Crash if invalid TOTP was in keyring.

[dzatoah]

Using selector: EpollSelector
Loading KWallet
Loading SecretService
Loading Windows
Loading chainer
Loading libsecret
Loading macOS
Traceback (most recent call last):
File "/home/daniel/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/openconnect_sso/app.py", line 35, in run
auth_response, selected_profile = asyncio.get_event_loop().run_until_complete(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/asyncio/base_events.py", line 653, in run_until_complete
return future.result()
^^^^^^^^^^^^^^^
File "/home/daniel/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/openconnect_sso/app.py", line 121, in _run
if credentials and not credentials.totp:
^^^^^^^^^^^^^^^^
File "/home/daniel/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/openconnect_sso/config.py", line 129, in totp
return pyotp.TOTP(totpsecret).now() if totpsecret else None
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/daniel/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/pyotp/totp.py", line 64, in now
return self.generate_otp(self.timecode(datetime.datetime.now()))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/daniel/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/pyotp/otp.py", line 35, in generate_otp
hasher = hmac.new(self.byte_secret(), self.int_to_bytestring(input), self.digest)
^^^^^^^^^^^^^^^^^^
File "/home/daniel/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/pyotp/otp.py", line 52, in byte_secret
return base64.b32decode(secret, casefold=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/base64.py", line 254, in b32decode
return _b32decode(_b32alphabet, s, casefold, map01)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/base64.py", line 240, in _b32decode
raise binascii.Error('Incorrect padding')
binascii.Error: Incorrect padding

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/daniel/.local/bin/openconnect-sso", line 8, in <module>
sys.exit(main())
^^^^^^
File "/home/daniel/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/openconnect_sso/cli.py", line 175, in main
return app.run(args)
^^^^^^^^^^^^^
File "/home/daniel/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/openconnect_sso/app.py", line 42, in run
msg, retval = e.args
^^^^^^^^^^^
ValueError: not enough values to unpack (expected 2, got 1)

Quick & dirty fix:

nano +129 /home/daniel/.local/pipx/venvs/openconnect-sso/lib/python3.11/site-packages/openconnect_sso/config.py

@property
def totp(self):
    try:
        totpsecret = keyring.get_password(APP_NAME, "totp/" + self.username)
        return pyotp.TOTP(totpsecret).now() if totpsecret else None
    except Exception as e:
        logger.info("Cannot retrieve saved totp info from keyring.")
        return ""

Note the Exception as e

[AlexanderMartinKane]

The only solution I found was to remove the incorrect TOTP from the keyring. I wasn't sure where the keyring stores passwords, so I used its API:

pipx install keyring
keyring get "openconnect-sso" "totp/<username|email>"
keyring del "openconnect-sso" "totp/<username|email>"

I hope this helps someone save a few hours of troubleshooting.

[kowyo]

Will be fixed in https://github.com/kowyo/openconnect-lite