Made the TOTP URL visible during setup

Useful for some non-scanner type apps.
Closes #2908

diff --git a/app/Http/Controllers/Auth/MfaTotpController.php b/app/Http/Controllers/Auth/MfaTotpController.php
index 5a932d6e9ae80f00a0096a6d306d8633874688b5..694d69d76ec9edcd3ac3af362d548c76b8ce1ef2 100644 (file)
--- a/app/Http/Controllers/Auth/MfaTotpController.php
+++ b/app/Http/Controllers/Auth/MfaTotpController.php
@@ -35,8 +35,8 @@ class MfaTotpController extends Controller
         $svg = $totp->generateQrCodeSvg($qrCodeUrl);
 
         return view('mfa.totp-generate', [
-            'secret' => $totpSecret,
-            'svg'    => $svg,
+            'url' => $qrCodeUrl,
+            'svg' => $svg,
         ]);
     }
 

diff --git a/resources/sass/_layout.scss b/resources/sass/_layout.scss
index e26948301f79b5d0e9c5c120c3448d50bb413ae7..362bab7d39195672c1511bc73832e0e6a4eb1ae0 100644 (file)
--- a/resources/sass/_layout.scss
+++ b/resources/sass/_layout.scss
@@ -145,6 +145,7 @@ body.flexbox {
 .flex {
   min-height: 0;
   flex: 1;
+  max-width: 100%;
   &.fit-content {
     flex-basis: auto;
     flex-grow: 0;

diff --git a/resources/views/mfa/totp-generate.blade.php b/resources/views/mfa/totp-generate.blade.php
index f9a7c46ace38b8f83fe1d04ba9fcf90150e29e6e..e99861a8de30c597a38ad454fc8561e12616d430 100644 (file)
--- a/resources/views/mfa/totp-generate.blade.php
+++ b/resources/views/mfa/totp-generate.blade.php
@@ -12,6 +12,9 @@
                 <div class="block inline">
                     {!! $svg !!}
                 </div>
+                <div class="code-base small text-muted px-s py-xs my-xs" style="overflow-x: scroll; white-space: nowrap;">
+                    {{ $url }}
+                </div>
             </div>
 
             <h2 class="list-heading">{{ trans('auth.mfa_gen_totp_verify_setup') }}</h2>

diff --git a/tests/Auth/MfaConfigurationTest.php b/tests/Auth/MfaConfigurationTest.php
index eb0e2faf0f32d47134bb342928dcbca2a68016b0..685aad83a242016ba4e7cec714436be835f33d39 100644 (file)
--- a/tests/Auth/MfaConfigurationTest.php
+++ b/tests/Auth/MfaConfigurationTest.php
@@ -36,10 +36,12 @@ class MfaConfigurationTest extends TestCase
         $resp->assertSee('The provided code is not valid or has expired.');
         $revisitSvg = $resp->getElementHtml('#main-content .card svg');
         $this->assertTrue($svg === $revisitSvg);
+        $secret = decrypt(session()->get('mfa-setup-totp-secret'));
+
+        $resp->assertSee(htmlentities("?secret={$secret}&issuer=BookStack&algorithm=SHA1&digits=6&period=30"));
 
         // Successful confirmation
         $google2fa = new Google2FA();
-        $secret = decrypt(session()->get('mfa-setup-totp-secret'));
         $otp = $google2fa->getCurrentOtp($secret);
         $resp = $this->post('/mfa/totp/confirm', [
             'code' => $otp,