[SG-671] OTP Menu Screen causes Crash on Android (#2097)

* [SG-671] removed unnecessary calc of otpauth period. protected cal of otpauth from crashing the app if url has a wrong format. * [SG-671] changed logger * [SG-671] Refactored GetQueryParams code to used HttpUtility.ParseQueryString. * [SG-671] refactor and null protection. * [SG-671] code format * [SG-671] fixed bug where totp circle countdown was fixed to 30. * [SG-167] added fallback for uri check. Changed all default totp timers to constant. * [SG-671] missed unsaved file * [SG-671] simplified code
2026-01-09 03:53:15 +00:00 · 2022-09-26 17:51:03 +01:00
parent 70ee24d82a
commit 2f4cd36595
6 changed files with 25 additions and 29 deletions
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -33,6 +33,7 @@
        public const int SelectFileRequestCode = 42;
        public const int SelectFilePermissionRequestCode = 43;
        public const int SaveFileRequestCode = 44;
+        public const int TotpDefaultTimer = 30;

        public static readonly string[] AndroidAllClearCipherCacheKeys =
        {
--- a/src/Core/Services/TotpService.cs
+++ b/src/Core/Services/TotpService.cs
@@ -24,7 +24,7 @@ namespace Bit.Core.Services
            {
                return null;
            }
-            var period = 30;
+            var period = Constants.TotpDefaultTimer;
            var alg = CryptoHashAlgorithm.Sha1;
            var digits = 6;
            var keyB32 = key;
@@ -117,7 +117,7 @@ namespace Bit.Core.Services

        public int GetTimeInterval(string key)
        {
-            var period = 30;
+            var period = Constants.TotpDefaultTimer;
            if (key != null && key.ToLowerInvariant().StartsWith("otpauth://"))
            {
                var qsParams = CoreHelpers.GetQueryParams(key);
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@@ -2,7 +2,9 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Text.RegularExpressions;
+using System.Web;
 using Bit.Core.Models.Domain;
+using Bit.Core.Services;
 using Newtonsoft.Json;

 namespace Bit.Core.Utilities
@@ -182,26 +184,20 @@ namespace Bit.Core.Utilities

        public static Dictionary<string, string> GetQueryParams(string urlString)
        {
-            var dict = new Dictionary<string, string>();
-            if (!Uri.TryCreate(urlString, UriKind.Absolute, out var uri) || string.IsNullOrWhiteSpace(uri.Query))
+            try
            {
-                return dict;
+                if (!Uri.TryCreate(urlString, UriKind.Absolute, out var uri) || string.IsNullOrWhiteSpace(uri.Query))
+                {
+                    return new Dictionary<string, string>();
+                }
+                var queryStringNameValueCollection = HttpUtility.ParseQueryString(uri.Query);
+                return queryStringNameValueCollection.AllKeys.Where(k => k != null).ToDictionary(k => k, k => queryStringNameValueCollection[k]);
            }
-            var pairs = uri.Query.Substring(1).Split('&');
-            foreach (var pair in pairs)
+            catch (Exception ex)
            {
-                var parts = pair.Split('=');
-                if (parts.Length < 1)
-                {
-                    continue;
-                }
-                var key = System.Net.WebUtility.UrlDecode(parts[0]).ToLower();
-                if (!dict.ContainsKey(key))
-                {
-                    dict.Add(key, parts[1] == null ? string.Empty : System.Net.WebUtility.UrlDecode(parts[1]));
-                }
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
            }
-            return dict;
+            return new Dictionary<string, string>();
        }

        public static string SerializeJson(object obj, bool ignoreNulls = false)