Google Charts 2factor Auth no longer working

[aleks001]

I can't seem to generate google QR codes anymore and I found this on Googles developer site: Deprecation notice While the separate Google Charts service is actively maintained, the infographics service is now deprecated and scheduled to be turned off on March 14, 2019.

Is there a workaround for this or has google given up on QR codes completely ?

[MauriceBrg]

I was about to enable MFA for our Production instance this morning, but couldn't get this working as well after I had tested in on the Test instance last week - this explains it. A solution would be much appreciated :-)

[aleks001]

I did some more digging and google is not doing QR codes anymore. The other solutions by teampass arent really easy and more important free to implement so technically there is no easy cheap option. Bit dissapointing. You can still send yourself a qr code and put it manually into google 2 factor auth but its not the point it will probably be a matter of time before the google authenticator app is removed as well. We really need something to replace it thats simple and free.

[MauriceBrg]

If this service is just used to create the QR-Codes, there are free alternatives, such as the API provided by the folks behind QR-Server

• Overview
• API-Docs

Sample: https://api.qrserver.com/v1/create-qr-code/?size=250x250&data=this_is_a_demo

[MauriceBrg]

I created a QRCodeProvider for this, you can try it out:

Add the following file: /var/www/html/www/includes/libraries/Authentication/TwoFactorAuth/Providers/Qr/GoqrMeQRCodeProvider.php

With this content:

<?php

namespace Authentication\TwoFactorAuth\Providers\Qr;
require_once(dirname(__FILE__)."/BaseHTTPQRCodeProvider.php");

// https://api.qrserver.com/v1/create-qr-code/?size=150x150&data=Example
// http://goqr.me/api/doc/create-qr-code/
class GoqrMeQRCodeProvider extends BaseHTTPQRCodeProvider 
{
    public $errorcorrectionlevel;
    public $margin;

    function __construct($verifyssl = false, $errorcorrectionlevel = 'L', $margin = 1) 
    {
        if (!is_bool($verifyssl))
            throw new \QRException('VerifySSL must be bool');

        $this->verifyssl = $verifyssl;

        $this->errorcorrectionlevel = $errorcorrectionlevel;
        $this->margin = $margin;
    }

    public function getMimeType() 
    {
        return 'image/png';
    }

    public function getQRCodeImage($qrtext, $size) 
    {
        return $this->getContent($this->getUrl($qrtext, $size));
    }

    public function getUrl($qrtext, $size) 
    {
        return 'https://api.qrserver.com/v1/create-qr-code/?'
            . 'size=' . $size . 'x' . $size
            . '&ecc=' . $this->errorcorrectionlevel . '|' . $this->margin
            . '&data=' . rawurlencode($qrtext);
    }
}

Then edit this file: /var/www/html/www/includes/libraries/Authentication/TwoFactorAuth/TwoFactorAuth.php

Add this line at the top to the includes:

//New QR Provider
require_once(dirname(__FILE__)."/Providers/Qr/GoqrMeQRCodeProvider.php");

and change getQrCodeProvider() to this:

    /**
     * @return IQRCodeProvider
     * @throws TwoFactorAuthException
     */
    public function getQrCodeProvider()
    {
        // Set default QR Code provider if none was specified
        if (null === $this->qrcodeprovider) {
                return $this->qrcodeprovider = new Providers\Qr\GoqrMeQRCodeProvider();
        //return $this->qrcodeprovider = new Providers\Qr\GoogleQRCodeProvider();
        }
        return $this->qrcodeprovider;
    }

Make sure the file permissions fit and there you go.

[aleks001]

That wont help within the application as it has to provide specific details and I'm not sure what exactly it is providing.

[MauriceBrg]

Well, it works on my machine... ;-)

As far as I can tell the Google Charts API was only used to encode the URL that includes the shared secret/seed for the Random Number generator that's used in the Authentication-Apps as a QR Code. It doesn't have anything to do with the authentication itself. When you decode a valid QR Code you can see that. That and the fact that this is programmed as an interface makes it relatively easy to replace.

The "old" interface GoogleQRCodeProvider wrapped the Google API, mine wraps the qrserver-API. (I noticed that there is already another Provider present after I implemented mine, see TeamPass/includes/libraries/Authentication/TwoFactorAuth/Providers/Qr/QRicketProvider.php what's currently missing is a way to switch these out from the GUI)

[aleks001]

Oh Sorry I miss understood that you explained exactly what to do my bad. I will try and see if I can get it to work (I'm not a web development person). Thanks for the feedback its really appreciated :)

[aleks001]

I can confirm this works. Thank you so much :)

[nilsteampassnet]

I'm quite surprised as Teampass uses local library for QR generation and not the Google service. I've done several tests and has no problem to get them generated.

[aleks001]

Hi nils, Mine was definetly using the the google api and it stopped working recently. Maurice provided a solution above that fixed my issue. Im running the latest teampass version on .33 build.