Last active
April 8, 2020 10:15
-
-
Save rahulsprajapati/c08182f1fc88596bb3c2206e0eea4a60 to your computer and use it in GitHub Desktop.
Fix/Workaround: losing 2FA config when configuration when updating profile with "Time Based One-Time Password (Google Authenticator)" 2FA enabled
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Fix/Workaround for two-factor option issues. | |
*/ | |
namespace Fix; | |
require_once __DIR__ . '/two-factor-totp-fix.php'; | |
Two_Factor_Totp\bootstrap(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Two-factor options customisation. | |
* | |
*/ | |
namespace Fix/Two_Factor_Totp; | |
use Two_Factor_Totp; | |
/** | |
* Startup. | |
*/ | |
function bootstrap() { | |
add_action( 'admin_init', __NAMESPACE__ . '\\update_2fa_otp_option' ); | |
} | |
/** | |
* Override default 2fa otp option. | |
*/ | |
function update_2fa_otp_option() { | |
remove_action( 'two-factor-user-options-' . Two_Factor_Totp::class, [ | |
Two_Factor_Totp::get_instance(), | |
'user_two_factor_options', | |
] ); | |
add_action( 'two-factor-user-options-' . Two_Factor_Totp::class, __NAMESPACE__ . '\\two_factor_otp_option' ); | |
} | |
/** | |
* Display TOTP options on the user settings page. | |
* Note: As per default two-factor otp behaviour when user profile is updated | |
* with hitting enter key, the reset key submit will also get it submitted and | |
* that submit the "two-factor-totp-delete" value as true, moving this to checkbox | |
* resolves the issue of setting delete/reset flag on form submission on enter key. | |
* | |
* @param \WP_User $user The current user being edited. | |
*/ | |
function two_factor_otp_option( $user ) { | |
if ( ! isset( $user->ID ) ) { | |
return; | |
} | |
$totp_instance = Two_Factor_Totp::get_instance(); | |
$key = $totp_instance->get_user_totp_key( $user->ID ); | |
if ( empty( $key ) ) : | |
$totp_instance->user_two_factor_options( $user ); | |
else : | |
wp_nonce_field( 'user_two_factor_totp_options', '_nonce_user_two_factor_totp_options', false ); | |
$totp_instance->admin_notices(); | |
?> | |
<div id="two-factor-totp-options"> | |
<p class="success"> | |
<?php esc_html_e( 'Secret key configured and registered.', 'al-jazeera' ); ?> | |
</p> | |
<p> | |
<p> | |
<input type="checkbox" name="two-factor-totp-delete"/><?php esc_html_e( 'Check here and click on reset key.', 'fix-two-factor-totp' ); ?> | |
</p> | |
<p> | |
<input type="submit" class="button" name="two-factor-totp-delete-btn" value="<?php esc_attr_e( 'Reset Key', 'fix-two-factor-totp' ); ?>"/> | |
</p> | |
<em class="description"> | |
<?php esc_html_e( 'You will have to re-scan the QR code on all devices as the previous codes will stop working.', 'fix-two-factor-totp' ); ?> | |
</em> | |
</p> | |
</div> | |
<?php | |
endif; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue ref: WordPress/two-factor#341
2fa otp reset key option was removing key on form submission with setting
two-factor-totp-delete
on submit button itself. Because of this everytime we update user profile by just hitting enter it find first submit button ( which istwo-factor-totp-delete
) and submit form, which results in removing 2fa otp key and reset even when not needed.As part of this fix we have moved
two-factor-totp-delete
field as checkbox and now it will only remove if checkbox is checked.