diff --git a/data/web/inc/ajax/qr_gen.php b/data/web/inc/ajax/qr_gen.php new file mode 100644 index 000000000..1c543ebe8 --- /dev/null +++ b/data/web/inc/ajax/qr_gen.php @@ -0,0 +1,13 @@ +getQRCodeImageAsDataUri($_SESSION['mailcow_cc_username'], $totp_secret); +} + +?> diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php index 365cf7da6..b8229e26c 100644 --- a/data/web/inc/footer.inc.php +++ b/data/web/inc/footer.inc.php @@ -93,6 +93,15 @@ $(document).ready(function() { } if ($(this).val() == "totp") { $('#TOTPModal').modal('show'); + request_token = $('#tfa-qr-img').data('totp-secret'); + $.ajax({ + url: '/inc/ajax/qr_gen.php', + data: { + token: request_token, + }, + }).done(function (result) { + $("#tfa-qr-img").attr("src", result); + }); $("option:selected").prop("selected", false); } if ($(this).val() == "u2f") { diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php index 66db8662e..7c6518030 100644 --- a/data/web/inc/prerequisites.inc.php +++ b/data/web/inc/prerequisites.inc.php @@ -36,7 +36,8 @@ foreach ($css_dir as $css_file) { // U2F API + T/HOTP API $u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']); -$tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL); +$qrprovider = new RobThree\Auth\Providers\Qr\QRServerProvider(); +$tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL, 6, 30, 'sha1', $qrprovider); // Redis $redis = new Redis(); diff --git a/data/web/modals/footer.php b/data/web/modals/footer.php index b5e49b155..b7ebaf087 100644 --- a/data/web/modals/footer.php +++ b/data/web/modals/footer.php @@ -81,7 +81,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
=$lang['tfa']['scan_qr_code'];?>
- +=$lang['tfa']['enter_qr_code'];?>:
=$totp_secret;?>