updated plugin `Two Factor` version 0.8.2

2023-10-22 22:21:19 +00:00 · 2023-10-22 22:21:19 +00:00 · 2f6b5b6047
parent 880d6051ac
commit 2f6b5b6047
5 changed files with 27 additions and 11 deletions
--- a/wp-content/plugins/two-factor/class-two-factor-core.php
+++ b/wp-content/plugins/two-factor/class-two-factor-core.php
@ -1543,9 +1543,9 @@ class Two_Factor_Core {
 				return;
 			}

-			$providers = self::get_providers();
-
-			$enabled_providers = $_POST[ self::ENABLED_PROVIDERS_USER_META_KEY ];
+			$providers          = self::get_providers();
+			$enabled_providers  = $_POST[ self::ENABLED_PROVIDERS_USER_META_KEY ];
+			$existing_providers = self::get_enabled_providers_for_user( $user_id );

 			// Enable only the available providers.
 			$enabled_providers = array_intersect( $enabled_providers, array_keys( $providers ) );
@ -1556,6 +1556,17 @@ class Two_Factor_Core {
 			if ( ! empty( $new_provider ) && in_array( $new_provider, $enabled_providers, true ) ) {
 				update_user_meta( $user_id, self::PROVIDER_USER_META_KEY, $new_provider );
 			}
+
+			// Destroy other sessions if we've activated a new provider.
+			if ( array_diff( $enabled_providers, $existing_providers ) ) {
+				if ( $user_id === get_current_user_id() ) {
+					// Keep the current session, destroy others sessions for this user.
+					wp_destroy_other_sessions();
+				} else {
+					// Destroy all sessions for the user.
+					WP_Session_Tokens::get_instance( $user_id )->destroy_all();
+				}
+			}
 		}
 	}

--- a/wp-content/plugins/two-factor/providers/class-two-factor-backup-codes.php
+++ b/wp-content/plugins/two-factor/providers/class-two-factor-backup-codes.php
@ -75,7 +75,7 @@ class Two_Factor_Backup_Codes extends Two_Factor_Provider {
 				'args'                => array(
 					'user_id' => array(
 						'required' => true,
-						'type'     => 'number',
+						'type'     => 'integer',
 					),
 					'enable_provider' => array(
 						'required' => false,
@ -159,6 +159,9 @@ class Two_Factor_Backup_Codes extends Two_Factor_Provider {
 	 * @param WP_User $user WP_User object of the logged-in user.
 	 */
 	public function user_options( $user ) {
+		wp_enqueue_script( 'wp-api-request' );
+		wp_enqueue_script( 'jquery' );
+
 		$count = self::codes_remaining_for_user( $user );
 		?>
 		<p id="two-factor-backup-codes">
--- a/wp-content/plugins/two-factor/providers/class-two-factor-totp.php
+++ b/wp-content/plugins/two-factor/providers/class-two-factor-totp.php
@ -83,7 +83,7 @@ class Two_Factor_Totp extends Two_Factor_Provider {
 					'args'                => array(
 						'user_id' => array(
 							'required' => true,
-							'type'     => 'number',
+							'type'     => 'integer',
 						),
 					),
 				),
@ -96,7 +96,7 @@ class Two_Factor_Totp extends Two_Factor_Provider {
 					'args'                => array(
 						'user_id' => array(
 							'required' => true,
-							'type'     => 'number',
+							'type'     => 'integer',
 						),
 						'key'     => array(
 							'type'              => 'string',
@ -227,7 +227,7 @@ class Two_Factor_Totp extends Two_Factor_Provider {

 		/**
 		 * Filter the Label for the TOTP.
-		 * 
+		 *
 		 * Must follow the TOTP format for a "label". Do not URL Encode.
 		 *
 		 * @see https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label
@ -276,6 +276,8 @@ class Two_Factor_Totp extends Two_Factor_Provider {
 		$key = $this->get_user_totp_key( $user->ID );

 		wp_enqueue_script( 'two-factor-qr-code-generator' );
+		wp_enqueue_script( 'wp-api-request' );
+		wp_enqueue_script( 'jquery' );

 		?>
 		<div id="two-factor-totp-options">
--- a/wp-content/plugins/two-factor/readme.txt
+++ b/wp-content/plugins/two-factor/readme.txt
@ -2,9 +2,9 @@
 Contributors:      georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd, alihusnainarshad, passoniate
 Tags:              two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey
 Requires at least: 4.3
-Tested up to:      6.0
+Tested up to:      6.2
 Requires PHP:      5.6
-Stable tag:        0.8.1
+Stable tag:        0.8.2

 Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.

--- a/wp-content/plugins/two-factor/two-factor.php
+++ b/wp-content/plugins/two-factor/two-factor.php
@ -12,7 +12,7 @@
 * Plugin URI:  https://wordpress.org/plugins/two-factor/
 * Description: Two-Factor Authentication using time-based one-time passwords, Universal 2nd Factor (FIDO U2F), email and backup verification codes.
 * Author:      Plugin Contributors
- * Version:     0.8.1
+ * Version:     0.8.2
 * Author URI:  https://github.com/wordpress/two-factor/graphs/contributors
 * Network:     True
 * Text Domain: two-factor
@ -26,7 +26,7 @@ define( 'TWO_FACTOR_DIR', plugin_dir_path( __FILE__ ) );
 /**
 * Version of the plugin.
 */
-define( 'TWO_FACTOR_VERSION', '0.8.1' );
+define( 'TWO_FACTOR_VERSION', '0.8.2' );

 /**
 * Include the base class here, so that other plugins can also extend it.