search

Jako / TwoFactorX

Two-factor authentication for the MODX manager
https://jako.github.io/TwoFactorX/
GNU General Public License v2.0
3 stars 2 forks source link

Error scanning QR code #1

Open flyinliamryan opened 10 months ago

flyinliamryan commented 10 months ago

Hi Jako,

I tested TwoFactorX out on a dev site. Scanning the QR code with both Google and Microsoft Authenticator generates errors. This occurs during the courtesy login process and also within the user profile section.

Google - "Error - Cannot interpret QR code" Microsoft - "QR code is invalid."

Keying the secret manually works fine.

flyinliamryan commented 10 months ago

📍 File: GoogleAuthenticator.php

The method getUri incorrectly applies URL encoding to the entire URI for generating QR codes. This results in the Authenticator failing to interpret the QR code correctly, as the otpauth://totp/ part should not be URL-encoded.

Current Implementation:

public function getUri($accountname, $secret, $issuer)
{
    return urlencode('otpauth://totp/' . $accountname . '?secret=' . $secret . '&issuer=' . $issuer);
}

Issue: The urlencode function should not be applied to the entire string. Instead, it should only encode the accountname and issuer parts to handle special characters.

Proposed Solution:

public function getUri($accountname, $secret, $issuer)
{
    $encodedAccountName = urlencode($accountname);
    $encodedIssuer = urlencode($issuer);
    return 'otpauth://totp/' . $encodedAccountName . '?secret=' . $secret . '&issuer=' . $encodedIssuer;
}
DESIGNfromWITHIN commented 8 months ago

I also get this issue, see a blank field where the QR code should be on setup.