Merge pull request #2858 from thomasdarimont/issue/KEYCLOAK-3021-add-realm-display-name-to-otpauth-uri-label

KEYCLOAK-3021: Add Realm Display Name to the label part of the otpauth URI
2016-05-25 07:29:14 +02:00 · 2016-05-25 07:29:14 +02:00 · d85f9cb4e2
commit d85f9cb4e2
parent 9edec8e4a6 4bc64350b2
1 changed files with 26 additions and 9 deletions
--- a/server-spi/src/main/java/org/keycloak/models/OTPPolicy.java
+++ b/server-spi/src/main/java/org/keycloak/models/OTPPolicy.java
@ -112,24 +112,41 @@ public class OTPPolicy implements Serializable {
        this.period = period;
    }

+    /**
+     * Constructs the <code>otpauth://</code> URI based on the <a href="https://github.com/google/google-authenticator/wiki/Key-Uri-Format">Key-Uri-Format</a>.
+     * @param realm
+     * @param user
+     * @param secret
+     * @return the <code>otpauth://</code> URI
+     */
    public String getKeyURI(RealmModel realm, UserModel user, String secret) {
+
        try {
+
            String displayName = realm.getDisplayName() != null && !realm.getDisplayName().isEmpty() ? realm.getDisplayName() : realm.getName();
-            String uri;

-            uri = "otpauth://" + type + "/" + URLEncoder.encode(user.getUsername(), "UTF-8") + "?secret=" +
-                    Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
+            String accountName = URLEncoder.encode(user.getUsername(), "UTF-8");
+            String issuerName = URLEncoder.encode(displayName, "UTF-8") .replaceAll("\\+", "%20");

-            uri += "&issuer=" + URLEncoder.encode(displayName, "UTF-8");
+            /*
+             * The issuerName component in the label is usually shown in a authenticator app, such as
+             * Google Authenticator or FreeOTP, as a hint for the user to which system an username
+             * belongs to.
+             */
+            String label = issuerName + ":" + accountName;
+
+            String parameters = "secret=" + Base32.encode(secret.getBytes()) //
+                                + "&digits=" + digits //
+                                + "&algorithm=" + algToKeyUriAlg.get(algorithm) //
+                                + "&issuer=" + issuerName;

            if (type.equals(UserCredentialModel.HOTP)) {
-                uri += "&counter=" + initialCounter;
-            }
-            if (type.equals(UserCredentialModel.TOTP)) {
-                uri += "&period=" + period;
+                parameters += "&counter=" + initialCounter;
+            } else if (type.equals(UserCredentialModel.TOTP)) {
+                parameters += "&period=" + period;
            }

-            return uri;
+            return "otpauth://" + type + "/" + label+ "?" + parameters;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }