search

pyauth / pyotp

Python One-Time Password Library
https://pyauth.github.io/pyotp/
Other
2.95k stars 321 forks source link

provisioning_uri generates wrong URI #88

Closed josefschabasser closed 4 years ago

josefschabasser commented 4 years ago

Hi!

provisioning_uri generates a wrong URI, which results in an invalid QR code. Here's what I did:

import pyotp

totp = pyotp.TOTP('ASFAS75ASDF75889G9AD7S69AS7697AS', digits=8)
totp.provisioning_uri('EU123412341234', issuer_name='Blizzard')

This prints

otpauth://totp/Blizzard:EU123412341234?secret=ASFAS75ASDF75889G9AD7S69AS7697AS&issuer=Blizzard&digits=8

which is missing a : between the name and ?. This generates an invalid QR code.

This would be the correct URI:

otpauth://totp/Blizzard:EU123412341234:?secret=ASFAS75ASDF75889G9AD7S69AS7697AS&issuer=Blizzard&digits=8

which works as intended.

QR codes tested with qrencode and andOTP. Please see https://github.com/jleclanche/python-bna/issues/24 for a current workaround using sed or awk.

Tested on Arch Linux using python-pyotp 2.3.0.

Best Regards Josef

tilkinsc commented 4 years ago

Isn't the URI function actually missing something it needs? Yes it is. The provisioning URI is missing things that need to be put into it. So I'll just assume that its an incomplete function rather than a broken one.

josefschabasser commented 4 years ago

I found the issue. The resulting URI is correct and working, but python-bna always adds a new line at the end, which is messing up the qr code.