feat(core): import_lastpass — TOTP base32 → TotpConfig

Successful base32 decode attaches a SHA1/6/30s Totp config to LoginCore.totp. Bad base32 emits a warning and imports the login without TOTP rather than skipping the row entirely. Refactors map_row to return (Option<Item>, Option<ImportWarning>) so a single row can produce both an item and a warning. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-29 23:02:16 -04:00
parent 16888d5a3a
commit c4905c5ee7
2 changed files with 123 additions and 14 deletions
--- a/crates/relicario-core/tests/import_lastpass.rs
+++ b/crates/relicario-core/tests/import_lastpass.rs
@@ -1,6 +1,7 @@
 //! LastPass CSV importer — parser coverage.

 use relicario_core::import_lastpass::{parse_lastpass_csv, ImportWarning};
+use relicario_core::item_types::{TotpAlgorithm, TotpKind};
 use relicario_core::ItemCore;

 const HEADER: &str = "url,username,password,totp,extra,name,grouping,fav";
@@ -98,3 +99,59 @@ fn multiline_extra_round_trips_via_quoting() {
    assert!(warnings.is_empty(), "multi-line extra should parse cleanly");
    assert_eq!(items[0].notes.as_deref(), Some("line1\nline2\nline3"));
 }
+
+#[test]
+fn login_with_valid_totp_secret_attaches_config() {
+    // RFC 4648 base32 of b"12345678901234567890" → "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ".
+    let csv = format!(
+        "{HEADER}\n\
+         https://github.com/login,alice,hunter2,GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ,,GitHub,,",
+    );
+    let (items, warnings) = parse_lastpass_csv(csv.as_bytes()).unwrap();
+    assert!(warnings.is_empty());
+    match &items[0].core {
+        ItemCore::Login(l) => {
+            let totp = l.totp.as_ref().expect("expected TOTP config");
+            assert_eq!(totp.algorithm, TotpAlgorithm::Sha1);
+            assert_eq!(totp.digits, 6);
+            assert_eq!(totp.period_seconds, 30);
+            assert_eq!(totp.kind, TotpKind::Totp);
+            assert_eq!(totp.secret.as_slice(), b"12345678901234567890");
+        }
+        other => panic!("expected Login, got {:?}", other),
+    }
+}
+
+#[test]
+fn login_with_bad_totp_secret_imports_without_totp_and_warns() {
+    let csv = format!(
+        "{HEADER}\n\
+         https://github.com/login,alice,hunter2,!!!!not-base32!!!!,,GitHub,,",
+    );
+    let (items, warnings) = parse_lastpass_csv(csv.as_bytes()).unwrap();
+    assert_eq!(items.len(), 1, "login should still import");
+    match &items[0].core {
+        ItemCore::Login(l) => assert!(l.totp.is_none(), "TOTP must be dropped"),
+        other => panic!("expected Login, got {:?}", other),
+    }
+    assert_eq!(warnings.len(), 1);
+    let w = &warnings[0];
+    assert_eq!(w.title.as_deref(), Some("GitHub"));
+    assert!(w.message.contains("TOTP"), "message: {}", w.message);
+    assert!(w.message.contains("invalid") || w.message.contains("base32"));
+}
+
+#[test]
+fn login_with_lowercase_base32_totp_is_accepted() {
+    // RFC 4648 is case-insensitive; LastPass exports may use either case.
+    let csv = format!(
+        "{HEADER}\n\
+         https://x,u,p,gezdgnbvgy3tqojqgezdgnbvgy3tqojq,,Acme,,",
+    );
+    let (items, warnings) = parse_lastpass_csv(csv.as_bytes()).unwrap();
+    assert!(warnings.is_empty(), "lowercase base32 must parse");
+    match &items[0].core {
+        ItemCore::Login(l) => assert!(l.totp.is_some()),
+        _ => unreachable!(),
+    }
+}