Generate qrcode image by ourselves

andk · Apr 28, 2024 · c2472f1 · c2472f1
1 parent abb0141
commit c2472f1
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm b/lib/pause_2017/PAUSE/Web/Controller/User/Mfa.pm
@@ -5,6 +5,8 @@ use Auth::GoogleAuth;
 use PAUSE::Crypt;
 use Crypt::URandom qw(urandom);
 use Convert::Base32 qw(encode_base32);
+use Imager::QRCode qw(plot_qrcode);
+use URI;
 
 sub edit {
   my $c = shift;
@@ -14,7 +16,7 @@ sub edit {
   my $u = $c->active_user_record;
 
   my $auth = $c->app->pause->authenticator_for($u);
-  $pause->{mfa_qrcode} = $auth->qr_code;
+  $pause->{mfa_qrcode} = _generate_qrcode($auth);
   if (!$u->{mfa_secret32}) {
     my $dbh = $mgr->authen_connect;
     my $tbl = $PAUSE::Config->{AUTHEN_USER_TABLE};
@@ -80,4 +82,16 @@ sub _generate_recovery_codes {
     @codes;
 }
 
+# using $auth->qr_code directly is handy but insecure
+sub _generate_qrcode {
+    my $auth = shift;
+    my $otpauth = $auth->qr_code(undef, undef, undef, 1);
+    my $img = plot_qrcode($otpauth, { casesensitive => 1 });
+    $img->write(data => \my $qr_png, type => 'png') or die "Failed to write image: " . $img->errstr;
+    my $data = URI->new("data:");
+    $data->data($qr_png);
+    $data->media_type('image/png');
+    $data;
+}
+
 1;