From 9c18e0e74dea8b1d0f99a243f0cce0dc4a5f95a3 Mon Sep 17 00:00:00 2001 From: i-just Date: Tue, 28 Jan 2025 10:17:40 +0000 Subject: [PATCH 1/4] google auth app now needs the secret without spaces --- src/auth/methods/TOTP.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/auth/methods/TOTP.php b/src/auth/methods/TOTP.php index d5b699dfd53..03fc00692e5 100644 --- a/src/auth/methods/TOTP.php +++ b/src/auth/methods/TOTP.php @@ -283,6 +283,8 @@ private function storeLastUsedTimestamp(int $userId, int $timestamp): void */ private function generateQrCode(string $secret): string { + $secret = str_replace(' ', '', $secret); + $qrCodeUrl = (new Google2FA())->getQRCodeUrl( Craft::$app->getSystemName(), $this->user->email, From 0a7a82a3cf9cac45d9e945b7fa714ebb7ff62510 Mon Sep 17 00:00:00 2001 From: i-just Date: Tue, 28 Jan 2025 10:48:45 +0000 Subject: [PATCH 2/4] different approach to secret without spaces --- src/auth/methods/TOTP.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/auth/methods/TOTP.php b/src/auth/methods/TOTP.php index 03fc00692e5..f6eaebfad62 100644 --- a/src/auth/methods/TOTP.php +++ b/src/auth/methods/TOTP.php @@ -94,7 +94,7 @@ public function getSetupHtml(string $containerId): string ]); return $view->renderTemplate('_components/auth/methods/TOTP/setup.twig', [ - 'secret' => $secret, + 'secret' => rtrim(chunk_split($secret, 4, ' ')), 'user' => $this->user, 'qrCode' => $this->generateQrCode($secret), 'totpFormId' => $totpFormId, @@ -180,7 +180,7 @@ private function secret(): string } } - return rtrim(chunk_split($secret, 4, ' ')); + return $secret; } /** @@ -283,8 +283,6 @@ private function storeLastUsedTimestamp(int $userId, int $timestamp): void */ private function generateQrCode(string $secret): string { - $secret = str_replace(' ', '', $secret); - $qrCodeUrl = (new Google2FA())->getQRCodeUrl( Craft::$app->getSystemName(), $this->user->email, From 7966f8f7cbd93583cf68e7aca377fdceb3d60092 Mon Sep 17 00:00:00 2001 From: i-just Date: Tue, 28 Jan 2025 10:56:02 +0000 Subject: [PATCH 3/4] update comment --- src/auth/methods/TOTP.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/auth/methods/TOTP.php b/src/auth/methods/TOTP.php index f6eaebfad62..8fe50a1fd84 100644 --- a/src/auth/methods/TOTP.php +++ b/src/auth/methods/TOTP.php @@ -161,8 +161,8 @@ public function remove(): void } /** - * Gets User's 2FA secret from the database - * and returns as a string formatted into a 4 character chunks. + * Returns User's 2FA secret from the database + * or generates a new one. * * @return string */ From 5f98a108eb6419ba854761bca4be243a00d0e343 Mon Sep 17 00:00:00 2001 From: brandonkelly Date: Tue, 28 Jan 2025 09:59:01 -0800 Subject: [PATCH 4/4] Release note [ci skip] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ddaa955fa8..80e0f1ed9fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ - Fixed a bug where field translation indicators and action menu buttons could be autofocussed when creating a new entry within a Matrix field, or opening an element editor slideout. ([#16528](https://github.com/craftcms/cms/issues/16528)) - Fixed a bug where field values copied from another site weren’t always saving. ([#16537](https://github.com/craftcms/cms/issues/16537)) - Fixed errors that could occur on Ajax requests when deleting an inline-editable Matrix block. ([#16540](https://github.com/craftcms/cms/issues/16540)) +- Fixed compatibility with the Google Authenticator app for TOTP-based authentication. ([#16466](https://github.com/craftcms/cms/issues/16466), [#16552](https://github.com/craftcms/cms/issues/16552)) ## 5.6.1 - 2025-01-22