Your openapi definition claims request_2fa_token takes a domain when in fact it takes a URL #6
Comments
jikamens
pushed a commit
to jikamens/twofas-cli
that referenced
this issue
Sep 8, 2023
The "domain" argument to the 2FAS API isn't actually expecting a domain, it's expecting a URL (see twofas/2fas-server#6). Arguably it would be better to rename the "--domain" argument in this script to "--url" for clarity, but absent that, at the very least we should check if the user specifies a domain instead of a URL—since that's what the parameter is called, it's an easy mistake to make!—and if so, then add "https://" to the beginning of it so that we're passing the 2FAS server something it expects. Fixes dspitzer#1.
KobeW50
added
Bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
api/openapi/rest.yaml shows that request_2fa_token has a "domain" parameter and gives "facebook.com" as an example of what to put in this parameter.
However, the code in internal/api/browser_extension/app/command/request_2fa_token.go makes it clear that what is expected in this parameter is a URL, not a domain, since it tries to parse the domain parameter as a URL and sets the requested site to an empty string if the parse fails.
There are thus two problems here. The first, which may be too hard to fix at this point, is that you called the parameter domain instead of url. The second, which is easier to fix, is that your openapi definition documents incorrectly what goes into the parameter. You could keep the bad parameter name if it's too hard to fix but at least update the documentation to accurately reflect what is expected.
The text was updated successfully, but these errors were encountered: