I have a TOTP Authenticator project which generates a six-digit one-time password using TOTP (RFC 6238). Internally it uses Base32 class from Apache Commons Codec:
Base32 base32 = new Base32();
Following the commons-codec upgrade 1.14 -> 1.15, a unit test started to fail:
@Test
void testInvalidBase32Value() {
String secretKey = "AHXQ2W5P6AGKYVK";
Executable when = () -> generator.generateOtp(secretKey);
assertThrows(IllegalArgumentException.class, when);
}
org.opentest4j.AssertionFailedError: Expected java.lang.IllegalArgumentException to be thrown, but nothing was thrown.
How do I fix the test?
According to the Apache Commons Codec 1.15 release notes, the default decoding policy has been changed:
Base32/Base64/BCodec: Added strict decoding property to control handling of trailing bits. Default lenient mode discards them without error. Strict mode raise an exception.
The new default decoding policy is defined in BaseNCodec.java:
protected static final CodecPolicy DECODING_POLICY_DEFAULT = CodecPolicy.LENIENT;
To fix the unit test, set the decoding policy to CodecPolicy.STRICT in generateOtp():
Base32 base32 = new Base32();
->
Base32 base32 = new Base32(0, null, false, PAD_DEFAULT, CodecPolicy.STRICT);
Now data that causes a codec to fail should throw an exception.