objective categorical abstract machine language personal data server
Always use did for 2FA provisioning URIs
+4
-4
+1
-1
pegasus/lib/api/account_/security/totp.ml
+1
-1
pegasus/lib/api/account_/security/totp.ml
···
24
24
let secret = Totp.generate_secret () in
25
25
let issuer = "Pegasus PDS (" ^ Env.hostname ^ ")" in
26
26
let uri =
27
-
Totp.make_provisioning_uri ~secret ~email:actor.email ~issuer
27
+
Totp.make_provisioning_uri ~secret ~did:actor.did ~issuer
28
28
in
29
29
let secret_b32 =
30
30
Multibase.Base32.encode_exn ~pad:false (Bytes.to_string secret)
+3
-3
pegasus/lib/totp.ml
+3
-3
pegasus/lib/totp.ml
···
189
189
let () = Mirage_crypto_rng_unix.use_default () in
190
190
Bytes.of_string (Mirage_crypto_rng_unix.getrandom secret_length)
191
191
192
-
let make_provisioning_uri ~secret ~email ~issuer =
192
+
let make_provisioning_uri ~secret ~did ~issuer =
193
193
let secret_b32 =
194
194
Multibase.Base32.encode_exn ~pad:false (Bytes.to_string secret)
195
195
in
196
-
let encoded_email = Uri.pct_encode email in
196
+
let encoded_did = Uri.pct_encode did in
197
197
let encoded_issuer = Uri.pct_encode issuer in
198
198
Printf.sprintf
199
199
"otpauth://totp/%s:%s?secret=%s&issuer=%s&algorithm=SHA1&digits=%d&period=%d"
200
-
encoded_issuer encoded_email secret_b32 encoded_issuer code_digits time_step
200
+
encoded_issuer encoded_did secret_b32 encoded_issuer code_digits time_step
201
201
202
202
let hotp ~(secret : bytes) ~(counter : int64) : string =
203
203
(* convert counter to 8-byte big-endian *)