Merge pull request #21 from hphoeksma/main

Feature: allow setting the Issuer name for OTP
sandstorm · Nov 17, 2023 · 152f5c4 · 152f5c4
2 parents df95d71 + 2fed5bb
commit 152f5c4
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 6 deletions.
diff --git a/Classes/Service/TOTPService.php b/Classes/Service/TOTPService.php
@@ -24,6 +24,12 @@ class TOTPService
      */
     protected $siteRepository;
 
+    /**
+     * @Flow\InjectConfiguration(path="issuerName")
+     * @var string | null
+     */
+    protected $issuerName;
+
     public static function generateNewTotp(): TOTP
     {
         return TOTP::create();
@@ -38,14 +44,14 @@ public static function checkIfOtpIsValid(string $secret, string $submittedOtp):
     public function generateQRCodeForTokenAndAccount(TOTP $otp, Account $account): string
     {
         $secret = $otp->getSecret();
-
         $currentDomain = $this->domainRepository->findOneByActiveRequest();
         $currentSite = $currentDomain !== null ? $currentDomain->getSite() : $this->siteRepository->findDefault();
         $currentSiteName = $currentSite->getName();
         $urlEncodedSiteName = urlencode($currentSiteName);
-
         $userIdentifier = $account->getAccountIdentifier();
-        $oauthData = "otpauth://totp/$userIdentifier?secret=$secret&period=30&issuer=$urlEncodedSiteName";
+        // If the issuerName is set in the configuration, use that. Else fall back to the default.
+        $issuer = !empty($this->issuerName) ? urlencode($this->issuerName) : $urlEncodedSiteName;
+        $oauthData = "otpauth://totp/$userIdentifier?secret=$secret&period=30&issuer=$issuer";
         $qrCode = (new QRCode(new QROptions([
             'outputType' => QRCode::OUTPUT_MARKUP_SVG
         ])))->render($oauthData);

diff --git a/Configuration/Settings.yaml b/Configuration/Settings.yaml
@@ -39,6 +39,8 @@ Neos:
                   controllerObjectNamePattern: 'Sandstorm\NeosTwoFactorAuthentication\Controller\(LoginController|BackendController)'
 
 Sandstorm:
-    NeosTwoFactorAuthentication:
-        # enforce 2FA for all users
-        enforceTwoFactorAuthentication: false
+  NeosTwoFactorAuthentication:
+    # enforce 2FA for all users
+    enforceTwoFactorAuthentication: false
+    # (optional) if set this will be used as a naming convention for the TOTP. If empty the Site name will be used
+    issuerName: ''
diff --git a/README.md b/README.md
@@ -24,6 +24,14 @@ Sandstorm:
 ```
 With this setting, no user can login into the CMS without setting up a second factor first.
 
+### Issuer Naming
+To override the default sitename as issuer label, you can define one via the configuration settings:
+```yml
+Sandstorm:
+    NeosTwoFactorAuthentication:
+        # (optional) if set this will be used as a naming convention for the TOTP. If empty the Site name will be used
+        issuerName: ''
+```
 
 ## Tested 2FA apps