Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revalidation required when no providers enabled #565

Closed
iandunn opened this issue May 12, 2023 · 1 comment · Fixed by #567
Closed

Revalidation required when no providers enabled #565

iandunn opened this issue May 12, 2023 · 1 comment · Fixed by #567
Assignees
@iandunn
Milestone
0.9.0

Comments

@iandunn
Copy link
Member

iandunn commented May 12, 2023
edited
Loading

Describe the bug

If you disable all providers, you're still required to revalidate. You can't enable any providers until you do, but you get a fatal error when you try.

Screenshot 2023-05-12 at 3 08 07 PM

Uncaught Error: Call to a member function get_key() on null in two-factor/class-two-factor-core.php on line 742

Introduced in #529. I missed this during testing, but @adamwoodnz discovered it in WordPress/wporg-two-factor#160. His PR WordPress/wporg-two-factor#161 would fix downstream, but it looks like the root cause is located here.

Steps to Reproduce

  1. logout
  2. delete all _two_factor... usermeta for the user
  3. add this to an to muplugin to make testing easier 
    add_filter( 'two_factor_revalidate_time', function() {
	return 30;
} );
  4. login, then go to wp-admin/profile.php
  5. wait 30 seconds, and refresh. the Revalidate button will not appear, because you don't have a 2fa session. that's the correct behavior
  6. now enable the Dummy provider, and immediately disable it (before the 30 second revalidation period expires)
  7. wait 30 seconds for the period to expire, then reload profile.php again. The Revalidate button will appear, because the WP session data still indicates that it's a 2FA session. that's wrong, and prevents you from enabling any provider until you revalidate. if you try to revalidate, you get the fatal error.
@iandunn iandunn added the Bug label May 12, 2023
@iandunn iandunn added this to the 0.9.0 milestone May 12, 2023
@iandunn iandunn self-assigned this May 12, 2023
This was referenced May 12, 2023
Closed
Merged
@dd32 dd32 mentioned this issue May 15, 2023
Merged
@iandunn
Copy link
Member Author

iandunn commented May 19, 2023

Fixed by #567

@iandunn iandunn closed this as completed May 19, 2023
@jeffpaul jeffpaul linked a pull request May 19, 2023 that will close this issue
ReAuth: resolve fatal, code cleanup #567
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iandunn iandunn

Labels
None yet
Projects
None yet
Milestone
0.9.0
1 participant
@iandunn