[GoogleAuthenticator] One time passwords that start with 0 are not handled correctly

Forge Component
Published on 2015-06-18 by Ricardo Silva
1 vote
Published on 2015-06-18 by Ricardo Silva


We found a bug in this extension. In case the one time password starts with 0 (there could be more than one 0) the CalculateOneTimePassword method returns the password without the zero(s). It's actually returning an integer.

The RFC 6238 mentioned in the description specifies that those zero(s) should be added:

result = Integer.toString(otp);
while (result.length() < codeDigits) {
 result = "0" + result;

Can this be fixed? I don't know how these Forge components are handled, if the owner cannot do it, can somebody else do the fix and publish the component to Forge?

The code I have is returning a string and adding the 0's at the start:

Can you tell me where you're seeing this behavior? Is it when using the Java version?

Hi Ricardo,

I checked and apparently there was a confusion from my part. I don't know what GoogleAuthenticator extension we've got installed but it's not this one (or it's an older version). 

My apologies.