Made the TOTP URL visible during setup

Useful for some non-scanner type apps.
Closes #2908
This commit is contained in:
Dan Brown 2021-09-01 20:58:19 +01:00
parent ff494be952
commit 7028025380
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
4 changed files with 9 additions and 3 deletions

View File

@ -35,7 +35,7 @@ class MfaTotpController extends Controller
$svg = $totp->generateQrCodeSvg($qrCodeUrl); $svg = $totp->generateQrCodeSvg($qrCodeUrl);
return view('mfa.totp-generate', [ return view('mfa.totp-generate', [
'secret' => $totpSecret, 'url' => $qrCodeUrl,
'svg' => $svg, 'svg' => $svg,
]); ]);
} }

View File

@ -145,6 +145,7 @@ body.flexbox {
.flex { .flex {
min-height: 0; min-height: 0;
flex: 1; flex: 1;
max-width: 100%;
&.fit-content { &.fit-content {
flex-basis: auto; flex-basis: auto;
flex-grow: 0; flex-grow: 0;

View File

@ -12,6 +12,9 @@
<div class="block inline"> <div class="block inline">
{!! $svg !!} {!! $svg !!}
</div> </div>
<div class="code-base small text-muted px-s py-xs my-xs" style="overflow-x: scroll; white-space: nowrap;">
{{ $url }}
</div>
</div> </div>
<h2 class="list-heading">{{ trans('auth.mfa_gen_totp_verify_setup') }}</h2> <h2 class="list-heading">{{ trans('auth.mfa_gen_totp_verify_setup') }}</h2>

View File

@ -36,10 +36,12 @@ class MfaConfigurationTest extends TestCase
$resp->assertSee('The provided code is not valid or has expired.'); $resp->assertSee('The provided code is not valid or has expired.');
$revisitSvg = $resp->getElementHtml('#main-content .card svg'); $revisitSvg = $resp->getElementHtml('#main-content .card svg');
$this->assertTrue($svg === $revisitSvg); $this->assertTrue($svg === $revisitSvg);
$secret = decrypt(session()->get('mfa-setup-totp-secret'));
$resp->assertSee(htmlentities("?secret={$secret}&issuer=BookStack&algorithm=SHA1&digits=6&period=30"));
// Successful confirmation // Successful confirmation
$google2fa = new Google2FA(); $google2fa = new Google2FA();
$secret = decrypt(session()->get('mfa-setup-totp-secret'));
$otp = $google2fa->getCurrentOtp($secret); $otp = $google2fa->getCurrentOtp($secret);
$resp = $this->post('/mfa/totp/confirm', [ $resp = $this->post('/mfa/totp/confirm', [
'code' => $otp, 'code' => $otp,