tinfoil
otp_provisioning_uri formatting error
I've setup this gem before and write some tests. Now, when I updated to Rails 6.1.3 tests have been failing.
Expected behavior
I expect the otp_provisioning_uri returns the correct format in the README.
"otpauth://totp/Your%20App:[email protected]?secret=[otp_secret]&issuer=Your+App"
Actual behavior
When pass a label to the otp_provisioning_uri it returns an string with the @ characters transformed in %40 and the Issuer name twice.
Steps to reproduce
- Have a
userwith 2FA enable - Call
user.otp_provisioning_uri("Emitter:[email protected], issuer: "Emitter") - receives
"otpauth://totp/Emitter:Emitter_email%40example.com?secret=[secret]&issuer=Emitter"
Info
- Ruby
2.7.2 - Rails
6.1.3 - The gem is using the github repository, since there's no release yet.
For some reason, with the actual version now the label is no more in the format ISSUER:email. Now otp_provisioning_uri only need the email and the issuer as a second parameter. As follows:
user.otp_provisioning_uri("[email protected], issuer: "Emitter")
//=> otpauth://totp/Emitter:email%40example.com?secret=[secret]&issuer=Emitter
But the error with @ still happening.
An update:
I've solved this by decoding the URI, but haven't figured out what's the cause of this.
Since the ROTP gem is actually in 6.2.0 and this gem seems to be using 6.0 I'll dig a bit more and try to track what it is, because in the previous release that wasn't a problem.
Actually, I did some more digging and this is not my issue. I think you're correct that you only need to pass the email and the issuer. However, the URI should be encoded - if you look at the examples in the ROTP gem you can see they are expecting to output an encoded URI https://github.com/mdp/rotp#generating-qr-codes-for-provisioning-mobile-apps