Inconsistent handling of optional JSON fields in OtpInfo.fromJson() for Yandex / MOTP types #1738
Description
Version
v3.4.1
Source
GitHub
Vault encryption
Yes
Device
Pixel 10
Android version
Android 13
ROM
No response
Steps to reproduce
Description:
OtpInfo.fromJson() assumes all OTP types include "digits" and "algo" fields.
For Yandex Info and MOTP Info, these fields are optional, and their absence causes JSONException, wrapped in OtpInfoException.
This prevents valid entries from being imported.
Steps to Reproduce:
- Create a minimal JSON object for Yandex Info without a "digits" field:
{
"secret": "JBSWY3DPEHPK3PXP",
"pin": "1234"
}- Call
OtpInfo.fromJson("yandex", obj);- Observe a thrown
OtpInfoException→JSONException.
What do you expect to happen?
Expected Behavior:
Parser should apply default values (e.g., digits = 6, algo = SHA1) when optional fields are missing.
If invalid, the exception message should clearly indicate the missing or invalid field.
What happens instead?
Actual Behavior:
Throws JSONException, stopping JSON import for otherwise valid entries.
Log
Related Issue:
#1144 JSON import crashes in VaultEntry.fromJson() (upper-layer importer).
Suggested Fix:
Add a check for "pin" before constructing YandexInfo or MotpInfo:
String pin = obj.optString("pin", null);
if (pin == null || pin.isEmpty()) {
throw new OtpInfoException("missing or empty 'pin' for OTP type: " + type);
}Impact:
Prevents runtime issues and makes the code more robust when parsing JSON input.