Made the TOTP URL visible during setup

Useful for some non-scanner type apps.
Closes #2908

app/Http/Controllers/Auth/MfaTotpController.php

@@ -35,8 +35,8 @@ public function generate(TotpService $totp)
         $svg = $totp->generateQrCodeSvg($qrCodeUrl);
 
         return view('mfa.totp-generate', [
-            'secret' => $totpSecret,
-            'svg'    => $svg,
+            'url' => $qrCodeUrl,
+            'svg' => $svg,
         ]);
     }
 

resources/sass/_layout.scss

@@ -145,6 +145,7 @@ body.flexbox {
 .flex {
   min-height: 0;
   flex: 1;
+  max-width: 100%;
   &.fit-content {
     flex-basis: auto;
     flex-grow: 0;

resources/views/mfa/totp-generate.blade.php

@@ -12,6 +12,9 @@
                 <div class="block inline">
                     {!! $svg !!}
                 </div>
+                <div class="code-base small text-muted px-s py-xs my-xs" style="overflow-x: scroll; white-space: nowrap;">
+                    {{ $url }}
+                </div>
             </div>
 
             <h2 class="list-heading">{{ trans('auth.mfa_gen_totp_verify_setup') }}</h2>

tests/Auth/MfaConfigurationTest.php

@@ -36,10 +36,12 @@ public function test_totp_setup()
         $resp->assertSee('The provided code is not valid or has expired.');
         $revisitSvg = $resp->getElementHtml('#main-content .card svg');
         $this->assertTrue($svg === $revisitSvg);
+        $secret = decrypt(session()->get('mfa-setup-totp-secret'));
+
+        $resp->assertSee(htmlentities("?secret={$secret}&issuer=BookStack&algorithm=SHA1&digits=6&period=30"));
 
         // Successful confirmation
         $google2fa = new Google2FA();
-        $secret = decrypt(session()->get('mfa-setup-totp-secret'));
         $otp = $google2fa->getCurrentOtp($secret);
         $resp = $this->post('/mfa/totp/confirm', [
             'code' => $otp,