Merge pull request #21 from humhub/enh/18-dont-send-totp-key-to-google

Generate QR code for Google authenticator by local JS script (Don't send TOTP key to Google)
humhub · May 10, 2021 · 7480937 · 7480937
2 parents 2abe01d + c84b976
commit 7480937
Show file tree

Hide file tree

Showing 7 changed files with 633 additions and 9 deletions.
diff --git a/assets/Assets.php b/assets/Assets.php
@@ -22,6 +22,7 @@ class Assets extends AssetBundle
      */
     public $js = [
         'js/humhub.twofa.js',
+        'js/qrcode.min.js',
     ];
 
     /**

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -1,6 +1,10 @@
 Changelog
 =========
 
+1.0.2 (May 10, 2021)
+--------------------
+- Enh #18: Generate QR code for Google authenticator by local JS script (Don't send TOTP key to Google)
+
 1.0.1 (May 6, 2021)
 -------------------
 - Fix: Link in translatable string

diff --git a/drivers/GoogleAuthenticatorDriver.php b/drivers/GoogleAuthenticatorDriver.php
@@ -10,7 +10,6 @@
 
 use humhub\modules\twofa\helpers\TwofaHelper;
 use Sonata\GoogleAuthenticator\GoogleAuthenticator;
-use Sonata\GoogleAuthenticator\GoogleQrUrl;
 use Yii;
 
 class GoogleAuthenticatorDriver extends BaseDriver
@@ -144,7 +143,7 @@ public function getQrCodeSecretKeyFile($requirePinCode = false)
         }
 
         return $this->renderFile([
-            'qrCodeUrl' => GoogleQrUrl::generate(TwofaHelper::getAccountName(), $secret, Yii::$app->request->hostName, 300),
+            'qrCodeText' => 'otpauth://totp/' . Yii::$app->request->hostName . ':' . TwofaHelper::getAccountName() . '?secret=' . $secret . '&issuer=' . Yii::$app->request->hostName,
             'secret' => $secret,
             'requirePinCode' => $requirePinCode,
         ], ['suffix' => 'Code']);

diff --git a/module.json b/module.json
@@ -12,7 +12,7 @@
     "resources/screen2.png",
     "resources/screen3.png"
   ],
-  "version": "1.0.1",
+  "version": "1.0.2",
   "humhub": {
     "minVersion": "1.8"
   }

diff --git a/resources/js/qrcode.js b/resources/js/qrcode.js
diff --git a/resources/js/qrcode.min.js b/resources/js/qrcode.min.js
diff --git a/views/config/userGoogleAuthenticatorCode.php b/views/config/userGoogleAuthenticatorCode.php
@@ -6,11 +6,10 @@
  * @license https://www.humhub.com/licences
  */
 
-/* @var $qrCodeUrl string */
+/* @var $qrCodeText string */
 /* @var $secret string */
 /* @var $requirePinCode boolean */
 
-use humhub\libs\Html;
 use humhub\modules\twofa\helpers\TwofaHelper;
 
 ?>
@@ -20,7 +19,7 @@
 <div class="row">
     <div class="col-md-6">
         <div class="form-group">
-            <?= Html::img($qrCodeUrl, ['alt' => Yii::t('TwofaModule.config', 'QR Code')]) ?>
+            <div id="twofa-google-auth-qrcode"></div>
             <div class="help-block"></div>
         </div>
     </div>
@@ -42,11 +41,17 @@
 
 </div>
 
-<?php if ($requirePinCode) : ?>
 <script>
 $(document).ready(function(){
+    new QRCode('twofa-google-auth-qrcode', {
+        text: '<?= $qrCodeText ?>',
+        width: 300,
+        height: 300,
+        correctLevel: QRCode.CorrectLevel.L
+    });
+<?php if ($requirePinCode) : ?>
     $('#twofaGoogleAuthPinCode').show();
     $('input[name="GoogleAuthenticatorUserSettings[changeSecretCode]"]').val(1);
+<?php endif; ?>
 })
-</script>
-<?php endif; ?>
+</script>