From 7dc05d7eaf0832d18d28a72fbc499c26849ab56a Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Thu, 11 Jul 2024 12:34:19 +0900 Subject: [PATCH 1/6] Add a filter so consumers can add links to the problem area. --- class-two-factor-core.php | 1 + 1 file changed, 1 insertion(+) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 51c3cee3..f28ecffa 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -835,6 +835,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg + From 16a1d5c1f0ea9f5c75e203108237fbb7f26cd421 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Thu, 11 Jul 2024 12:37:51 +0900 Subject: [PATCH 2/6] Document filter. --- class-two-factor-core.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index f28ecffa..1503fff3 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -835,7 +835,12 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg - + From 8918127f4e6a5d276415a26988050fdd3cc8b347 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Fri, 12 Jul 2024 13:58:18 +0900 Subject: [PATCH 3/6] Pass all the links so we can control link location. --- class-two-factor-core.php | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 1503fff3..62e3b915 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -825,23 +825,29 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg

    - $backup_provider ) : + $backup_provider ) { $backup_link_args['provider'] = $backup_provider_key; - ?> -
  • - - get_alternative_provider_label() ); ?> - -
    • - - $2%s', + esc_url( self::login_url( $backup_link_args ) ), + esc_html( $backup_provider->get_alternative_provider_label() ) + ); + } + /* * Allow plugins to add links to the two-factor login form. */ - echo apply_filters( 'two_factor_login_support_links', '' ); - ?> -
+ $links = apply_filters( 'two_factor_login_support_links', $links ); + + // Echo out the filtered links + foreach ( $links as $link ) { + echo wp_kses_post( $link ); + } + ?> + From 5a6052210d8aa06ce60366eaa0fc9ddd1e1f4ed1 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Mon, 23 Sep 2024 12:29:32 +0900 Subject: [PATCH 4/6] Refactor to display links outside of backup_providers. --- class-two-factor-core.php | 71 ++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 34 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 62e3b915..58d5f5bd 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -804,50 +804,53 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg authentication_page( $user ); ?> - $action, - 'wp-auth-id' => $user->ID, - 'wp-auth-nonce' => $login_nonce, - ); - if ( $rememberme ) { - $backup_link_args['rememberme'] = $rememberme; - } - if ( $redirect_to ) { - $backup_link_args['redirect_to'] = $redirect_to; - } - if ( $interim_login ) { - $backup_link_args['interim-login'] = 1; + $action, + 'wp-auth-id' => $user->ID, + 'wp-auth-nonce' => $login_nonce, + ); + if ( $rememberme ) { + $backup_link_args['rememberme'] = $rememberme; + } + if ( $redirect_to ) { + $backup_link_args['redirect_to'] = $redirect_to; + } + if ( $interim_login ) { + $backup_link_args['interim-login'] = 1; + } + + foreach ( $backup_providers as $backup_provider_key => $backup_provider ) { + $backup_link_args['provider'] = $backup_provider_key; + $links[] = sprintf( + '
  • %2$s
    • ', + esc_url( self::login_url( $backup_link_args ) ), + esc_html( $backup_provider->get_alternative_provider_label() ) + ); + } } - ?> + + /* + * Allow plugins to add links to the two-factor login form. + */ + $links = apply_filters( 'two_factor_login_backup_links', $links ); + ?> + +

      $backup_provider ) { - $backup_link_args['provider'] = $backup_provider_key; - $links[] = sprintf( - '
    • $2%s
      • ', - esc_url( self::login_url( $backup_link_args ) ), - esc_html( $backup_provider->get_alternative_provider_label() ) - ); - } - - /* - * Allow plugins to add links to the two-factor login form. - */ - $links = apply_filters( 'two_factor_login_support_links', $links ); - - // Echo out the filtered links foreach ( $links as $link ) { - echo wp_kses_post( $link ); + echo $link; } ?> -
    +
    From 61121cd7edbf36e06c2f7c07c84c6f6a338281f5 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Mon, 23 Sep 2024 12:32:25 +0900 Subject: [PATCH 5/6] Update doc block for filter and bump version. --- class-two-factor-core.php | 13 ++++++++++--- two-factor.php | 2 +- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 58d5f5bd..edda9dd2 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -833,9 +833,16 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg } } - /* - * Allow plugins to add links to the two-factor login form. - */ + /** + * Filters the backup links displayed on the two-factor login form. + * + * Plugins can use this filter to modify or add links to the two-factor authentication + * login form, allowing users to select backup methods for authentication. + * + * @since 0.9.2 + * + * @param array $links An array of backup links displayed on the two-factor login form. + */ $links = apply_filters( 'two_factor_login_backup_links', $links ); ?> diff --git a/two-factor.php b/two-factor.php index 380ad4c2..c20fe588 100644 --- a/two-factor.php +++ b/two-factor.php @@ -11,7 +11,7 @@ * Plugin Name: Two Factor * Plugin URI: https://wordpress.org/plugins/two-factor/ * Description: Enable Two-Factor Authentication using time-based one-time passwords, Universal 2nd Factor (FIDO U2F, YubiKey), email, and backup verification codes. - * Version: 0.9.1 + * Version: 0.9.2 * Requires at least: 6.3 * Requires PHP: 7.2 * Author: Plugin Contributors From 5ac8a23fbf3408bfb5a52a3c979fa69c34e501d7 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Mon, 23 Sep 2024 15:31:10 +0900 Subject: [PATCH 6/6] Update documentation and remove
  • from the string. --- class-two-factor-core.php | 10 +++++----- readme.txt | 1 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index edda9dd2..988ee2a2 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -826,7 +826,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg foreach ( $backup_providers as $backup_provider_key => $backup_provider ) { $backup_link_args['provider'] = $backup_provider_key; $links[] = sprintf( - '
  • %2$s
    • ', + '%2$s', esc_url( self::login_url( $backup_link_args ) ), esc_html( $backup_provider->get_alternative_provider_label() ) ); @@ -834,14 +834,14 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg } /** - * Filters the backup links displayed on the two-factor login form. + * Filters the html links displayed on the two-factor login form. * * Plugins can use this filter to modify or add links to the two-factor authentication - * login form, allowing users to select backup methods for authentication. + * login form, allowing users to select backup methods for authentication or provide documentation links. * * @since 0.9.2 * - * @param array $links An array of backup links displayed on the two-factor login form. + * @param array $links An array of links displayed on the two-factor login form. */ $links = apply_filters( 'two_factor_login_backup_links', $links ); ?> @@ -854,7 +854,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg
      ' . $link . ''; } ?>
    diff --git a/readme.txt b/readme.txt index f4baaffa..596405cc 100644 --- a/readme.txt +++ b/readme.txt @@ -28,6 +28,7 @@ Here is a list of action and filter hooks provided by the plugin: - `two_factor_enabled_providers_for_user` filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID. - `two_factor_user_authenticated` action which receives the logged in `WP_User` object as the first argument for determining the logged in user right after the authentication workflow. - `two_factor_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated. +- `two_factor_login_backup_links` filters the backup links displayed on the two-factor login form. == Frequently Asked Questions ==