fix: otp url generator

better-auth · Dec 23, 2024 · 8859a0a · 8859a0a
1 parent 2aaf483
commit 8859a0a
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 37 deletions.
diff --git a/src/base32.ts b/src/base32.ts
@@ -161,33 +161,3 @@ export const base32hex = {
 		return base32Decode(data, alphabet);
 	},
 };
-
-/** @deprecated Use `base32.encode()` instead */
-export function encodeBase32(
-	data: ArrayBuffer | TypedArray,
-	options?: { padding?: boolean },
-): string {
-	return base32.encode(data, {
-		padding: options?.padding ?? true,
-	});
-}
-
-/** @deprecated Use `base32.decode()` instead */
-export function decodeBase32(data: string): Uint8Array {
-	return base32.decode(data);
-}
-
-/** @deprecated Use `base32hex.encode()` instead */
-export function encodeBase32hex(
-	data: ArrayBuffer | TypedArray,
-	options?: { padding?: boolean },
-): string {
-	return base32hex.encode(data, {
-		padding: options?.padding ?? true,
-	});
-}
-
-/** @deprecated Use `base32hex.decode()` instead */
-export function decodeBase32hex(data: string): Uint8Array {
-	return base32hex.decode(data);
-}
diff --git a/src/otp.test.ts b/src/otp.test.ts
@@ -87,4 +87,13 @@ describe("HOTP and TOTP Generation Tests", () => {
 		const isValid = await createOTP(secret).verify(totp, { window: -1 });
 		expect(isValid).toBe(false);
 	});
+
+	it("should generate a valid QR code URL", () => {
+		const secret = "1234567890";
+		const issuer = "my-site.com";
+		const account = "account";
+		const url = createOTP(secret).url(issuer, account);
+		expect(url).toBeTypeOf("string");
+		expect(url).toContain("otpauth://totp");
+	});
 });
diff --git a/src/otp.ts b/src/otp.ts
@@ -94,13 +94,23 @@ function generateQRCode({
 	digits?: number;
 	period?: number;
 }) {
-	const url = new URL("otpauth://totp");
-	url.searchParams.set("secret", secret);
-	url.searchParams.set("issuer", issuer);
-	url.searchParams.set("account", account);
-	url.searchParams.set("digits", digits.toString());
-	url.searchParams.set("period", period.toString());
-	return url.toString();
+	const encodedIssuer = encodeURIComponent(issuer);
+	const encodedAccountName = encodeURIComponent(account);
+	const baseURI = `otpauth://totp/${encodedIssuer}:${encodedAccountName}`;
+	const params = new URLSearchParams({
+		secret: base32.encode(secret, {
+			padding: false,
+		}),
+		issuer,
+	});
+
+	if (digits !== undefined) {
+		params.set("digits", digits.toString());
+	}
+	if (period !== undefined) {
+		params.set("period", period.toString());
+	}
+	return `${baseURI}?${params.toString()}`;
 }
 
 export const createOTP = (