Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-4259

2FA Doesn't properly provide issuer information

        Details

        • Type: Bug
        • Status: Closed
        • Priority: Major
        • Resolution: Fixed
        • Affects Version/s: None
        • Fix Version/s: 5.1.2
        • Component/s: None
        • Labels:
          None

          Description

          From a client in the ticket system

          If a client enables 2-factor authentication in its Blesta account, Google Authenticator does not show Issuer information.

          in blesta/app/views/client/bootstrap/client_main_edit.pdt

          Below code

          <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo $this->Html->safe('otpauth://totp/' . urlencode($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' . $this->Html->ifSet($two_factor_issuer));?>" alt="" />
          should be

          <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo urlencode('otpauth://totp/' . $this->Html->safe($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' .$this->Html->safe($this->Html->ifSet($two_factor_issuer)));?>" alt="" />
          which encodes chs parameter correctly.

          In current situation, issuer information cannot be parsed from authenticator application because &issuer= changed to `&issuer='.

            Activity

            Ascending order - Click to sort in descending order
            jonathan Jonathan Reissmueller created issue -
            jonathan Jonathan Reissmueller made changes -
            Field Original Value New Value
            Description From a client in the ticket system

            {quote}If a client enables 2-factor authentication in its Blesta account, Google Authenticator does not show Issuer information.

            in blesta/app/views/client/bootstrap/client_main_edit.pdt

            Below code

            <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo $this->Html->safe('otpauth://totp/&#39; . urlencode($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' . $this->Html->ifSet($two_factor_issuer));?>" alt="" />
            should be

            <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo urlencode('otpauth://totp/&#39; . $this->Html->safe($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' .$this->Html->safe($this->Html->ifSet($two_factor_issuer)));?>" alt="" />
            which encodes chs parameter correctly.

            In current situation, issuer information cannot be parsed from authenticator application because &issuer= changed to `&amp;issuer='.{quote}             		From a client in the ticket system

            {quote}If a client enables 2-factor authentication in its Blesta account, Google Authenticator does not show Issuer information.

            in blesta/app/views/client/bootstrap/client_main_edit.pdt

            Below code

            <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo $this->Html->safe('otpauth://totp/&#39; . urlencode($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' . $this->Html->ifSet($two_factor_issuer));?>" alt="" />
            should be

            <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo urlencode('otpauth://totp/&#39; . $this->Html->safe($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' .$this->Html->safe($this->Html->ifSet($two_factor_issuer)));?>" alt="" />
            which encodes chs parameter correctly.

            In current situation, issuer information cannot be parsed from authenticator application because &issuer= changed to `\&amp;issuer='.{quote}
            jonathan Jonathan Reissmueller made changes -
            Description From a client in the ticket system

            {quote}If a client enables 2-factor authentication in its Blesta account, Google Authenticator does not show Issuer information.

            in blesta/app/views/client/bootstrap/client_main_edit.pdt

            Below code

            <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo $this->Html->safe('otpauth://totp/&#39; . urlencode($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' . $this->Html->ifSet($two_factor_issuer));?>" alt="" />
            should be

            <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo urlencode('otpauth://totp/&#39; . $this->Html->safe($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' .$this->Html->safe($this->Html->ifSet($two_factor_issuer)));?>" alt="" />
            which encodes chs parameter correctly.

            In current situation, issuer information cannot be parsed from authenticator application because &issuer= changed to `\&amp;issuer='.{quote}             		From a client in the ticket system

            {quote}If a client enables 2-factor authentication in its Blesta account, Google Authenticator does not show Issuer information.

            in blesta/app/views/client/bootstrap/client_main_edit.pdt

            Below code

            <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo $this->Html->safe('otpauth://totp/&#39; . urlencode($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' . $this->Html->ifSet($two_factor_issuer));?>" alt="" />
            should be

            <img id="two_factor_qr" src="//chart.googleapis.com/chart?chs=200x200&cht=qr&chl=<?php echo urlencode('otpauth://totp/&#39; . $this->Html->safe($this->Html->ifSet($vars->username)) . '?secret=' . $this->Html->ifSet($vars->two_factor_key_base32) . '&issuer=' .$this->Html->safe($this->Html->ifSet($two_factor_issuer)));?>" alt="" />
            which encodes chs parameter correctly.

            In current situation, issuer information cannot be parsed from authenticator application because &issuer= changed to `&amp;issuer='.{quote}
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked higher
            jonathan Jonathan Reissmueller made changes -
            Fix Version/s 5.2.0-b1 [ 11709 ]
            Fix Version/s Short Term [ 10800 ]
            jonathan Jonathan Reissmueller made changes -
            Sprint 5.2.0 Sprint 3 [ 140 ]
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked lower
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked higher
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked higher
            jonathan Jonathan Reissmueller made changes -
            Fix Version/s 5.1.2 [ 11715 ]
            Fix Version/s 5.2.0-b1 [ 11709 ]
            jonathan Jonathan Reissmueller made changes -
            Assignee Jonathan Reissmueller [ jonathan ]
            jonathan Jonathan Reissmueller made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            jonathan Jonathan Reissmueller made changes -
            Remaining Estimate 0 minutes [ 0 ]
            Time Spent 11 minutes [ 660 ]
            Worklog Id 15139 [ 15139 ]
            jonathan Jonathan Reissmueller made changes -
            Status In Progress [ 3 ] In Review [ 5 ]
            Resolution Fixed [ 1 ]
            jonathan Jonathan Reissmueller made changes -
            Sprint 5.2.0 Sprint 3 [ 140 ] 5.2.0 Sprint 2 [ 135 ]
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked lower
            jonathan Jonathan Reissmueller made changes -
            Rank Ranked higher
            jonathan Jonathan Reissmueller made changes -
            Status In Review [ 5 ] Closed [ 6 ]

              People

              • Assignee:
                jonathan Jonathan Reissmueller
                Reporter:
                jonathan Jonathan Reissmueller
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  20/Jul/21

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 11 minutes
                  11m

                    Agile