fix issuer of OTP URI should be URI-encoded. (#6634)
* fix: Issuer of OTP URI should be URI-encoded. follow this link https://github.com/google/google-authenticator/wiki/Key-Uri-Format . * filter unsafe character ':' in issuer * Use Replace rather than ReplaceAll
This commit is contained in:
parent
2c412f517a
commit
cf3ffebfde
1 changed files with 3 additions and 1 deletions
|
@ -74,11 +74,13 @@ func twofaGenerateSecretAndQr(ctx *context.Context) bool {
|
|||
if uri != nil {
|
||||
otpKey, err = otp.NewKeyFromURL(uri.(string))
|
||||
}
|
||||
// Filter unsafe character ':' in issuer
|
||||
issuer := strings.Replace(setting.AppName+" ("+setting.Domain+")", ":", "", -1)
|
||||
if otpKey == nil {
|
||||
err = nil // clear the error, in case the URL was invalid
|
||||
otpKey, err = totp.Generate(totp.GenerateOpts{
|
||||
SecretSize: 40,
|
||||
Issuer: setting.AppName + " (" + strings.TrimRight(setting.AppURL, "/") + ")",
|
||||
Issuer: issuer,
|
||||
AccountName: ctx.User.Name,
|
||||
})
|
||||
if err != nil {
|
||||
|
|
Reference in a new issue