edegaudenzi
commented
9 months ago Developers Notes
more likely for myself and of course I'll try to create a PR for this if you guys think it's ok.
Context
2amigos/yii2-usuario version 1.6.1
Problem
In the SettingsController::actionTwoFactor() code the user $id must be equal to Yii::$app->user->id. The $user object is then found through $user = $this->userQuery->whereId($id)->one();
If the Yii::$app->user->identity->auth_tf_key is null in the database, then the service TwoFactorQrCodeUriGeneratorService::run() will populate it but - correctly - it does not refresh the Yii::$app->user->identity->auth_tf_key instance itself, so at this point only the $user object has auth_tf_key populated.
This means that after the TwoFactorQrCodeUriGeneratorService::run() has run, the database and the $user object have the auth_tf_key, while Yii::$app->user->identity does not; which is correct, but this also means there is no way to then retrieve it in the two-factor.php view.
Solution
In the SettingsController::actionTwoFactor(), when calling the two-factor.php view, also pass the $user object as a parameter for the view, in this way it would be possible to have the auth_tf_key field always populated.
Then an additional couple of html lines can be done to achieve what is represented in the gif.
Live long and prosper \\//_
What steps will reproduce the problem?
/user/settings/account -> Google Authenticator -> Enable two factor authentication
What is the expected result?
Popup showing qrCode and a clickable "Can't scan? Use the code instead." so to be able to set up a password manager (like 1Password) to generate 2fa codes for me. For password managers the 'qrCode Scan' is not always an option.
What do you get instead?
Popup only showing qrCode. In this way it is impossible/difficult to set up a password manager (like 1Password) to generate 2fa codes for me. For password managers the 'qrCode Scan' is not always an option.