FIX: TOTP could not be used on sites with colons in their names
This is because the TOTP gem identifies as a colon as an addressable protocol. The solution for now is to remove the colon in the issuer name. Changing the issuer changes the token values, but now it was completely broken for colons so this should not be breaking anyone new.
This commit is contained in:
parent
c7787464cd
commit
a47e0a3fda
|
@ -20,7 +20,7 @@ module SecondFactorManager
|
|||
|
||||
def get_totp_object(data)
|
||||
require_rotp
|
||||
ROTP::TOTP.new(data, issuer: SiteSetting.title)
|
||||
ROTP::TOTP.new(data, issuer: SiteSetting.title.gsub(":", ""))
|
||||
end
|
||||
|
||||
def totp_provisioning_uri(data)
|
||||
|
|
|
@ -47,6 +47,18 @@ RSpec.describe SecondFactorManager do
|
|||
"otpauth://totp/#{SiteSetting.title}:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=#{SiteSetting.title}"
|
||||
)
|
||||
end
|
||||
it 'should handle a colon in the site title' do
|
||||
SiteSetting.title = 'Spaceballs: The Discourse'
|
||||
expect(user.user_second_factors.totps.first.totp_provisioning_uri).to eq(
|
||||
"otpauth://totp/Spaceballs%20The%20Discourse:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=Spaceballs+The+Discourse"
|
||||
)
|
||||
end
|
||||
it 'should handle a two words before a colon in the title' do
|
||||
SiteSetting.title = 'Our Spaceballs: The Discourse'
|
||||
expect(user.user_second_factors.totps.first.totp_provisioning_uri).to eq(
|
||||
"otpauth://totp/Our%20Spaceballs%20The%20Discourse:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=Our+Spaceballs+The+Discourse"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#authenticate_totp' do
|
||||
|
|
Loading…
Reference in New Issue