Declare issuer name in QR code when setting up 2FA

The issuer name is an optional but important feature that allows
the user to differentiate between different accounts used in the
same authenticator app. While we currently use a prefix in the
user account name, declaring an issuer makes it easier for the
user to differentiate.

Bug: T150596
Change-Id: I741dd671e79e0326dfe97bdaaf63b3997960d115

OATHUser.php

@@ -31,13 +31,19 @@ class OATHUser {
 	/**
 	 * @return String
 	 */
-	public function getAccount() {
+	public function getIssuer() {
 		global $wgSitename, $wgOATHAuthAccountPrefix;
-
 		if ( $wgOATHAuthAccountPrefix !== false ) {
-			return "$wgOATHAuthAccountPrefix:{$this->user->getName()}";
+			return $wgOATHAuthAccountPrefix;
 		}
-		return "$wgSitename:{$this->user->getName()}";
+		return $wgSitename;
+	}
+
+	/**
+	 * @return String
+	 */
+	public function getAccount() {
+		return $this->user->getName();
 	}
 
 	/**

special/SpecialOATHEnable.php

@@ -80,10 +80,13 @@ class SpecialOATHEnable extends FormSpecialPage {
 		}
 
 		$secret = $key->getSecret();
+		$label = "{$this->OATHUser->getIssuer()}:{$this->OATHUser->getAccount()}";
 		$qrcodeUrl = "otpauth://totp/"
-			. rawurlencode( $this->OATHUser->getAccount() )
+			. rawurlencode( $label )
 			. "?secret="
-			. rawurlencode( $secret );
+			. rawurlencode( $secret )
+			. "&issuer="
+			. rawurlencode( $this->OATHUser->getIssuer() );
 
 		$qrcodeElement = Html::element( 'div', [
 			'data-mw-qrcode-url' => $qrcodeUrl,