From 7b772774b392146ec1e38e5f2f6b929e16046170 Mon Sep 17 00:00:00 2001 From: Kaspars Dambis Date: Wed, 18 Sep 2024 18:25:36 +0300 Subject: [PATCH 1/8] Version bump --- readme.txt | 2 +- two-factor.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/readme.txt b/readme.txt index f4baaffa..30a55e73 100644 --- a/readme.txt +++ b/readme.txt @@ -2,7 +2,7 @@ Contributors: georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd, alihusnainarshad, passoniate Tags: 2fa, mfa, totp, authentication, security Tested up to: 6.6 -Stable tag: 0.9.1 +Stable tag: 0.9.2 License: GPL-2.0-or-later License URI: https://spdx.org/licenses/GPL-2.0-or-later.html diff --git a/two-factor.php b/two-factor.php index 380ad4c2..20d76a20 100644 --- a/two-factor.php +++ b/two-factor.php @@ -11,7 +11,7 @@ * Plugin Name: Two Factor * Plugin URI: https://wordpress.org/plugins/two-factor/ * Description: Enable Two-Factor Authentication using time-based one-time passwords, Universal 2nd Factor (FIDO U2F, YubiKey), email, and backup verification codes. - * Version: 0.9.1 + * Version: 0.9.2 * Requires at least: 6.3 * Requires PHP: 7.2 * Author: Plugin Contributors @@ -30,7 +30,7 @@ /** * Version of the plugin. */ -define( 'TWO_FACTOR_VERSION', '0.9.1' ); +define( 'TWO_FACTOR_VERSION', '0.9.2' ); /** * Include the base class here, so that other plugins can also extend it. From 534a14df04f901b1c515b3e14375f44faaa3479d Mon Sep 17 00:00:00 2001 From: Kaspars Dambis Date: Thu, 19 Sep 2024 11:22:18 +0300 Subject: [PATCH 2/8] =?UTF-8?q?Bump=20to=200.10.0=20since=20we=E2=80=99re?= =?UTF-8?q?=20changing=20the=20profile=20markup=20in=20a=20potentially=20b?= =?UTF-8?q?reaking=20way=20for=20integrations?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- two-factor.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/two-factor.php b/two-factor.php index 537e61ee..38248d70 100644 --- a/two-factor.php +++ b/two-factor.php @@ -11,7 +11,7 @@ * Plugin Name: Two Factor * Plugin URI: https://wordpress.org/plugins/two-factor/ * Description: Enable Two-Factor Authentication using time-based one-time passwords, Universal 2nd Factor (FIDO U2F, YubiKey), email, and backup verification codes. - * Version: 0.9.2 + * Version: 0.10.0 * Requires at least: 6.3 * Requires PHP: 7.2 * Author: WordPress.org Contributors @@ -30,7 +30,7 @@ /** * Version of the plugin. */ -define( 'TWO_FACTOR_VERSION', '0.9.2' ); +define( 'TWO_FACTOR_VERSION', '0.10.0' ); /** * Include the base class here, so that other plugins can also extend it. From 1225521ae22c19e363b9082b57d1a488e037b56c Mon Sep 17 00:00:00 2001 From: Kaspars Dambis Date: Thu, 19 Sep 2024 13:29:01 +0300 Subject: [PATCH 3/8] Add the default notice as a permanent information Collect all warnings into same place --- class-two-factor-core.php | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index eebce9c4..78525089 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1788,6 +1788,8 @@ public static function manage_users_custom_column( $output, $column_name, $user_ * @param WP_User $user WP_User object of the logged-in user. */ public static function user_two_factor_options( $user ) { + $notices = []; + wp_enqueue_style( 'user-edit-2fa', plugins_url( 'user-edit.css', __FILE__ ), array(), TWO_FACTOR_VERSION ); $enabled_providers = array_keys( self::get_available_providers_for_user( $user ) ); @@ -1803,16 +1805,16 @@ public static function user_two_factor_options( $user ) { $show_2fa_options = self::current_user_can_update_two_factor_options(); if ( ! $show_2fa_options ) { - $url = self::get_user_two_factor_revalidate_url(); - $url = add_query_arg( 'redirect_to', urlencode( self::get_user_settings_page_url( $user->ID ) . '#two-factor-options' ), $url ); + $url = add_query_arg( + 'redirect_to', + urlencode( self::get_user_settings_page_url( $user->ID ) . '#two-factor-options' ), + self::get_user_two_factor_revalidate_url() + ); - printf( - '

%s

', - sprintf( - __( 'To update your Two-Factor options, you must first revalidate your session.', 'two-factor' ) . - '
' . __( 'Revalidate now', 'two-factor' ) . '', + $notices['warning two-factor-warning-revalidate-session'] = sprintf( + esc_html__( 'To update your Two-Factor options, you must first revalidate your session.', 'two-factor' ) . + ' ' . esc_html__( 'Revalidate now', 'two-factor' ) . '', esc_url( $url ) - ) ); } @@ -1821,20 +1823,19 @@ public static function user_two_factor_options( $user ) { $show_2fa_options ? '' : 'disabled="disabled"' ); - $notices = []; - if ( empty( $enabled_providers ) ) { - $notices[] = __( 'Configure a primary two-factor method along with a backup method, such as Recovery Codes, to avoid being locked out if you lose access to your primary method.', 'two-factor' ); - } elseif ( 1 === count( $enabled_providers ) ) { - $notices['warning'] = __( 'To prevent being locked out of your account, consider enabling a backup method like Recovery Codes in case you lose access to your primary authentication method.', 'two-factor' ); + if ( 1 === count( $enabled_providers ) ) { + $notices['warning two-factor-warning-suggest-backup'] = esc_html__( 'To prevent being locked out of your account, consider enabling a backup method like Recovery Codes in case you lose access to your primary authentication method.', 'two-factor' ); } - ?>

$notice ) : ?>
-

+

+

+ +

From 7ce06347c6fd218067d22b28328629eb053e7957 Mon Sep 17 00:00:00 2001 From: thrijith Date: Thu, 24 Oct 2024 20:43:47 +0530 Subject: [PATCH 4/8] Focus in code input when totp is checked --- providers/class-two-factor-totp.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php index 7bafe1a1..8579d2a4 100644 --- a/providers/class-two-factor-totp.php +++ b/providers/class-two-factor-totp.php @@ -356,6 +356,13 @@ public function user_two_factor_options( $user ) {