commit 644f04f6aefdb047b4b9a90c7f5f35b8929ffd18
parent e6d6a3e447bc2fa9f87f86cf8086b21a0e1a6d41
Author: Antoine A <>
Date: Mon, 18 Dec 2023 16:07:27 +0000
Improve TAN challenge code format
Diffstat:
2 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt b/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt
@@ -537,7 +537,7 @@ private fun Routing.coreBankCashoutApi(db: Database, ctx: BankConfig) = conditio
amountCredit = req.amount_credit,
subject = req.subject ?: "", // TODO default subject
tanChannel = tanChannel,
- tanCode = UUID.randomUUID().toString(),
+ tanCode = Tan.genCode(),
now = Instant.now(),
retryCounter = TAN_RETRY_COUNTER,
validityPeriod = TAN_VALIDITY_PERIOD
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/Tan.kt b/bank/src/main/kotlin/tech/libeufin/bank/Tan.kt
@@ -0,0 +1,35 @@
+/*
+ * This file is part of LibEuFin.
+ * Copyright (C) 2023 Stanisci and Dold.
+
+ * LibEuFin is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation; either version 3, or
+ * (at your option) any later version.
+
+ * LibEuFin is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General
+ * Public License for more details.
+
+ * You should have received a copy of the GNU Affero General Public
+ * License along with LibEuFin; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>
+ */
+package tech.libeufin.bank
+
+import java.security.SecureRandom
+import java.util.UUID
+import java.text.DecimalFormat
+
+object Tan {
+ private val CODE_FORMAT = DecimalFormat("00000000");
+ private val SECURE_RNG = SecureRandom()
+
+ fun genCode(): String {
+ val rand = SECURE_RNG.nextInt(100000000)
+ val code = CODE_FORMAT.format(rand)
+ return code
+ }
+}
+
