Don't use letters in me2mom access code.

BUG=None
TEST=None


Review URL: http://codereview.chromium.org/7048020

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86187 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 11 insertions, 29 deletions

diff --git a/remoting/host/support_access_verifier.cc b/remoting/host/support_access_verifier.cc
index 5d1c019..23146ad 100644
--- a/remoting/host/support_access_verifier.cc
+++ b/remoting/host/support_access_verifier.cc
@@ -16,14 +16,11 @@
 namespace remoting {
 
 namespace {
-// 5 characters long from 34-letter alphabet gives 4.5M possible
+// 8 characters long from 10-letter alphabet gives 100M possible
 // host secrets with uniform distribution, which should be enough
 // for short-term passwords.
-const int kHostSecretLength = 5;
-
-// The following set includes 10 digits and Latin alphabet except I
-// and O. I and O are not used to avoid confusion with 1 and 0.
-const char kHostSecretAlphabet[] = "ABCDEFGHJKLMNPQRSTUVWXYZ0123456789";
+const int kHostSecretLength = 8;
+const char kHostSecretAlphabet[] = "0123456789";
 
 // Generates cryptographically strong random number in the range [0, max).
 int CryptoRandomInt(int max) {
diff --git a/remoting/protocol/auth_token_utils.cc b/remoting/protocol/auth_token_utils.cc
index 29728f3..50edca3 100644
--- a/remoting/protocol/auth_token_utils.cc
+++ b/remoting/protocol/auth_token_utils.cc
@@ -12,27 +12,6 @@
 namespace remoting {
 namespace protocol {
 
-namespace {
-
-// Normalizes access code. Must be applied on the access code entered
-// by the user before generating auth token. It (1)converts the string
-// to upper case, (2) replaces O with 0 and (3) replaces I with 1.
-std::string NormalizeAccessCode(const std::string& access_code) {
-  std::string normalized = access_code;
-  StringToUpperASCII(&normalized);
-  for (std::string::iterator i = normalized.begin();
-       i != normalized.end(); ++i) {
-    if (*i == 'O') {
-      *i = '0';
-    } else if (*i == 'I') {
-      *i = '1';
-    }
-  }
-  return normalized;
-}
-
-}  // namespace
-
 std::string GenerateSupportAuthToken(const std::string& jid,
                                      const std::string& access_code) {
   std::string sha256 = crypto::SHA256HashString(jid + " " + access_code);
@@ -47,7 +26,7 @@ bool VerifySupportAuthToken(const std::string& jid,
                             const std::string& access_code,
                             const std::string& auth_token) {
   std::string expected_token =
-      GenerateSupportAuthToken(jid, NormalizeAccessCode(access_code));
+      GenerateSupportAuthToken(jid, access_code);
   return expected_token == auth_token;
 }
 
diff --git a/remoting/webapp/me2mom/remoting.js b/remoting/webapp/me2mom/remoting.js
index 656aa15..76dd63f2 100644
--- a/remoting/webapp/me2mom/remoting.js
+++ b/remoting/webapp/me2mom/remoting.js
@@ -263,6 +263,12 @@ function parseServerResponse_(xhr) {
   showConnectError_(xhr.status, xhr.responseText);
 }
 
+function normalizeAccessCode(accessCode) {
+  // Trim whitespace from beginning and the end.
+  // TODO(sergeyu): Do we need to do any other normalization here?
+  return accessCode.replace(/^\s+|\s+$/, '');
+}
+
 function resolveSupportId(support_id) {
     var xhr = new XMLHttpRequest();
     xhr.onreadystatechange = function() {
@@ -282,7 +288,7 @@ function resolveSupportId(support_id) {
 }
 
 function tryConnect(form) {
-  remoting.accessCode = form['access_code_entry'].value;
+  remoting.accessCode = normalizeAccessCode(form['access_code_entry'].value);
   // TODO(jamiewalch): Since the mapping from (SupportId, HostSecret) to
   // AccessCode is not yet defined, assume it's hyphen-separated for now.
   var parts = remoting.accessCode.split('-');