Skip to content

Commit 57f1465

Browse files
nuxsminnuxsmin
committed
* [ADD] Use internal QR code generator to avoid network related security risks
1 parent c6b2c22 commit 57f1465

File tree

2 files changed

+24
-3
lines changed

2 files changed

+24
-3
lines changed

src/lib/Controllers/PreferencesController.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,8 @@ protected function getSecurityTab()
127127

128128
$this->pluginContext->setUserData($authenticatorData);
129129

130-
$qrCode = $this->authenticatorService->getQrCode($userData->getLogin(), $authenticatorData->getIV());
130+
// $qrCode = $this->authenticatorService->getQrCodeFromUrl($userData->getLogin(), $authenticatorData->getIV());
131+
$qrCode = $this->authenticatorService->getQrCodeFromServer($userData->getLogin(), $authenticatorData->getIV());
131132
} elseif ($authenticatorData->isTwofaEnabled()
132133
&& $authenticatorData->getUserId() > 0
133134
) {

src/lib/Services/AuthenticatorService.php

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@
2424

2525
namespace SP\Modules\Web\Plugins\Authenticator\Services;
2626

27+
use BaconQrCode\Renderer\Image\Png;
28+
use BaconQrCode\Writer;
2729
use Base2n;
2830
use Defuse\Crypto\Exception\EnvironmentIsBrokenException;
2931
use GuzzleHttp\Client;
@@ -110,14 +112,14 @@ public static function checkUserToken(string $userToken, string $iv)
110112
}
111113

112114
/**
113-
* checkReleaseAction
115+
* getQrCode
114116
*
115117
* @param string $login
116118
* @param string $iv
117119
*
118120
* @return bool
119121
*/
120-
public function getQrCode(string $login, string $iv)
122+
public function getQrCodeFromUrl(string $login, string $iv)
121123
{
122124
try {
123125
$this->extensionChecker->checkCurlAvailable(true);
@@ -157,6 +159,24 @@ public function getUserQRUrl(string $login, string $iv)
157159
return $qrUrl;
158160
}
159161

162+
/**
163+
* getQrCode
164+
*
165+
* @param string $login
166+
* @param string $iv
167+
*
168+
* @return string
169+
*/
170+
public function getQrCodeFromServer(string $login, string $iv)
171+
{
172+
$renderer = new Png();
173+
$renderer->setHeight(200);
174+
$renderer->setWidth(200);
175+
176+
$writer = new Writer($renderer);
177+
return base64_encode($writer->writeString('otpauth://totp/sysPass:syspass/' . $login . '?secret=' . $iv . '&issuer=sysPass'));
178+
}
179+
160180
/**
161181
* Devolver un código de recuperación
162182
*

0 commit comments

Comments
 (0)