Ensure that an OTP's issuer and label values are escaped correctly

[josh-]

Summary

This PR fixes/implements the following bugs/features:

• [x] Creating an OTP with an issuer/label that contains a space or other restricted characters does not properly escape the issuer/label

What existing problem does the pull request solve?**

Currently, if you create an OTP with an issuer that contains a space, for example:

var oneTimePassword = new OneTimePassword {
	Issuer = "Google Google",
	Label = "[email protected]",
	Secret = "pwq6 5q55"
};

and then call ToString on that oneTimePassword, that will return:

otpauth://totp/Google Google:[email protected]?secret=pwq65q55&issuer=Google%20Google

(note the first "Google Google" is not escaped, like the second one in the issuer parameter)

which then looks like this in Google Authenticator after scanning the resulting QR code:

This PR resolves this issue by correctly escaping both instances of the issuer in the URL, which then appears correctly in Google Authenticator:

otpauth://totp/Google%20Google:[email protected]?secret=pwq65q55&issuer=Google%20Google

Test plan

Test cases have been added.

Closing issues

N/A

[prvacy]

I discovered the same problem yesterday, thank you for the fix! Also, MS Authenticator does not support unescaped URLs, so that fix is really important.

[tom-156842]

Thanks for this fix, it addresses issue #375.

I suggest also escaping the Label value, since an email address can contain / and ? characters.

[josh-]

Thanks for this fix, it addresses issue #375.

I suggest also escaping the Label value, since an email address can contain / and ? characters.

Thanks @tom-156842, done 👍

[hdocsek]

@codebude Do you have any update on when this fix will be released?

[Shane32]

All changes here look good. Generated QR codes scan properly with Google Authenticator. Tests have already been added :+1: