From 0234f793f29a90572d2288b7b22b75cd5ab83648 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Thu, 3 Nov 2016 10:41:11 -0400
Subject: EE: PLT-4512 Show secret in addition to QR code when activating MFA
 (#4427)

* EE: Update MFA to display secret for manual entry

* Width adjustments for secret (#4423)

* Add unit test
---
 api/user.go      | 15 +++++++++------
 api/user_test.go |  6 +++---
 2 files changed, 12 insertions(+), 9 deletions(-)

(limited to 'api')

diff --git a/api/user.go b/api/user.go
index 2c00dd4c8..787039355 100644
--- a/api/user.go
+++ b/api/user.go
@@ -64,7 +64,7 @@ func InitUser() {
 	BaseRoutes.NeedChannel.Handle("/users/autocomplete", ApiUserRequired(autocompleteUsersInChannel)).Methods("GET")
 
 	BaseRoutes.Users.Handle("/mfa", ApiAppHandler(checkMfa)).Methods("POST")
-	BaseRoutes.Users.Handle("/generate_mfa_qr", ApiUserRequiredTrustRequester(generateMfaQrCode)).Methods("GET")
+	BaseRoutes.Users.Handle("/generate_mfa_secret", ApiUserRequiredTrustRequester(generateMfaSecret)).Methods("GET")
 	BaseRoutes.Users.Handle("/update_mfa", ApiUserRequired(updateMfa)).Methods("POST")
 
 	BaseRoutes.Users.Handle("/claim/email_to_oauth", ApiAppHandler(emailToOAuth)).Methods("POST")
@@ -2306,7 +2306,7 @@ func resendVerification(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func generateMfaQrCode(c *Context, w http.ResponseWriter, r *http.Request) {
+func generateMfaSecret(c *Context, w http.ResponseWriter, r *http.Request) {
 	uchan := Srv.Store.User().Get(c.Session.UserId)
 
 	var user *model.User
@@ -2319,22 +2319,25 @@ func generateMfaQrCode(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	mfaInterface := einterfaces.GetMfaInterface()
 	if mfaInterface == nil {
-		c.Err = model.NewLocAppError("generateMfaQrCode", "api.user.generate_mfa_qr.not_available.app_error", nil, "")
+		c.Err = model.NewLocAppError("generateMfaSecret", "api.user.generate_mfa_qr.not_available.app_error", nil, "")
 		c.Err.StatusCode = http.StatusNotImplemented
 		return
 	}
 
-	img, err := mfaInterface.GenerateQrCode(user)
+	secret, img, err := mfaInterface.GenerateSecret(user)
 	if err != nil {
 		c.Err = err
 		return
 	}
 
-	w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
+	resp := map[string]string{}
+	resp["qr_code"] = b64.StdEncoding.EncodeToString(img)
+	resp["secret"] = secret
+
 	w.Header().Set("Cache-Control", "no-cache")
 	w.Header().Set("Pragma", "no-cache")
 	w.Header().Set("Expires", "0")
-	w.Write(img)
+	w.Write([]byte(model.MapToJson(resp)))
 }
 
 func updateMfa(c *Context, w http.ResponseWriter, r *http.Request) {
diff --git a/api/user_test.go b/api/user_test.go
index 75e246ab3..5f7cc375d 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -1687,7 +1687,7 @@ func TestMeInitialLoad(t *testing.T) {
 
 }
 
-func TestGenerateMfaQrCode(t *testing.T) {
+func TestGenerateMfaSecret(t *testing.T) {
 	th := Setup()
 	Client := th.CreateClient()
 
@@ -1701,13 +1701,13 @@ func TestGenerateMfaQrCode(t *testing.T) {
 
 	Client.Logout()
 
-	if _, err := Client.GenerateMfaQrCode(); err == nil {
+	if _, err := Client.GenerateMfaSecret(); err == nil {
 		t.Fatal("should have failed - not logged in")
 	}
 
 	Client.Login(user.Email, user.Password)
 
-	if _, err := Client.GenerateMfaQrCode(); err == nil {
+	if _, err := Client.GenerateMfaSecret(); err == nil {
 		t.Fatal("should have failed - not licensed")
 	}
 
-- 
cgit v1.2.3-1-g7c22