two-factor icon indicating copy to clipboard operation
two-factor copied to clipboard
verified publisher icon WordPress

TOTP: Verification Should Remove Spaces

Open alexclst opened this issue 6 years ago • 3 comments

When you are entering the TOTP code when verifying setup on the User Profile verification fails if there is a space anywhere in the entered text. This can happen if someone copies the code out of an app (say, Authy) where what is copied has a space between the two sets of 3 numbers of the TOTP code. The string that is entered should be stripped of all spaces before verifying it to avoid ending up with an invalid verification, when indeed the numbers were all accurate.

alexclst avatar Jan 09 '20 22:01 alexclst

This is a great suggestion and usability improvement, thank you @alexclst!

kasparsd avatar Jan 10 '20 09:01 kasparsd

Reopening since this has been overwritten in one of the recent commits.

kasparsd avatar May 07 '20 18:05 kasparsd

We probably need to add trim() around the input:

https://github.com/WordPress/two-factor/blob/736473edf5ff6d2fed18ba2406c772f30950343c/providers/class-two-factor-totp.php#L294

kasparsd avatar Aug 28 '20 07:08 kasparsd