Dummy Two Factor: Require that the form is actually submitted before …

…returning truthful, this closer matches the expectation from other providers.
WordPress · Feb 27, 2023 · 87985df · 87985df
1 parent f0b2205
commit 87985df
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/providers/class-two-factor-dummy.php b/providers/class-two-factor-dummy.php
@@ -58,6 +58,7 @@ public function authentication_page( $user ) {
 		require_once ABSPATH . '/wp-admin/includes/template.php';
 		?>
 		<p><?php esc_html_e( 'Are you really you?', 'two-factor' ); ?></p>
+		<input type="hidden" name="dummy-auth" value="1" />
 		<?php
 		submit_button( __( 'Yup.', 'two-factor' ) );
 	}
@@ -73,7 +74,7 @@ public function authentication_page( $user ) {
 	 * @return boolean
 	 */
 	public function validate_authentication( $user ) {
-		return true;
+		return ! empty( $_POST['dummy-auth'] );
 	}
 
 	/**

diff --git a/tests/providers/class-two-factor-dummy.php b/tests/providers/class-two-factor-dummy.php
@@ -67,17 +67,22 @@ public function test_authentication_page() {
 
 		$this->assertStringContainsString( 'Are you really you?', $contents );
 		$this->assertStringContainsString( '<p class="submit">', $contents );
+		$this->assertStringContainsString( '<input type="hidden" name="dummy-auth"', $contents );
 		$this->assertStringContainsString( 'Yup', $contents );
 
 	}
 
 	/**
-	 * Verify that dummy validation returns true.
+	 * Verify that dummy validation returns true when appropriate.
 	 *
 	 * @covers Two_Factor_Dummy::validate_authentication
 	 */
 	public function test_validate_authentication() {
 
+		$this->assertFalse( $this->provider->validate_authentication( false ) );
+
+		$_POST['dummy-auth'] = 1;
+
 		$this->assertTrue( $this->provider->validate_authentication( false ) );
 
 	}