10 use GD::Barcode::QRcode;
13 my %config = &Util::ReadConfigFile;
17 my $random_id = $query->param('id');
18 $random_id =~ /^((\d+)-([a-f0-9]+))$/;
22 if ($timestamp + 1800 < time()) {
23 &Util::HTMLError("Timestamp too old, please request a new seed");
26 my $filename = $config{totpticketdirectory} . "/" . $random_id;
27 open(my $fh, "<", $filename) or &Util::HTMLError("TOTP seed file not found or permission denied: $! ; $filename");
30 my $accountname = <$fh>;
32 my $seed = encode_base32(pack('H*', $hex_seed));
36 my $totpurl = "otpauth://totp/Debian:$accountname?secret=$seed&issuer=Debian";
37 my $totppng = "data:image/png;base64, " .
38 encode_base64(GD::Barcode::QRcode->new($totpurl,
39 { ModuleSize => 10 })->plot->png);
41 &Util::HTMLSendHeader;
42 open (F, "<", "fetch-totp-seed.html") || &Util::HTMLError($!);
44 s/~totppng~/$totppng/g;
50 # fill out HTML template with QR code (inline svg/png?)
51 # self-link with png link to avoid changing content-security-policy (change it back)