QR Code is incorrectly generated if the local part of the email contains special signs

[bartholomew1]

User can use email with special signs by doing so generated QR code will be unrecognized by the scanner. Expected: QR code is correctly generated if the user has special signs in local part of the email address Repro Steps:

1. Type email adress ex: a##@com.com
2. Generete QR code
3. Scan it with google authenticator Version: Authenticator: 5.3.2

[ThomasHabets]

On which type of device?

[bartholomew1]

On a laptop (intel core i5-3230m cpu @ 2.60 GHz 2.60 GHz) Google Chrome is up to date Version 80.0.3987.132 (Official Build) (32-bit)

[ThomasHabets]

So… this is about the PAM module? How is Chrome involved?

Type in email address where?

What?

[bartholomew1]

Just follow the repro steps... What more i can add to this? Moreover why did you delete this comment? Issue that occurs is that qr codes that are generated from addresses containing dots or special signs are incorrectly generated and Google authenticator feature that allows to scan the qr code doesn't recognize it. Type in the address to the form that uses your oauth feature? BTW I m a QA Engenieer.

[ThomasHabets]

I deleted a comment that appeared to be by a spam user, since it did nothing except quote a previous comment, by a user that has very little activity. This is a common pattern of spam bots on github (I get several a week).

Your repro steps are not actually describing anything.

Step 1: Type email address.

OK? Type it where? In a terminal? On a phone? On a typewriter in your basement?

Step 2: Generate QR code.

How? Using a command line tool? Using Google account settings? Using pen and paper?

I have absolutely no idea what you are talking about.

[bartholomew1]

So here are repro steps you should be able to understand. Preconditions: Find working pc or laptop with windows 10 installed. Google Chrome installed with the Google authenticator extension.

1. Turn on your computer with your finger
2. Wait for the system to boot
3. System will ask you to type your password (if you have one) please do so and click big button log in
4. Now you should see your desktop
5. Rapidly click 2 times on Google Chrome icon (left mouse button)
6. Your chrome browser should open
7. Find application that is using your API (google) to generate secret codes for time based authorisation (type in the URL address)
8. If you find one create account with provided email address (a##@test.com, use your hands to type on the keyboard)
9. Provide valid informations in the form to generate secret key for this account
10. You should see a pop up with generated qr code and secret key (that's how it is for my app but sadly I can't give you an access to it)
11. Click on the icon of Google authenticator (click it with left mouse button)
12. Click icon that allows you to scan part of the screen ([-] it looks like this and is on the top right corner of the Google authenticator extension tool tip you just opened)
13. Scan the qr code that is displayed on the screen by the app by clicking left mouse button and dragging cursor through the screen and release it if you cover whole qr code
14. Google authenticator extension doesn't recognize the scanned qr code and new key is not added to the Google authenticator list Hope i was specific enough if not text me i ll try to clarify it for you

[ThomasHabets]

Yeah, sarcasm and rudeness really incentivizes people to help you for free.

Ok, yeah… I don't know what "Google authenticator extension" you're using. Maybe you should contact whoever wrote it, because I've never even seen one. It's certainly not part of any of the projects here.

This project is about Mobile apps on Android (well, separate repo), iPhone, and (believe it or not) Blackberry. The second paragraph in the README of this repo is "This GitHub project is specifically for the Google Authenticator apps which target the Blackberry and iOS mobile platforms".

What extension is that? If it really has "Google" in the name I may want to report it to our lawyers for trademark infringement.

(though it's possible that somewhere among Google's 100k+ employees there could be such a project actually coming from Google. I can't find it when searching the web though)

[bartholomew1]

Oh God I m so sorry the extension I m talking about is GA outh it s not one of the Google products. Sorry for taking your time i hope you and your family stay safe from Corona virus. Thought this is the same thing I have on my phone... Hope I didn't make your weekend worse, cheers