Releases: constantoine/totp-rs
v5.0
Breaking changes.
- MSRV has been set to Rust
1.61
. - Removed
SecretParseError::Utf8Error
.
Changes
- Updated
base64
to0.21
. - Updated
url
to2.3
. - Updated
zeroize
to1.6
.
Note
This major release is a very small one, and is mostly here to respect semver. No major change was done, it is mostly maintenance and cleanup.
Special thanks
- @bestia-dev for opening #55.
v4.2.0
v4.1
What's new
- Add a "steam" feature which adds support for steam's non-standard totp.
- Add
_unchecked
variants forTOTP::new
andTOTP::from_url
, which skip certain checks like key_size and digit numbers.
Special thanks
v4.0
What's new
- Default features have been set to none.
Changes
- MSRV have been set to Rust
1.59
. - Updated
base64
crate to0.20
.
Breaking changes
- This was a relic from the beggining of the library, but
TOTP
is no longer generic. In my opinion, while having been used in the past for some historical reasons, the generic was mostly useless as almost everyone just used bytes as a secret, prevented us from doing some work like thezeroize
feature, and overall made it more complex to new users than it needed to be.
Special thanks
Note
This is the last release for 2022. This project has thus far been a wild ride. Originally intended for a non-profit organization, it gained traction outside of it, and soon became one the projects I'm the most proud of. It has been a pleasure learning from amazing people, and getting precious feedback from real life users. The open-source community has always been a special place to me, and being able to put in the hours to finally give something back has been, is, an amazing opportunity.
The year 2023 should see a lot less of breaking changes, as the library slowly approaches a form most users can happily use. This doesn't mean the library will stop being maintained, but I (hopefully) will stop breaking your stuff so often.
As always for every new realease, please report any issue encountered while updating totp-rs to 4.0.0
.
v3.1.0
What's new
get_qr()
now returns aString
as an error.TOTP
now implementscore::fmt::Display
Rfc6238Error
andTotpUrlError
now implementstd::error::Error
CI
- Add better coverage thanks to
llvm-tools-preview
andgrcov
Style
- Finally
cargo fmt
'd the whole repo
Special thanks
v3.0.1
Fixes
TotpUrlError
was unexported. This is now fixed. (#29)base32
was reexported instead. It is now private, and will need to be an explicit dependency for the user to encore/decode base32 data.
Changes
Secret
comparison is now done in constant time.
Special thanks
- @alexanderkja for discovering #29.
v3.0.0
New features
- Secret handling is now less error prone thanks to #25
- Totp now implements the
Default
trait, which will generate a strong secret, and have sane default values according to RFC-6238 like #26 Rfc6238
struct is exposed for easy Totp buildingTotp.ttl
convenience method will tell remaining validity time of token (not taking skew into account)
New dependency
- [gen_secret] uses
rand
to generate a secret
Breaking
- TotpUrlError now contain a string explaining. Inspired by #23
- Totp fields
issuer
andaccount_name
won't be present anymore if featureotpauth
isn't enabled - The secret and digits field will now be validated for SecretSize (>= 128 bits)
Special thanks
- @sacovofor opening #23, from which the TotpUrlError rework was inspired
- @steven89 for the tremendous work and back and forth provided with #24 #25 and #26
Note
This has been, I think, the update containing the most work. While a lot of unit testing have been done, and test cases added, coverage seems to have dropped. Please report any issue encountered while updating totp-rs to 3.0.0
v2.0.1
New dependency
- [otpauth] now uses
urlencoding
, which has no dependencies, to url-encode and url-decode values. Because doing this with theurl
library was kind of awkward.
Fixes
- Bug where your issuer would be incorrectly prefixed with a /, and comparison with the issuer parameter would fail.
- Bug where the issuer and account name in path would not be correctly url decoded in path, but correctly decoded in url query.
Special thanks
v2.0.0
What changed
issuer
andaccount_name
are now members of TOTP, and thus are not used anymore as function parameters for methodsfrom_url()
now extracts issuer and label- Method
get_url()
now needsotpauth
feature - Method
get_url()
now produces more correct urls - Methods
next_step(time: u64)
andnext_step_current
will return the timestamp of the next step's start - Feature
qr
enables featureotpauth
Special thanks
- @wyhaya for giving ideas and feedback for this release