Page MenuHomePhabricator

QR code fails in Google Authenticator for accounts named with parentheses
Closed, ResolvedPublic

Description

When I attempt to enable two-factor authentication for my staff account "DPatrick (WMF)", the QR code cannot be read by Google Authenticator. Testing indicates that this is because the label portion of the key URI is not URI encoded.

Verification steps:

  1. In Firefox, with Firebug installed, login to https://meta.wikimedia.org/ as a WMF staff person.
  2. Navigate to https://meta.wikimedia.org/w/index.php?title=Special:OATH&returnto=Special%3APreferences.
  3. Scan the QR code in Google Authenticator and observe that an error is displayed.
  4. In the Firebug console, enter the following: $("#qrcode").empty().qrcode("otpauth://totp/" + encodeURI("Meta:YourAccount (WMF)") + "?secret=YOURLISTEDSECRET");
  5. Scan the QR code in Google Authenticator and observe that the entry is successfully created.

Details

Related Gerrit Patches:
mediawiki/extensions/OATHAuth : wmf/1.28.0-wmf.3Add URL encoding to TOTP QR code URL
mediawiki/extensions/OATHAuth : masterAdd URL encoding to TOTP QR code URL

Event Timeline

Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptMay 26 2016, 7:27 AM
dpatrick triaged this task as Unbreak Now! priority.May 26 2016, 7:28 AM
dpatrick updated the task description. (Show Details)
Restricted Application added subscribers: Luke081515, TerraCodes, Urbanecm. · View Herald TranscriptMay 26 2016, 7:28 AM
dpatrick updated the task description. (Show Details)May 26 2016, 7:31 AM

Change 290965 had a related patch set uploaded (by Parent5446):
Add URL encoding to TOTP QR code URL

https://gerrit.wikimedia.org/r/290965

Thanks @Parent5446. Testing this now, then will +2.

Krenair renamed this task from QR code fails in Google Authenticator for WMF user accounts to QR code fails in Google Authenticator for accounts named with parentheses.May 26 2016, 6:12 PM

@dpatrick, are you the ios version of Google Authenticator, right? It's working fine for me as is, on android. But using the updated javascript also works, so probably good to get that rolled out.

Change 290965 merged by Dpatrick:
Add URL encoding to TOTP QR code URL

https://gerrit.wikimedia.org/r/290965

Change 291007 had a related patch set uploaded (by Dpatrick):
Add URL encoding to TOTP QR code URL

https://gerrit.wikimedia.org/r/291007

@csteipp Yes, I'm using the iOS version of Google Authenticator and it fails for me.

Change 291007 merged by jenkins-bot:
Add URL encoding to TOTP QR code URL

https://gerrit.wikimedia.org/r/291007

dpatrick closed this task as Resolved.May 26 2016, 11:19 PM
dpatrick claimed this task.

This fix has been deployed.