Allow to not set a totp label upon creation of TOTPInterface

[pkly]

Description

Hello, I've implemented this in our application and it works fine (albeit it is extremely glued to the idea of being a symfony firewall listener, which is not 100% what I was going for), but after creating TOTP provisioning uris and limited testing I noticed some of our employees pointing out the added labels.

It would be nice if we could disable it on the bundle level (just needs a small option in config + TotpFactory change), I'll remove it on our end via a composer patch.

Basically it looks like this when used in Google Authenticator:

App: {identifier, random text}@App

So yeah, not ideal. It wasn't really clear what exactly the TotpAuthenticationUsername is used for anyway. Seems like it's literally just for the label, which is not ideal. Should maybe be renamed to getTotpLabel and allowed to return null to disable, if that's the case?

edit: It appears that without the label TOTP provisioning fails. Still, weird. It seems like it should not be needed if there's an issuer, as that is already a label.

[scheb]

So what's the suggestion? You say you don't want a label but without the label, the initialization fails. I don't know what to change here. If the 2fa app requires a label, when you should provide one.

The server (the part behind the @) is optional, in case that bothers you.

The username is required because you'd want to distinguish different 2fa items from the same site in your app. In the end it's just a label, so you can provide whatever you want to distinguish the account.

[pkly]

I already modified the library you use in this bundle to allow it and it seems to work perfectly fine.
The thing is a lot of services don't return a more specific label, as it's not required. Pretty much everything will return an issuer, sure. But it's unlikely a user will have multiple accounts in an application.

The configuration alone already provides a label (Issuer)

So it's just "App" instead of "App: AAAAAAAAAAAAAAAAAAAAA@App", that's what our limited test seems to indicate, as another application lists itself simply as the Issuer name.

Spomky-Labs/otphp#240

With this change and simply commenting out the 2 lines in TotpFactory I'm able to reach the result I wanted, which is simply to specify the issuer name when generating a URI.

Granted, on the bundle side such a change would require a version check on the library to make sure it won't crash.

[scheb]

Out of curiousity: Did you try to set server null and return an empty string as the username? 🤔

I'll wait what Spomky has to say on this matter, otherwise it doesn't make sense to proceed.

[pkly]

I did not, no. I got kinda stuck on the idea of doing it "correctly" (via issuer) I didn't really consider it. I think you could return the issuer as username and that'd achieve the same effect, while keeping issuer as null. It seems You could return an empty string for the label, but it must be set. As this bundle sets the label to the username in the factory that's still something that has to be changed in this bundle.

But you can see how that might be confusing. And sure, that's okay.