hide otp #7926

cpalv · 2024-10-01T07:10:45Z

#7911 hide the OTP seed after it has been generated. Tested in a vm. Not a big deal if this gets swept up in migration for #7904. I'd be happy to help chip away on that

fichtner · 2024-10-01T07:18:44Z

Wouldn't it be easier to move the OTP seed to the QR code unhide button by clustering the sections together?

cpalv · 2024-10-01T07:25:07Z

src/www/system_usermanager.php

@@ -434,6 +434,19 @@ function get_user_privdesc(& $user)
        $('#otp_qrcode').show();


cluster the sections together as in bundle the "unhide" action into this method??

yes, so you don't have to manipulate the existing input / add the textarea

cpalv · 2024-10-04T06:08:31Z

I tried to move the OTP seed into the otp_qrcode div

core/src/www/system_usermanager.php

Lines 933 to 945 in b49b935

    
           <tr> 
        
             <td><a id="help_for_otp_code" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('OTP QR code') ?></td> 
        
             <td> 
        
               <label class="btn btn-primary" id="otp_unhide"><?= gettext('Click to unhide') ?></label> 
        
               <div style="display:none;" id="otp_qrcode"></div> 
        
               <script> 
        
                 $('#otp_qrcode').qrcode('<?= $otp_url ?>'); 
        
               </script> 
        
               <div class="hidden" data-for="help_for_otp_code"> 
        
                 <?= gettext('Scan this QR code for easy setup with external apps.') ?> 
        
               </div> 
        
             </td> 
        
           </tr>

like so

<tr>
    <td><a id="help_for_otp_code" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext('OTP QR code') ?></td>
     <td>
        <label class="btn btn-primary" id="otp_unhide"><?= gettext('Click to unhide') ?></label>
        <div style="display:none;" id="otp_qrcode">
           <td rowspan="3"><a id="help_for_otp_seed" href="#" class="showhelp" style="display;none;"><i class="fa fa-info-circle"></i></a> <?= gettext('OTP seed') ?></td>
            <td>
               <input id="otp_seed" name="otp_seed" value="<?=$pconfig['otp_seed'];?>"/>
               <small ><?= gettext('Generate new secret (160 bit)') ?></small>
                  <div class="hidden" data-for="help_for_otp_seed"><?=gettext("OTP (base32) seed to use when a one time password authenticator is used");?><br/></div>
            </td>
         </div>
         <script>
                $('#otp_qrcode').qrcode('<?= $otp_url ?>');
          </script>
          <div class="hidden" data-for="help_for_otp_code">
                    <?= gettext('Scan this QR code for easy setup with external apps.') ?>
           </div>
   </td>
</tr>

but i guess when $('#otp_qrcode').qrcode() creates the QR code image and inserts a canvas into the same otp_qrcode div all of the OTP seed nodes get moved outside the div.

There is another problem. When a new user is created the OTP field is gone entirely from the form and can no longer be generated. The only way I see around this is to allow generating an OTP seed at user creation, but then the field would only appear IFF the user has an OTP seed at creation.

fichtner · 2024-10-04T06:20:49Z

I’ll take a look on Monday. Thanks for looking into it.

hide otp

5db7f75

cpalv commented Oct 1, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

hide otp #7926

hide otp #7926

cpalv commented Oct 1, 2024

fichtner commented Oct 1, 2024

cpalv Oct 1, 2024

fichtner Oct 1, 2024

cpalv commented Oct 4, 2024

fichtner commented Oct 4, 2024

		@@ -434,6 +434,19 @@ function get_user_privdesc(& $user)
		$('#otp_qrcode').show();

hide otp #7926

Are you sure you want to change the base?

hide otp #7926

Conversation

cpalv commented Oct 1, 2024

fichtner commented Oct 1, 2024

cpalv Oct 1, 2024

Choose a reason for hiding this comment

fichtner Oct 1, 2024

Choose a reason for hiding this comment

cpalv commented Oct 4, 2024

fichtner commented Oct 4, 2024