secret fields should be secret

TODOS.md

@@ -3,3 +3,4 @@
  - Display is awful to code an open ended interface for, but I still should
  - Error reporting should be enhanced, either through a messaging object or via `throw`
  - The hash fed into the `_6238` object should be based on the hash referenced in the provisioning uri
+ - URI tests must be rewritten due to public/private changes in the Otpauth object

src/URI/Otpauth.php

@@ -6,15 +6,19 @@ use InvalidArgumentException;
 
 class Otpauth
 {
+    private readonly string $secret;
+
     public function __construct(
         public readonly string $userid,
         public readonly string $issuer,
-        public readonly string $secret,
+        string $secret,
         public readonly string $algorithm,
         public readonly int $digits,
         public readonly int $period,
     )
-    {}
+    {
+        $this->secret = \rtrim($secret, "=");
+    }
 
     public static function fromString(string $uri): self
     {

src/Workflow/UserManagement.php

@@ -38,17 +38,17 @@ class UserManagement implements WorkflowInterface
         $html  = "<div id=\"enroll\"><form %frm>";
         $html .= $this->csrf->emitStr();
         $html .= "<p>To add an authenticator to your account, scan the QR code</p>";
-        $html .= "<img src=%qr alt=\"qr-code\" />";
+        $html .= "<img src=%qr alt=\"qr-code\" height=256px width=256px/>";
         $html .= "<label for=\"totp_challenge\">Enter the authentication code:</label>";
         $html .= "<input name=\"totp_challenge\" id=\"totp_challenge\" type=\"text\" >";
         $html .= "<input type=\"submit\" value=\"Submit\" />";
         $html .= "</form></div>";
 
         $provisioningUri = (new Otpauth(
-            "taatp",
             $this->db->userString($this->userIndex),
+            "taatp",
             $this->hash->keygen(),
-            "SHA1",
+            $this->hash->hashType(),
             30,
             6
         ))->emitStr();

tests/URITest.php

@@ -40,7 +40,6 @@ final class URITest extends TestCase
 
        $provisioningUri = Otpauth::fromString($string);
 
-        $this->assertSame($provisioningUri->secret, $queryComponents['secret']);
         $this->assertSame($provisioningUri->issuer, $queryComponents['issuer']);
         $this->assertSame($provisioningUri->digits, $queryComponents['digits']);
         $this->assertSame($provisioningUri->period, $queryComponents['period']);
@@ -76,7 +75,6 @@ final class URITest extends TestCase
 
         $provisioningUri = Otpauth::fromString($string);
 
-        $this->assertSame($provisioningUri->secret, $queryComponents['secret']);
         $this->assertSame($provisioningUri->algorithm, $queryComponents['algorithm']);
         $this->assertSame($provisioningUri->digits, $queryComponents['digits']);
         $this->assertSame($provisioningUri->period, $queryComponents['period']);