From 8ab55eb6c3664b6aad4a1426b3888a81552bd07b Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 11 Feb 2026 12:35:06 +0100
Subject: [PATCH 1/2] add endroid/qr-code

---
 composer.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/composer.json b/composer.json
index 8a1f87f1a..f128fa61a 100644
--- a/composer.json
+++ b/composer.json
@@ -65,6 +65,7 @@
         "slim/psr7": "^1.7",
         "chillerlan/php-qrcode": "^5.0",
         "bacon/bacon-qr-code": "^3.0",
+        "endroid/qr-code": "*",
         "seeddms/core": "dev-seeddms-5.1.x",
         "seeddms/lucene": "dev-master",
         "seeddms/preview": "dev-master",

From 09fd87c9f1e442a2df8ec18f1d64d3f36722cbb6 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 11 Feb 2026 12:35:18 +0100
Subject: [PATCH 2/2] use Endroid QR Code

---
 out/out.Setup2Factor.php               | 2 +-
 views/bootstrap/class.Setup2Factor.php | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/out/out.Setup2Factor.php b/out/out.Setup2Factor.php
index f754c864f..f2479c718 100644
--- a/out/out.Setup2Factor.php
+++ b/out/out.Setup2Factor.php
@@ -24,7 +24,7 @@ require_once("inc/inc.Authentication.php");
 
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
-$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
+$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
 
 if ($user->isGuest()) {
 	UI::exitError(getMLText("2_factor_auth"),getMLText("access_denied"));
diff --git a/views/bootstrap/class.Setup2Factor.php b/views/bootstrap/class.Setup2Factor.php
index 3b9bf0b62..03c056b25 100644
--- a/views/bootstrap/class.Setup2Factor.php
+++ b/views/bootstrap/class.Setup2Factor.php
@@ -21,6 +21,10 @@
  */
 require "vendor/autoload.php";
 
+use RobThree\Auth\TwoFactorAuth;
+use RobThree\Auth\Providers\Qr\BaconQrCodeProvider;
+use RobThree\Auth\Providers\Qr\EndroidQrCodeProvider;
+
 /**
  * Class which outputs the html page for ForcePasswordChange view
  *
@@ -80,7 +84,10 @@ $(document).ready( function() {
 		$this->rowStart();
 		$this->contentContainerStart('span6');
 
-		$tfa = new \RobThree\Auth\TwoFactorAuth('SeedDMS: '.$sitename);
+		/* BaconQrCodeProvider requires imagick
+			$tfa = new TwoFactorAuth(new BaconQrCodeProvider());
+		 */
+		$tfa = new TwoFactorAuth(new EndroidQrCodeProvider());
 		$oldsecret = $user->getSecret();
 		$secret = $tfa->createSecret();
 ?>