Updated CFC to use Apache Commons #4

andyj · 2016-11-08T00:26:23Z

Hi

I've update the code base to now use the Apache Commons Codec and removed the needs to have a separate .JS file to create the QR code

…odec to implement Base32 encoding/decoding. Also Added new function getOTPQRURL() which return the a QR code URL you can put straight in to an image tag

displague · 2016-11-28T20:33:34Z

authenticator/GoogleAuthenticator.cfc

@@ -72,6 +72,11 @@ component output="false" {
        return 'otpauth://totp/#arguments.email#?secret=#arguments.key#';
    }

+    public string function getOTPQRURL(required string OTPURL){
+      local.qrURL = "https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=";


It seems like a bad idea to send your secret tokens to Google. They seem nice but I assume this grants thousands of Google employees the ability to grep your referral domain from their logs and get a very small list of possible secrets for any TOTP enabled account on your domain.

Andy Jarrett added 5 commits November 8, 2016 00:22

I've removed the native CF solution in favour of the Apache Commons C…

95f347e

…odec to implement Base32 encoding/decoding. Also Added new function getOTPQRURL() which return the a QR code URL you can put straight in to an image tag

spelling mistake

dc015c1

Readme updates

adde4fc

README fixes

83349b5

last update to the file ... I promise

dc3863c

displague reviewed Nov 28, 2016

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Updated CFC to use Apache Commons #4

Updated CFC to use Apache Commons #4

andyj commented Nov 8, 2016

displague Nov 28, 2016 •

edited

Loading

Updated CFC to use Apache Commons #4

Are you sure you want to change the base?

Updated CFC to use Apache Commons #4

Conversation

andyj commented Nov 8, 2016

displague Nov 28, 2016 • edited Loading

Choose a reason for hiding this comment

displague Nov 28, 2016 •

edited

Loading