closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

fix issuer of OTP URI should be URI-encoded. (#6634) 

* fix: Issuer of OTP URI should be URI-encoded.

follow this link https://github.com/google/google-authenticator/wiki/Key-Uri-Format .

* filter unsafe character ':' in issuer

* Use Replace rather than ReplaceAll
for-closed-social
Hui Hui 5 years ago
committed by zeripath
parent
2c412f517a
commit
cf3ffebfde
1 changed files with 3 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -1
      routers/user/setting/security_twofa.go

+ 3
- 1
routers/user/setting/security_twofa.go View File

@ -74,11 +74,13 @@ func twofaGenerateSecretAndQr(ctx *context.Context) bool {
if uri != nil {
otpKey, err = otp.NewKeyFromURL(uri.(string))
}
// Filter unsafe character ':' in issuer
issuer := strings.Replace(setting.AppName+" ("+setting.Domain+")", ":", "", -1)
if otpKey == nil {
err = nil // clear the error, in case the URL was invalid
otpKey, err = totp.Generate(totp.GenerateOpts{
SecretSize: 40,
Issuer: setting.AppName + " (" + strings.TrimRight(setting.AppURL, "/") + ")",
Issuer: issuer,
AccountName: ctx.User.Name,
})
if err != nil {

Write Preview
Loading…
Cancel
Save