From ce88212f49395b077d1466af47082927df9975cb Mon Sep 17 00:00:00 2001
From: Pranav K <prkrishn@hotmail.com>
Date: Thu, 11 Jan 2018 15:13:31 -0800
Subject: [PATCH] Use AuthenticatorUrl generated on the server in
 EnableAuthenticator pages

---
 .../Account/Manage/EnableAuthenticator.cshtml      |  2 +-
 .../Account/Manage/EnableAuthenticator.cshtml.cs   | 14 ++++++--------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/UI/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml b/src/UI/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml
index 1d68558407..9d1113d779 100644
--- a/src/UI/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml
+++ b/src/UI/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml
@@ -24,7 +24,7 @@
             <p>Scan the QR Code or enter this key <kbd>@Model.SharedKey</kbd> into your two factor authenticator app. Spaces and casing do not matter.</p>
             <div class="alert alert-info">To enable QR code generation please read our <a href="https://go.microsoft.com/fwlink/?Linkid=852423">documentation</a>.</div>
             <div id="qrCode"></div>
-            <div id="qrCodeData" data-url="@Html.Raw(Model.AuthenticatorUri)"></div>
+            <div id="qrCodeData" data-url="@Model.AuthenticatorUri"></div>
         </li>
         <li>
             <p>
diff --git a/src/UI/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml.cs b/src/UI/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
index 0d564584a4..ee507fc299 100644
--- a/src/UI/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
+++ b/src/UI/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
@@ -55,11 +55,6 @@ namespace Microsoft.AspNetCore.Identity.UI.Pages.Account.Manage
             }
 
             await LoadSharedKeyAndQrCodeUriAsync(user);
-            if (string.IsNullOrEmpty(SharedKey))
-            {
-                await _userManager.ResetAuthenticatorKeyAsync(user);
-                await LoadSharedKeyAndQrCodeUriAsync(user);
-            }
 
             return Page();
         }
@@ -100,11 +95,14 @@ namespace Microsoft.AspNetCore.Identity.UI.Pages.Account.Manage
         {
             // Load the authenticator key & QR code URI to display on the form
             var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
-            if (!string.IsNullOrEmpty(unformattedKey))
+            if (string.IsNullOrEmpty(unformattedKey))
             {
-                SharedKey = FormatKey(unformattedKey);
-                AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey);
+                await _userManager.ResetAuthenticatorKeyAsync(user);
+                unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
             }
+
+            SharedKey = FormatKey(unformattedKey);
+            AuthenticatorUri = GenerateQrCodeUri(user.Email, unformattedKey);
         }
 
         private string FormatKey(string unformattedKey)