Profile settings section rendered regardless of whether any providers are enabled

[Player701]

Describe the bug

If there are no two-factor providers enabled, the corresponding profile section is still rendered on the user settings page. This creates a visual inconsistency in scenarios where two-factor authentication needs to be disabled for a specific user or group of users.

Expected behavior: Users should not see the two-factor section in their profile settings if there are no providers currently available.

Actual behavior: Users always see the two-factor section in their profile settings even if there are no providers currently available. (See screenshot)

Steps to Reproduce

This filter will disable all providers:

add_filter(
    'two_factor_providers',
    function ( $providers ) {
        return [];
    },
    9999
);

Of course this code is for demonstration purposes only. Actual code would likely use two_factor_enabled_providers_for_user and perform some check on the user ID first. The result, however, is the same.

Screenshots, screen recording, code snippet

Environment information

WordPress 6.7.1, plugin version 0.11.0

Please confirm that you have searched existing issues in this repository.

Yes

Please confirm that you have tested with all plugins deactivated except Two-Factor.

Yes

[jeffpaul]

@Player701 in what scenario would no providers be enabled and the plugin activated?

[Player701]

@Player701 in what scenario would no providers be enabled and the plugin activated?

An example scenario would be to restrict the usage of two-factor authentication to admins, or another specific group of users.

If you want to know about my particular use case:

I have only a few users on my website, but they are not power-users, and the two-factor settings are simply too confusing to them. Most of them don't even know what "two-factor" is... Additionally, all of those users browse on mobile devices, but the layout of the two-factor settings is currently partially broken on mobile and also takes up a lot of screen space.

So, believe it or not - this has actually resulted in one of the users complaining to me about their profile not updating! It turned out they somehow couldn't find the submit button at the very bottom because of all that clutter added by the plugin. Don't ask me how, it just happened...

Therefore, I've been considering to disable these settings for normal users entirely, especially taking into account that my site does not handle any security-sensitive data (e.g. payment cards and such). However, as an admin who has full management access, I still want to keep using the plugin myself.

[kasparsd]

The approach in #669 is leaving the section present but hiding the table. Please let me know if this approach works.

[Player701]

The approach in #669 is leaving the section present but hiding the table. Please let me know if this approach works.

Thank you! This is most certainly much better than it used to be, although I still think it'd be ideal if the section were hidden entirely. At the very least it shouldn't look too ugly on mobile.