Fixed Extra space in TOTP url

digitalpoint

Well-known member
Affected version
2.2.9
When generating the url for Google Authenticator (or other TOTP apps), there's an extra space before $user.

In XF\Tfa\Totp.php:
PHP:
$otpUrl = GoogleAuthenticator::getKeyUri('totp', "$issuer: $user", $config['secret'], null, [
   'issuer' => $issuer
]);

should be:
PHP:
$otpUrl = GoogleAuthenticator::getKeyUri('totp', "$issuer:$user", $config['secret'], null, [
   'issuer' => $issuer
]);

It's not normally noticeable, because Google Authenticator app cleans it up and trims it before displaying. But have noticed other apps don't trim it... notably, Yubico's Authenticator app always ends up with a leading space on the account name when adding XenForo totp.

If you look at the example section for Google Authenticator, you can see the example does not include that space:

Code:
otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example
 

XF Bug Bot

XenForo bug fixer bot
Staff member
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.10).

Change log:
Remove extraneous space when generating a one-time password URL
There may be a delay before changes are rolled out to the XenForo Community.
 
Top