Split out the opt-auth URL generation. Thanks to jball.

j256 · Apr 13, 2017 · c01bcbd · c01bcbd
1 parent bc1a61c
commit c01bcbd
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 7 deletions.
diff --git a/src/main/java/com/j256/twofactorauth/TimeBasedOneTimePasswordUtil.java b/src/main/java/com/j256/twofactorauth/TimeBasedOneTimePasswordUtil.java
@@ -230,10 +230,6 @@ public static long generateNumber(String base32Secret, long timeMillis, int time
 	 * Return the QR image url thanks to Google. This can be shown to the user and scanned by the authenticator program
 	 * as an easy way to enter the secret.
 	 * 
-	 * <p>
-	 * NOTE: the returned URL should be escaped if it is to be put into a href on a web-page.
-	 * </p>
-	 * 
 	 * @param keyId
 	 *            Name of the key that you want to show up in the users authentication application. Should already be
 	 *            URL encoded.
@@ -242,12 +238,31 @@ public static long generateNumber(String base32Secret, long timeMillis, int time
 	 */
 	public static String qrImageUrl(String keyId, String secret) {
 		StringBuilder sb = new StringBuilder(128);
-		sb.append("https://chart.googleapis.com/chart");
-		sb.append("?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=");
-		sb.append("otpauth://totp/").append(keyId).append("%3Fsecret%3D").append(secret);
+		sb.append("https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=");
+		addOtpAuthPart(keyId, secret, sb);
 		return sb.toString();
 	}
 
+	/**
+	 * Return the otp-auth part of the QR image which is suitable to be injected into other QR generators (e.g. JS
+	 * generator).
+	 *
+	 * @param keyId
+	 *            Name of the key that you want to show up in the users authentication application. Should already be
+	 *            URL encoded.
+	 * @param secret
+	 *            Secret string that will be used when generating the current number.
+	 */
+	public static String generateOtpAuthUrl(String keyId, String secret) {
+		StringBuilder sb = new StringBuilder(64);
+		addOtpAuthPart(keyId, secret, sb);
+		return sb.toString();
+	}
+
+	private static void addOtpAuthPart(String keyId, String secret, StringBuilder sb) {
+		sb.append("otpauth://totp/").append(keyId).append("%3Fsecret%3D").append(secret);
+	}
+
 	/**
 	 * Return the string prepended with 0s. Tested as 10x faster than String.format("%06d", ...); Exposed for testing.
 	 */

diff --git a/src/main/javadoc/doc-files/changelog.txt b/src/main/javadoc/doc-files/changelog.txt
@@ -1,3 +1,6 @@
+1.1: 4/13/2017
+	* Split out the opt-auth URL generation.  Thanks to jball.
+
 1.0: 4/7/2017
 	* Added different sized base-32 secret string generation.  Thanks to WilliamDunne.
 	* Added validation methods with a specified window.  Thanks to WilliamDunne.