Incorrect format of TOTP QR code

bludesign / FaxServer

Send and Receive Faxes Using The Twilio Programmable Fax API.

MIT License

108 stars 48 forks source link

Incorrect format of TOTP QR code #9

Closed ZetaTwo closed 5 years ago

ZetaTwo commented 6 years ago

Currently the contents of the TOTP QR code contains simply the base32 secret key but for the authenticator apps to recognize them it needs some more extra data on this format:

"otpauth://TYPE/LABEL?PARAMETERS"

for example:

"otpauth://totp/Fax%20Server:user@domain.com?secret=SECRETBASE32KEYGOESHERE&issuer=Fax%20Server&algorithm=SHA1&digits=6&period=30"

Currently, then trying to scan the barcode I get an "invalid format" error.

ZetaTwo commented 5 years ago

Regression. Commit d71824816c89424696d4d07f916f8c4e75ebd4bf reverted this change so now 2FA is broken again.

Change jQuery('#code').qrcode("#(totpToken)");

Into jQuery('#code').qrcode("otpauth://totp/Fax%20Server:#(email)?secret=#(totpToken)&issuer=Fax%20Server&algorithm=SHA1&digits=6&period=30");

In Resources/Views/user.leaf:5 to fix this.