diff --git a/Gemfile b/Gemfile index 0e7486bcfe5..19bd41d0975 100644 --- a/Gemfile +++ b/Gemfile @@ -223,8 +223,7 @@ gem 'logster' gem 'sassc', '2.0.1', require: false gem "sassc-rails" -# see: https://github.com/mdp/rotp/issues/98 -gem 'rotp', '5.1.0' , require: false +gem 'rotp', require: false gem 'rqrcode' diff --git a/Gemfile.lock b/Gemfile.lock index c6c5644aa56..98dbec78ca5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -315,8 +315,7 @@ GEM rack (>= 1.4) rexml (3.2.4) rinku (2.0.6) - rotp (5.1.0) - addressable (~> 2.5) + rotp (6.1.0) rqrcode (1.1.2) chunky_png (~> 1.0) rqrcode_core (~> 0.1) @@ -534,7 +533,7 @@ DEPENDENCIES redis redis-namespace rinku - rotp (= 5.1.0) + rotp rqrcode rspec rspec-html-matchers diff --git a/spec/components/concern/second_factor_manager_spec.rb b/spec/components/concern/second_factor_manager_spec.rb index e19d75e02f1..0be7d5b9d41 100644 --- a/spec/components/concern/second_factor_manager_spec.rb +++ b/spec/components/concern/second_factor_manager_spec.rb @@ -44,19 +44,19 @@ RSpec.describe SecondFactorManager do describe '#totp_provisioning_uri' do it 'should return the right uri' do expect(user.user_second_factors.totps.first.totp_provisioning_uri).to eq( - "otpauth://totp/#{SiteSetting.title}:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=#{SiteSetting.title}" + "otpauth://totp/#{SiteSetting.title}:#{ERB::Util.url_encode(user.email)}?secret=#{user_second_factor_totp.data}&issuer=#{SiteSetting.title}" ) end it 'should handle a colon in the site title' do SiteSetting.title = 'Spaceballs: The Discourse' expect(user.user_second_factors.totps.first.totp_provisioning_uri).to eq( - "otpauth://totp/Spaceballs%20The%20Discourse:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=Spaceballs+The+Discourse" + "otpauth://totp/Spaceballs%20The%20Discourse:#{ERB::Util.url_encode(user.email)}?secret=#{user_second_factor_totp.data}&issuer=Spaceballs%20The%20Discourse" ) end it 'should handle a two words before a colon in the title' do SiteSetting.title = 'Our Spaceballs: The Discourse' expect(user.user_second_factors.totps.first.totp_provisioning_uri).to eq( - "otpauth://totp/Our%20Spaceballs%20The%20Discourse:#{user.email}?secret=#{user_second_factor_totp.data}&issuer=Our+Spaceballs+The+Discourse" + "otpauth://totp/Our%20Spaceballs%20The%20Discourse:#{ERB::Util.url_encode(user.email)}?secret=#{user_second_factor_totp.data}&issuer=Our%20Spaceballs%20The%20Discourse" ) end end