From 55f224e4e785d0e1515ac4a840e689cb6d9c7d24 Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@gitlab.com>
Date: Mon, 17 Oct 2016 09:39:14 -0500
Subject: [PATCH] Add GitLab host to 2FA QR and manual info

The two factor authentication account string only had the user's
email address. This led to ambiguous entries in two factor
code generating apps. This adds the GitLab host to the account
string in the standard format (according to Google). No matter
the code generator this change disambiguates the entry.
---
 app/controllers/profiles/two_factor_auths_controller.rb | 8 ++++++--
 app/views/profiles/two_factor_auths/show.html.haml      | 2 +-
 changelogs/unreleased/add_info_to_qr.yml                | 4 ++++
 3 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 changelogs/unreleased/add_info_to_qr.yml

diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 9eb75bb38918..18044ca78e20 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -22,6 +22,7 @@ def show
     end
 
     @qr_code = build_qr_code
+    @account_string = account_string
     setup_u2f_registration
   end
 
@@ -78,11 +79,14 @@ def skip
   private
 
   def build_qr_code
-    issuer = "#{issuer_host} | #{current_user.email}"
-    uri = current_user.otp_provisioning_uri(current_user.email, issuer: issuer)
+    uri = current_user.otp_provisioning_uri(account_string, issuer: issuer_host)
     RQRCode::render_qrcode(uri, :svg, level: :m, unit: 3)
   end
 
+  def account_string
+    "#{issuer_host}:#{current_user.email}"
+  end
+
   def issuer_host
     Gitlab.config.gitlab.host
   end
diff --git a/app/views/profiles/two_factor_auths/show.html.haml b/app/views/profiles/two_factor_auths/show.html.haml
index 03ac739ade51..558a1d561514 100644
--- a/app/views/profiles/two_factor_auths/show.html.haml
+++ b/app/views/profiles/two_factor_auths/show.html.haml
@@ -30,7 +30,7 @@
               To add the entry manually, provide the following details to the application on your phone.
             %p.prepend-top-0.append-bottom-0
               Account:
-              = current_user.email
+              = @account_string
             %p.prepend-top-0.append-bottom-0
               Key:
               = current_user.otp_secret.scan(/.{4}/).join(' ')
diff --git a/changelogs/unreleased/add_info_to_qr.yml b/changelogs/unreleased/add_info_to_qr.yml
new file mode 100644
index 000000000000..a4b0354a9c95
--- /dev/null
+++ b/changelogs/unreleased/add_info_to_qr.yml
@@ -0,0 +1,4 @@
+---
+title: Add GitLab host to 2FA QR code and manual info
+merge_request: 6941
+author: 
-- 
GitLab