Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 5.9.0
-
Fix Version/s: 5.9.3
-
Component/s: Client Interface, Staff Interface
-
Labels:None
Description
The 2FA system allows clients and staff to scan a QR code to set up TOTP. Some tokens like LastPass and Oracle do not work when there is an unescaped space in the Company Name.
Reported, not yet tested internally.
Issue: Space Character in Issuer Section within OTP QR code doesn't work with all 3P authenticator apps
To reproduce:
Install LastPass or Oracle authenticator
Generate MFA code in the account section
Scan code with app
App fails registration with unknown/generic error
Note: it appears Google and Microsoft just fix the space on their own
Root cause:
Sample decoded qr code (current generated code in prod), notice the space before the "LLC" in the issuer section:
otpauth://totp/email%40gmail.com?secret=secret&issuer=MyHost LLC
To Fix:
Use URL encoding for the space, %20:
otpauth://totp/email%40gmail.com?secret=secret&issuer=MyHost%20LLC
Activity
Paul Phillips
created issue -
Paul Phillips
made changes -
| Field | Original Value | New Value |
|---|---|---|
| Rank | Ranked higher |
Paul Phillips
made changes -
| Rank | Ranked lower |
| Sprint | 5.10.0 Sprint 5 [ 192 ] |
| Rank | Ranked higher |
| Assignee | Abdy Franco [ abdy ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Remaining Estimate | 0 minutes [ 0 ] | |
| Time Spent | 27 minutes [ 1620 ] | |
| Worklog Id | 16846 [ 16846 ] |
| Status | In Progress [ 3 ] | In Review [ 5 ] |
| Resolution | Fixed [ 1 ] |
| Sprint | 5.10.0 Sprint 5 [ 192 ] | 5.10.0 Sprint 5, 5.10.0 Sprint 6 [ 192, 193 ] |
| Rank | Ranked higher |
| Fix Version/s | 5.9.3 [ 11913 ] | |
| Fix Version/s | 5.10.0-b1 [ 11905 ] |
| Status | In Review [ 5 ] | Closed [ 6 ] |
| Resolution | Fixed [ 1 ] | |
| Status | Closed [ 6 ] | Reopened [ 4 ] |
| Rank | Ranked lower |
| Status | Reopened [ 4 ] | Closed [ 6 ] |
| Resolution | Fixed [ 1 ] |
