From 6a13609bf0e1bc75c907bdc46a4099b92de69eb3 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Tue, 19 Mar 2019 08:45:08 +0100
Subject: [PATCH] [Web] Fix slow UI by switching QR provider and only
 generating qr image on demand

---
 data/web/inc/ajax/qr_gen.php       | 13 +++++++++++++
 data/web/inc/footer.inc.php        |  9 +++++++++
 data/web/inc/prerequisites.inc.php |  3 ++-
 data/web/modals/footer.php         |  2 +-
 4 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 data/web/inc/ajax/qr_gen.php

diff --git a/data/web/inc/ajax/qr_gen.php b/data/web/inc/ajax/qr_gen.php
new file mode 100644
index 00000000..1c543ebe
--- /dev/null
+++ b/data/web/inc/ajax/qr_gen.php
@@ -0,0 +1,13 @@
+<?php
+session_start();
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+header('Content-Type: text/plain');
+if (!isset($_SESSION['mailcow_cc_role'])) {
+	exit();
+}
+
+if (isset($_GET['token']) && ctype_alnum($_GET['token'])) {
+  echo $tfa->getQRCodeImageAsDataUri($_SESSION['mailcow_cc_username'], $totp_secret);
+}
+
+?>
diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php
index 365cf7da..b8229e26 100644
--- a/data/web/inc/footer.inc.php
+++ b/data/web/inc/footer.inc.php
@@ -93,6 +93,15 @@ $(document).ready(function() {
     }
     if ($(this).val() == "totp") {
       $('#TOTPModal').modal('show');
+      request_token = $('#tfa-qr-img').data('totp-secret');
+      $.ajax({
+        url: '/inc/ajax/qr_gen.php',
+        data: {
+          token: request_token,
+        },
+      }).done(function (result) {
+        $("#tfa-qr-img").attr("src", result);
+      });
       $("option:selected").prop("selected", false);
     }
     if ($(this).val() == "u2f") {
diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php
index 66db8662..7c651803 100644
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -36,7 +36,8 @@ foreach ($css_dir as $css_file) {
 
 // U2F API + T/HOTP API
 $u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']);
-$tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL);
+$qrprovider = new RobThree\Auth\Providers\Qr\QRServerProvider();
+$tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL, 6, 30, 'sha1', $qrprovider);
 
 // Redis
 $redis = new Redis();
diff --git a/data/web/modals/footer.php b/data/web/modals/footer.php
index b5e49b15..b7ebaf08 100644
--- a/data/web/modals/footer.php
+++ b/data/web/modals/footer.php
@@ -81,7 +81,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
           <ol>
             <li>
               <p><?=$lang['tfa']['scan_qr_code'];?></p>
-              <img src="<?=$tfa->getQRCodeImageAsDataUri($_SESSION['mailcow_cc_username'], $totp_secret);?>">
+              <img id="tfa-qr-img" data-totp-secret="<?=$totp_secret;?>" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=">
               <p class="help-block"><?=$lang['tfa']['enter_qr_code'];?>:<br />
               <code><?=$totp_secret;?></code>
               </p>