From 63886bdc5976ee72df168053352899174095335a Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 13 Feb 2017 20:56:03 +0100 Subject: [PATCH] Fix #587 - Display TOTP secret next to QR code --- app/controllers/settings/two_factor_auths_controller.rb | 3 ++- app/views/settings/two_factor_auths/show.html.haml | 4 ++++ config/locales/en.yml | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/app/controllers/settings/two_factor_auths_controller.rb b/app/controllers/settings/two_factor_auths_controller.rb index f34295cb9..cfee92391 100644 --- a/app/controllers/settings/two_factor_auths_controller.rb +++ b/app/controllers/settings/two_factor_auths_controller.rb @@ -8,7 +8,8 @@ class Settings::TwoFactorAuthsController < ApplicationController def show return unless current_user.otp_required_for_login - @qrcode = RQRCode::QRCode.new(current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain)) + @provision_url = current_user.otp_provisioning_uri(current_user.email, issuer: Rails.configuration.x.local_domain) + @qrcode = RQRCode::QRCode.new(@provision_url) end def enable diff --git a/app/views/settings/two_factor_auths/show.html.haml b/app/views/settings/two_factor_auths/show.html.haml index bad359f8f..646369a97 100644 --- a/app/views/settings/two_factor_auths/show.html.haml +++ b/app/views/settings/two_factor_auths/show.html.haml @@ -7,6 +7,10 @@ .qr-code= raw @qrcode.as_svg(padding: 0, module_size: 5) + %p= t('two_factor_auth.plaintext_secret_html', secret: current_user.otp_secret) + + %p= t('two_factor_auth.warning') + = link_to t('two_factor_auth.disable'), disable_settings_two_factor_auth_path, data: { method: 'POST' }, class: 'block-button' - else %p= t('two_factor_auth.description_html') diff --git a/config/locales/en.yml b/config/locales/en.yml index c6c7c236e..e7d39327e 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -118,6 +118,8 @@ en: disable: Disable enable: Enable instructions_html: "Scan this QR code into Google Authenticator or a similiar app on your phone. From now on, that app will generate tokens that you will have to enter when logging in." + plaintext_secret_html: "Plain-text secret: %{secret}" + warning: If you cannot configure an authenticator app right now, you should click "disable" or you won't be able to login. users: invalid_email: The e-mail address is invalid invalid_otp_token: Invalid two-factor code