TwoFactorAuthenticatable::twoFactorQrCodeUrl() email address for svg/url implant missing on first enable
BlueJ-D opened this issue · comments
- Fortify Version: ???? <- how do I find?
- Laravel Version: 8.81
- PHP Version: 8.1.2
- Database Driver & Version: MySql
Description:
Never submitted an issue on GitHub before, might even be wrong place but best I can find. This seems it could be linked with Jetstream. I also had a look at previous issues to see if this was mentioned before.
Using Jetstream, Fortify, Livewire standard install via cli as instructed on website.
After install, navigating to user/profile/ and clicking enable on 2fa section, the page reloads with svg QR.
The QR code does not have the users email address embedded into the svg QR.
In google authenticator I get "AppName ()".
vendor/laravel/fortify/src/TwoFactorAuthenticatable.php:
/**
* Get the two factor authentication QR code URL.
*
* @return string
*/
public function twoFactorQrCodeUrl()
{
return app(TwoFactorAuthenticationProvider::class)->qrCodeUrl(
config('app.name'),
$this->{Fortify::username()}, // <- NOT set on enabled.
decrypt($this->two_factor_secret)
);
}
I tested with debug_bar and on page echo in resources/views/profile/two-factor-authentication-form.blade.php:
{{ debug($this) }}
{!! auth()->user()->twoFactorQrCodeSvg() !!}
{!! auth()->user()->twoFactorQrCodeUrl() !!}
}
</div>
<div class="mt-4 max-w-xl text-sm text-gray-600">
<form method="POST" action="{{ route('two-factor.confirm') }}">
...
it seems if $this->showingQrCode is true, user()->twoFactorQrCodeUrl() will not embed the user email into the QR.
reloading the page and force showing the QR then fixes the url and svg;
In google authenticator I get "AppName (email@email.com)".
I've added the below as a very hacky hack for the moment.
...
@if ($this->enabled)
@if($this->showingQrCode)
<script>
location.reload();
</script>
@endif
...
Of course, Not a major issue, but is a little annoying. When testing the site with multiple accounts, bringing up the authenticator app I get a list of:
AppName ()
AppName ()
AppName ()
AppName ()
AppName ()
This is also the same with Microsoft authenticator
Steps To Reproduce:
- install jetstream livewire as stated on website
- for extra visual debugging, modify resources/views/profile/two-factor-authentication-form.blade.php by adding:
{!!auth()->user()->twoFactorQrCodeUrl() !!}
somewhere out of the QR showing @if(showing) statement; - navigate to user/profile
- click enable 2fa
- view totp link or scan QR
- reload page
- compare totp url
I can't seem to reproduce this. The username is properly set for me.