Allow regeneration of QR code

Question

Allow regeneration of QR code

jasonab opened this issue 7 years ago · comments

My apologies if I missed something in the API.

Right now, you can only generate a QR code with a GoogleAuthenticatorKey object. This object can only be created by a call to createCredentials(). My use case is that I need to recreate the QR code with a preexisting secret (that has been persisted to the database), but there doesn't seem to be any way to do that with the existing API, as I cannot create a GoogleAuthenticatorKey object, or call the QR code methods with just the key. It would be sufficient to overload getOtpAuthURL() to take 3 strings (including the key).

Warren Strange · Answer 1 · Wed Nov 01 2017 23:44:49 GMT+0800 (China Standard Time)

@emcrisostomo Thoughts?

Jason Bennett · Answer 2 · Thu Nov 02 2017 01:53:21 GMT+0800 (China Standard Time)

If a PR would be accepted for this, I'd be happy to submit one.

Enrico Maria Crisostomo · Answer 3 · Thu Nov 02 2017 13:29:05 GMT+0800 (China Standard Time)

Hi @jasonab, thanks for the suggestion. I'll have a look at it ASAP. If you wish to send a PR, please do.

Enrico Maria Crisostomo · Answer 4 · Sat Nov 04 2017 17:14:55 GMT+0800 (China Standard Time)

Hi @jasonab, I've quickly checked the PR #61. The problem is not that simple. Actually, there currently is a bug. The URL generation works only if the current configuration is the default. If you customise the GoogleAuthenticatorConfig, then you'll get a wrong URL. That's because you need the following information to build the URL:

key
number of digis (default: 6)
algorithm (default: SHA1)
period (default: 30)

Hence I will refactor the library in order to:

Deprecate the current method, and specify that it will only work for the default TOTP configuration.
Add a method that takes all that information (presumably in the form of a key and a GoogleAuthenticatorConfig instance).

If you are using the default settings and do not need to store the configuration, you will just build a default configuration object.

Jason Bennett · Answer 5 · Sun Nov 05 2017 01:18:40 GMT+0800 (China Standard Time)

Very good, thanks for your feedback.

Enrico Maria Crisostomo · Answer 6 · Mon Nov 13 2017 14:38:49 GMT+0800 (China Standard Time)

Released in 1.1.3.

Jason Bennett · Answer 7 · Tue Nov 14 2017 08:28:09 GMT+0800 (China Standard Time)

Thanks very much for taking care of this, I really appreciate the responsiveness. We'll be integrating with the new version over the next couple of weeks, and I'll file new issues if we have any problems.

Jason Bennett · Answer 8 · Tue Nov 14 2017 08:38:03 GMT+0800 (China Standard Time)

@emcrisostomo Thanks again for the change, but I think I'm a little confused. My original need here was to take a persisted secret and recreate the URL. The new methods take a GoogleAuthenticatorKey with an embedded config, but I still have no way to construct a GoogleAuthenticatorKey other than calling createCredentials().

In one of your earlier replies, you mentioned adding a method that takes the raw key with a config object, which would work fine for me, but I do not see that method in the latest version.

Enrico Maria Crisostomo · Answer 9 · Wed Nov 15 2017 16:46:03 GMT+0800 (China Standard Time)

Hi @jasonab, you're right. Haste makes waste. Sort of...

Enrico Maria Crisostomo · Answer 10 · Fri Nov 17 2017 05:52:30 GMT+0800 (China Standard Time)

Released in 1.1.4