[GH-ISSUE #598] Hiding the one-time pass code using style approach in Signal #122

New issue

Open

opened 2026-02-26 05:33:23 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 05:33:23 +03:00

Owner

Originally created by @oleua on GitHub (Nov 18, 2023).
Original GitHub issue: https://github.com/nextcloud/twofactor_gateway/issues/598

Hi! With the recent update in the bbernhard's Signal CLI REST API, dev branch it is possible to use styles:

**bold**
*italic*
`monospaced`
~stricken-through~ 
||this is a spoiler||

My suggestion is to hide the one-time passcode from unintended eyes by hiding it under the cut, so it will look like this:

A user will click on blurred rectangle and see it.

For that I've made a small workaround to the code:
lib/Provider/AProvider.php:

108 + $secret = '||'.$secret.'||'

and

lib/Service/Gateway/Signal/Gateway.php:

80                     $response = $client->post(
81                             $this->config->getUrl() . '/v2/send',
82                             [
83                                     'json' => [
84 +                                           'text_mode' => 'styled',
85                                             'message' => $message,
86                                             'number' => $registered_acct,
87                                             'recipients' => $recipient_acct
88                                              ],
89
90                             ]
91                     );

I understand that this is a workaround, and there should be a nicer solution, eg

to detach $secret from the whole var $message
to rewrite the Signal provider Gateway.php: apply styling to $secret and concatenate with the rest in $message.

Originally created by @oleua on GitHub (Nov 18, 2023). Original GitHub issue: https://github.com/nextcloud/twofactor_gateway/issues/598 Hi! With the recent update in the [bbernhard's Signal CLI REST API, dev branch](https://github.com/bbernhard/signal-cli-rest-api/issues/382) it is possible to use styles: ``` **bold** *italic* `monospaced` ~stricken-through~ ||this is a spoiler|| ``` My suggestion is to hide the one-time passcode from unintended eyes by hiding it under the cut, so it will look like this: ![image](https://github.com/nextcloud/twofactor_gateway/assets/5199030/4befa79d-312f-4fc5-93ed-ab24e2453e4a) A user will click on blurred rectangle and see it. For that I've made a small workaround to the code: `lib/Provider/AProvider.php`: ``` 108 + $secret = '||'.$secret.'||' ``` and `lib/Service/Gateway/Signal/Gateway.php`: ``` 80 $response = $client->post( 81 $this->config->getUrl() . '/v2/send', 82 [ 83 'json' => [ 84 + 'text_mode' => 'styled', 85 'message' => $message, 86 'number' => $registered_acct, 87 'recipients' => $recipient_acct 88 ], 89 90 ] 91 ); ``` I understand that this is a workaround, and there should be a nicer solution, eg 1. to detach $secret from the whole var $message 2. to rewrite the Signal provider Gateway.php: apply styling to $secret and concatenate with the rest in $message.

kerem referenced this issue

2026-02-26 05:34:01 +03:00

[PR #122] [MERGED] added clockworksms as provider #223

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/twofactor_gateway-nextcloud#122

No description provided.

Rows
Columns