[GH-ISSUE #861] Hide the secret code sent in messages (paranoid mode) #136

Open
opened 2026-02-26 05:33:30 +03:00 by kerem · 4 comments
Owner

Originally created by @oleua on GitHub (Jan 28, 2026).
Original GitHub issue: https://github.com/nextcloud/twofactor_gateway/issues/861

Hi! I am a bit worried about displaying one-time codes in messages of my messengers, so I decided to find out how to hide it.

As I use only Signal as 2FA, I have modified manually /apps/twofactor_gateway/lib/Provider/AProvider.php
by adding:

85 $secret = '||'.$secret.'||';

Next time when I receive a code via Signal I will find it hidden like

Image

In order to view it I have to click it and will see the numbers.

Originally created by @oleua on GitHub (Jan 28, 2026). Original GitHub issue: https://github.com/nextcloud/twofactor_gateway/issues/861 Hi! I am a bit worried about displaying one-time codes in messages of my messengers, so I decided to find out how to hide it. As I use only Signal as 2FA, I have modified manually `/apps/twofactor_gateway/lib/Provider/AProvider.php` by adding: 85 `$secret = '||'.$secret.'||';` Next time when I receive a code via Signal I will find it hidden like <img width="352" height="84" alt="Image" src="https://github.com/user-attachments/assets/86d583ef-8c19-4d28-a0b2-95d027bc10fb" /> In order to view it I have to click it and will see the numbers.
Author
Owner

@vitormattos commented on GitHub (Feb 5, 2026):

Are you talking about the integration with Telegram?

<!-- gh-comment-id:3855933595 --> @vitormattos commented on GitHub (Feb 5, 2026): Are you talking about the integration with Telegram?
Author
Owner

@oleua commented on GitHub (Feb 6, 2026):

What Telegram? Signal, of course, perhaps other messengers, just to study how to do it there.

<!-- gh-comment-id:3858085788 --> @oleua commented on GitHub (Feb 6, 2026): What Telegram? Signal, of course, perhaps other messengers, just to study how to do it there.
Author
Owner

@vitormattos commented on GitHub (Feb 6, 2026):

Sorry, I made a quick read and didn't saw "Signal" and thought that was Telegram. Telegram also have the possibility to format as "spoiler". It's a good suggestion but will be necessary think a bit more and wait for more interactions of other Signal users about how to implement this.

Follow some points to we think:

  1. Would be good to add at Signal and Telegram configuration flow, a system field (system because don't will be specific to Signal implementation) called "spoiler" asking if want to enable the spoiler feature and at AProvider, add a more condition to configure the text with spoiler markdown syntax. This will make more customizable.
    github.com/nextcloud/twofactor_gateway@4812fa9127/lib/Provider/Channel/Signal/Gateway.php (L50-L60)
  2. Will be necessary to add a new setting to Signal Gateway file allowMarkdown: true,, could be before fields. You can test this. Setting this already will send the token as code syntax and will make a small improvement into Signal flow.
<!-- gh-comment-id:3861858733 --> @vitormattos commented on GitHub (Feb 6, 2026): Sorry, I made a quick read and didn't saw "Signal" and thought that was Telegram. Telegram also have the possibility to format as "spoiler". It's a good suggestion but will be necessary think a bit more and wait for more interactions of other Signal users about how to implement this. Follow some points to we think: 1. Would be good to add at Signal and Telegram configuration flow, a system field (system because don't will be specific to Signal implementation) called "spoiler" asking if want to enable the spoiler feature and at AProvider, add a more condition to configure the text with spoiler markdown syntax. This will make more customizable. https://github.com/nextcloud/twofactor_gateway/blob/4812fa912783401720dccb3abf2d54d51d0309ca/lib/Provider/Channel/Signal/Gateway.php#L50-L60 3. Will be necessary to add a new setting to Signal Gateway file `allowMarkdown: true,`, could be before `fields`. You can test this. Setting this already will send the token as code syntax and will make a small improvement into Signal flow.
Author
Owner

@oleua commented on GitHub (Feb 13, 2026):

Sorry, I made a quick read and didn't saw "Signal" and thought that was Telegram. Telegram also have the possibility to format as "spoiler". It's a good suggestion but will be necessary think a bit more and wait for more interactions of other Signal users about how to implement this.

Follow some points to we think:

  1. Would be good to add at Signal and Telegram configuration flow, a system field (system because don't will be specific to Signal implementation) called "spoiler" asking if want to enable the spoiler feature and at AProvider, add a more condition to configure the text with spoiler markdown syntax. This will make more customizable.

      [twofactor_gateway/lib/Provider/Channel/Signal/Gateway.php](https://github.com/nextcloud/twofactor_gateway/blob/4812fa912783401720dccb3abf2d54d51d0309ca/lib/Provider/Channel/Signal/Gateway.php#L50-L60)
    

Thank you for your reply! So, how do you suggest to add the field?

  1. Will be necessary to add a new setting to Signal Gateway file allowMarkdown: true,, could be before fields. You can test this. Setting this already will send the token as code syntax and will make a small improvement into Signal flow.
<!-- gh-comment-id:3899189012 --> @oleua commented on GitHub (Feb 13, 2026): > Sorry, I made a quick read and didn't saw "Signal" and thought that was Telegram. Telegram also have the possibility to format as "spoiler". It's a good suggestion but will be necessary think a bit more and wait for more interactions of other Signal users about how to implement this. > > Follow some points to we think: > > 1. Would be good to add at Signal and Telegram configuration flow, a system field (system because don't will be specific to Signal implementation) called "spoiler" asking if want to enable the spoiler feature and at AProvider, add a more condition to configure the text with spoiler markdown syntax. This will make more customizable. > > > > [twofactor_gateway/lib/Provider/Channel/Signal/Gateway.php](https://github.com/nextcloud/twofactor_gateway/blob/4812fa912783401720dccb3abf2d54d51d0309ca/lib/Provider/Channel/Signal/Gateway.php#L50-L60) > > > Thank you for your reply! So, how do you suggest to add the field? > 2. Will be necessary to add a new setting to Signal Gateway file `allowMarkdown: true,`, could be before `fields`. You can test this. Setting this already will send the token as code syntax and will make a small improvement into Signal flow.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/twofactor_gateway-nextcloud#136
No description provided.