starred/twofactor_gateway-nextcloud

Fork 0

mirror of https://github.com/nextcloud/twofactor_gateway.git synced 2026-04-25 00:55:52 +03:00

[GH-ISSUE #861] Hide the secret code sent in messages (paranoid mode) #136

New issue

Open

opened 2026-02-26 05:33:30 +03:00 by kerem · 4 comments

kerem commented

2026-02-26 05:33:30 +03:00

Owner

Originally created by @oleua on GitHub (Jan 28, 2026).
Original GitHub issue: https://github.com/nextcloud/twofactor_gateway/issues/861

Hi! I am a bit worried about displaying one-time codes in messages of my messengers, so I decided to find out how to hide it.

As I use only Signal as 2FA, I have modified manually /apps/twofactor_gateway/lib/Provider/AProvider.php
by adding:

85 $secret = '||'.$secret.'||';

Next time when I receive a code via Signal I will find it hidden like

In order to view it I have to click it and will see the numbers.

Originally created by @oleua on GitHub (Jan 28, 2026). Original GitHub issue: https://github.com/nextcloud/twofactor_gateway/issues/861 Hi! I am a bit worried about displaying one-time codes in messages of my messengers, so I decided to find out how to hide it. As I use only Signal as 2FA, I have modified manually `/apps/twofactor_gateway/lib/Provider/AProvider.php` by adding: 85 `$secret = '||'.$secret.'||';` Next time when I receive a code via Signal I will find it hidden like <img width="352" height="84" alt="Image" src="https://github.com/user-attachments/assets/86d583ef-8c19-4d28-a0b2-95d027bc10fb" /> In order to view it I have to click it and will see the numbers.

kerem added the

enhancement

label

2026-02-26 05:33:30 +03:00

kerem commented

2026-02-26 05:33:30 +03:00

Author

Owner

@vitormattos commented on GitHub (Feb 5, 2026):

Are you talking about the integration with Telegram?

@vitormattos commented on GitHub (Feb 5, 2026): Are you talking about the integration with Telegram?

kerem commented

2026-02-26 05:33:31 +03:00

Author

Owner

@oleua commented on GitHub (Feb 6, 2026):

What Telegram? Signal, of course, perhaps other messengers, just to study how to do it there.

@oleua commented on GitHub (Feb 6, 2026): What Telegram? Signal, of course, perhaps other messengers, just to study how to do it there.

kerem commented

2026-02-26 05:33:31 +03:00

Author

Owner

@vitormattos commented on GitHub (Feb 6, 2026):

Sorry, I made a quick read and didn't saw "Signal" and thought that was Telegram. Telegram also have the possibility to format as "spoiler". It's a good suggestion but will be necessary think a bit more and wait for more interactions of other Signal users about how to implement this.

Follow some points to we think:

Would be good to add at Signal and Telegram configuration flow, a system field (system because don't will be specific to Signal implementation) called "spoiler" asking if want to enable the spoiler feature and at AProvider, add a more condition to configure the text with spoiler markdown syntax. This will make more customizable.
github.com/nextcloud/twofactor_gateway@4812fa9127/lib/Provider/Channel/Signal/Gateway.php (L50-L60)
Will be necessary to add a new setting to Signal Gateway file allowMarkdown: true,, could be before fields. You can test this. Setting this already will send the token as code syntax and will make a small improvement into Signal flow.

@vitormattos commented on GitHub (Feb 6, 2026): Sorry, I made a quick read and didn't saw "Signal" and thought that was Telegram. Telegram also have the possibility to format as "spoiler". It's a good suggestion but will be necessary think a bit more and wait for more interactions of other Signal users about how to implement this. Follow some points to we think: 1. Would be good to add at Signal and Telegram configuration flow, a system field (system because don't will be specific to Signal implementation) called "spoiler" asking if want to enable the spoiler feature and at AProvider, add a more condition to configure the text with spoiler markdown syntax. This will make more customizable. https://github.com/nextcloud/twofactor_gateway/blob/4812fa912783401720dccb3abf2d54d51d0309ca/lib/Provider/Channel/Signal/Gateway.php#L50-L60 3. Will be necessary to add a new setting to Signal Gateway file `allowMarkdown: true,`, could be before `fields`. You can test this. Setting this already will send the token as code syntax and will make a small improvement into Signal flow.

kerem commented

2026-02-26 05:33:31 +03:00

Author

Owner

@oleua commented on GitHub (Feb 13, 2026):

Sorry, I made a quick read and didn't saw "Signal" and thought that was Telegram. Telegram also have the possibility to format as "spoiler". It's a good suggestion but will be necessary think a bit more and wait for more interactions of other Signal users about how to implement this.

Follow some points to we think:
Would be good to add at Signal and Telegram configuration flow, a system field (system because don't will be specific to Signal implementation) called "spoiler" asking if want to enable the spoiler feature and at AProvider, add a more condition to configure the text with spoiler markdown syntax. This will make more customizable.
  [twofactor_gateway/lib/Provider/Channel/Signal/Gateway.php](https://github.com/nextcloud/twofactor_gateway/blob/4812fa912783401720dccb3abf2d54d51d0309ca/lib/Provider/Channel/Signal/Gateway.php#L50-L60)

Thank you for your reply! So, how do you suggest to add the field?

Will be necessary to add a new setting to Signal Gateway file allowMarkdown: true,, could be before fields. You can test this. Setting this already will send the token as code syntax and will make a small improvement into Signal flow.

@oleua commented on GitHub (Feb 13, 2026): > Sorry, I made a quick read and didn't saw "Signal" and thought that was Telegram. Telegram also have the possibility to format as "spoiler". It's a good suggestion but will be necessary think a bit more and wait for more interactions of other Signal users about how to implement this. > > Follow some points to we think: > > 1. Would be good to add at Signal and Telegram configuration flow, a system field (system because don't will be specific to Signal implementation) called "spoiler" asking if want to enable the spoiler feature and at AProvider, add a more condition to configure the text with spoiler markdown syntax. This will make more customizable. > > > > [twofactor_gateway/lib/Provider/Channel/Signal/Gateway.php](https://github.com/nextcloud/twofactor_gateway/blob/4812fa912783401720dccb3abf2d54d51d0309ca/lib/Provider/Channel/Signal/Gateway.php#L50-L60) > > > Thank you for your reply! So, how do you suggest to add the field? > 2. Will be necessary to add a new setting to Signal Gateway file `allowMarkdown: true,`, could be before `fields`. You can test this. Setting this already will send the token as code syntax and will make a small improvement into Signal flow.

kerem referenced this issue

2026-02-26 05:34:04 +03:00

[PR #136] [MERGED] Bump webpack from 4.20.2 to 4.21.0 #231

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/twofactor_gateway-nextcloud#136

No description provided.

Rows
Columns