github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 04:41:25 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: TOTP could not be used on sites with colons in their names

Browse Source 
This is because the TOTP gem identifies as a colon as an addressable
protocol. The solution for now is to remove the colon in the issuer
name.

Changing the issuer changes the token values, but now it was completely
broken for colons so this should not be breaking anyone new.
This commit is contained in:
Robin Ward
2020-02-20 16:35:30 -05:00
parent c7787464cd
commit a47e0a3fda
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
spec/components/concern/second_factor_manager_spec.rb
View File

@ -47,6 +47,18 @@ RSpec.describe SecondFactorManager do
"otpauth://totp/#{SiteSetting.title}:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=#{SiteSetting.title}"
)
end
it 'should handle a colon in the site title' do
SiteSetting.title = 'Spaceballs: The Discourse'
expect(user.user_second_factors.totps.first.totp_provisioning_uri).to eq(
"otpauth://totp/Spaceballs%20The%20Discourse:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=Spaceballs+The+Discourse"
)
end
it 'should handle a two words before a colon in the title' do
SiteSetting.title = 'Our Spaceballs: The Discourse'
expect(user.user_second_factors.totps.first.totp_provisioning_uri).to eq(
"otpauth://totp/Our%20Spaceballs%20The%20Discourse:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=Our+Spaceballs+The+Discourse"
)
end
end
describe '#authenticate_totp' do