fix(web): use a distinct salt for TOTP authentication

If TOTP is enabled for a user, it will be disabled until the user
configure it again, which will generate a new private salt.
This commit is contained in:
Francis Lachapelle
2021-10-15 16:11:24 -04:00
parent ba86b0fd11
commit d4da1facf9
11 changed files with 115 additions and 35 deletions
@@ -26,6 +26,7 @@
function link(scope, element, attrs) {
var width = parseInt(scope.width) || 256,
height = parseInt(scope.height) || width,
// See https://github.com/google/google-authenticator/wiki/Key-Uri-Format
uri = 'otpauth://totp/SOGo:' + Settings.activeUser('email') + '?secret=' + scope.text.replace(/=+$/, '') + '&issuer=SOGo';
new QRCode(element[0], {
text: uri,