From c725c9b2affb3a0092427c09f544febb3f721ad9 Mon Sep 17 00:00:00 2001 From: Spenser Hale Date: Mon, 1 May 2023 21:52:06 -0700 Subject: [PATCH] Use the integer REST API type instead of number, to resolve overly strict user_id capability checks (#560) * Fixing bug where Super Admins cannot setup Time Based One-Time Password as first Two Factor option on WP VIP * refactor(Two_Factor_Backup_Codes): setting user_id type to integer instead of number to make consistent with Two_Factor_Totp Fixes #559 Fixes #557 --- providers/class-two-factor-backup-codes.php | 2 +- providers/class-two-factor-totp.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/providers/class-two-factor-backup-codes.php b/providers/class-two-factor-backup-codes.php index bebbb94c..8e5b72f0 100644 --- a/providers/class-two-factor-backup-codes.php +++ b/providers/class-two-factor-backup-codes.php @@ -61,7 +61,7 @@ public function register_rest_routes() { 'args' => array( 'user_id' => array( 'required' => true, - 'type' => 'number', + 'type' => 'integer', ), 'enable_provider' => array( 'required' => false, diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php index 533f7075..02a3c6d5 100644 --- a/providers/class-two-factor-totp.php +++ b/providers/class-two-factor-totp.php @@ -70,7 +70,7 @@ public function register_rest_routes() { 'args' => array( 'user_id' => array( 'required' => true, - 'type' => 'number', + 'type' => 'integer', ), ), ), @@ -83,7 +83,7 @@ public function register_rest_routes() { 'args' => array( 'user_id' => array( 'required' => true, - 'type' => 'number', + 'type' => 'integer', ), 'key' => array( 'type' => 'string', @@ -223,7 +223,7 @@ public static function generate_qr_code_url( $user, $secret_key ) { /** * Filter the Label for the TOTP. - * + * * Must follow the TOTP format for a "label". Do not URL Encode. * * @see https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label