.go +++ b/builtin/logical/totp/path_code.go @@ -6,6 +6,7 @@ package totp import ( "context" "fmt" + "strings" "time" "github.com/hashicorp/vault/sdk/framework" @@ -85,8 +86,8 @@ func (b *backend) pathReadCode(ctx context.Context, req *logical.Request, data * } func (b *backend) pathValidateCode(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - name := data.Get("name").(string) - code := data.Get("code").(string) + name := strings.TrimSpace(data.Get("name").(string)) + code := strings.TrimSpace(data.Get("code").(string)) // Enforce input value requirements if code == "" { From abeee168b15ba67b7c7cd38c365f5b48a9c02c22 Mon Sep 17 00:00:00 2001 From: Mike Palmiotto Date: Fri, 11 Jul 2025 15:14:01 -0400 Subject: [PATCH 2/2] Update builtin/logical/totp/path_code.go --- builtin/logical/totp/path_code.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/logical/totp/path_code.go b/builtin/logical/totp/path_code.go index 38ba176c3fc..c2d50ff21f4 100644 --- a/builtin/logical/totp/path_code.go +++ b/builtin/logical/totp/path_code.go @@ -86,7 +86,7 @@ func (b *backend) pathReadCode(ctx context.Context, req *logical.Request, data * } func (b *backend) pathValidateCode(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - name := strings.TrimSpace(data.Get("name").(string)) + name := data.Get("name").(string) code := strings.TrimSpace(data.Get("code").(string)) // Enforce input value requirements