Fixed Extra space in TOTP url

digitalpoint

digitalpoint

Well-known member
Affected version
2.2.9
When generating the url for Google Authenticator (or other TOTP apps), there's an extra space before $user.

In XF\Tfa\Totp.php:
PHP: 
$otpUrl = GoogleAuthenticator::getKeyUri('totp', "$issuer: $user", $config['secret'], null, [
   'issuer' => $issuer
]);

should be:
PHP: 
$otpUrl = GoogleAuthenticator::getKeyUri('totp', "$issuer:$user", $config['secret'], null, [
   'issuer' => $issuer
]);

It's not normally noticeable, because Google Authenticator app cleans it up and trims it before displaying. But have noticed other apps don't trim it... notably, Yubico's Authenticator app always ends up with a leading space on the account name when adding XenForo totp.

If you look at the example section for Google Authenticator, you can see the example does not include that space:

Code: 
otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example
github.com

Key Uri Format · google/google-authenticator Wiki

Open source version of Google Authenticator (except the Android app) - Key Uri Format · google/google-authenticator Wiki
github.com github.com
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.10).

Change log:
Remove extraneous space when generating a one-time password URL
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 
Top Bottom