From 2f6b5b604756eff9e682200eb9e2c3ca8844b312 Mon Sep 17 00:00:00 2001 From: Lai Power Date: Sun, 22 Oct 2023 22:21:19 +0000 Subject: [PATCH] updated plugin `Two Factor` version 0.8.2 --- .../two-factor/class-two-factor-core.php | 17 ++++++++++++++--- .../providers/class-two-factor-backup-codes.php | 5 ++++- .../providers/class-two-factor-totp.php | 8 +++++--- wp-content/plugins/two-factor/readme.txt | 4 ++-- wp-content/plugins/two-factor/two-factor.php | 4 ++-- 5 files changed, 27 insertions(+), 11 deletions(-) diff --git a/wp-content/plugins/two-factor/class-two-factor-core.php b/wp-content/plugins/two-factor/class-two-factor-core.php index 6a990c87..f1b3045d 100644 --- a/wp-content/plugins/two-factor/class-two-factor-core.php +++ b/wp-content/plugins/two-factor/class-two-factor-core.php @@ -1543,9 +1543,9 @@ class Two_Factor_Core { return; } - $providers = self::get_providers(); - - $enabled_providers = $_POST[ self::ENABLED_PROVIDERS_USER_META_KEY ]; + $providers = self::get_providers(); + $enabled_providers = $_POST[ self::ENABLED_PROVIDERS_USER_META_KEY ]; + $existing_providers = self::get_enabled_providers_for_user( $user_id ); // Enable only the available providers. $enabled_providers = array_intersect( $enabled_providers, array_keys( $providers ) ); @@ -1556,6 +1556,17 @@ class Two_Factor_Core { if ( ! empty( $new_provider ) && in_array( $new_provider, $enabled_providers, true ) ) { update_user_meta( $user_id, self::PROVIDER_USER_META_KEY, $new_provider ); } + + // Destroy other sessions if we've activated a new provider. + if ( array_diff( $enabled_providers, $existing_providers ) ) { + if ( $user_id === get_current_user_id() ) { + // Keep the current session, destroy others sessions for this user. + wp_destroy_other_sessions(); + } else { + // Destroy all sessions for the user. + WP_Session_Tokens::get_instance( $user_id )->destroy_all(); + } + } } } diff --git a/wp-content/plugins/two-factor/providers/class-two-factor-backup-codes.php b/wp-content/plugins/two-factor/providers/class-two-factor-backup-codes.php index 3caf4427..0aa20c21 100644 --- a/wp-content/plugins/two-factor/providers/class-two-factor-backup-codes.php +++ b/wp-content/plugins/two-factor/providers/class-two-factor-backup-codes.php @@ -75,7 +75,7 @@ class Two_Factor_Backup_Codes extends Two_Factor_Provider { 'args' => array( 'user_id' => array( 'required' => true, - 'type' => 'number', + 'type' => 'integer', ), 'enable_provider' => array( 'required' => false, @@ -159,6 +159,9 @@ class Two_Factor_Backup_Codes extends Two_Factor_Provider { * @param WP_User $user WP_User object of the logged-in user. */ public function user_options( $user ) { + wp_enqueue_script( 'wp-api-request' ); + wp_enqueue_script( 'jquery' ); + $count = self::codes_remaining_for_user( $user ); ?>

diff --git a/wp-content/plugins/two-factor/providers/class-two-factor-totp.php b/wp-content/plugins/two-factor/providers/class-two-factor-totp.php index 12a80763..bfc4557d 100644 --- a/wp-content/plugins/two-factor/providers/class-two-factor-totp.php +++ b/wp-content/plugins/two-factor/providers/class-two-factor-totp.php @@ -83,7 +83,7 @@ class Two_Factor_Totp extends Two_Factor_Provider { 'args' => array( 'user_id' => array( 'required' => true, - 'type' => 'number', + 'type' => 'integer', ), ), ), @@ -96,7 +96,7 @@ class Two_Factor_Totp extends Two_Factor_Provider { 'args' => array( 'user_id' => array( 'required' => true, - 'type' => 'number', + 'type' => 'integer', ), 'key' => array( 'type' => 'string', @@ -227,7 +227,7 @@ class Two_Factor_Totp extends Two_Factor_Provider { /** * Filter the Label for the TOTP. - * + * * Must follow the TOTP format for a "label". Do not URL Encode. * * @see https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label @@ -276,6 +276,8 @@ class Two_Factor_Totp extends Two_Factor_Provider { $key = $this->get_user_totp_key( $user->ID ); wp_enqueue_script( 'two-factor-qr-code-generator' ); + wp_enqueue_script( 'wp-api-request' ); + wp_enqueue_script( 'jquery' ); ?>

diff --git a/wp-content/plugins/two-factor/readme.txt b/wp-content/plugins/two-factor/readme.txt index 0aa252cb..d0ba9f1c 100644 --- a/wp-content/plugins/two-factor/readme.txt +++ b/wp-content/plugins/two-factor/readme.txt @@ -2,9 +2,9 @@ Contributors: georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd, alihusnainarshad, passoniate Tags: two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey Requires at least: 4.3 -Tested up to: 6.0 +Tested up to: 6.2 Requires PHP: 5.6 -Stable tag: 0.8.1 +Stable tag: 0.8.2 Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes. diff --git a/wp-content/plugins/two-factor/two-factor.php b/wp-content/plugins/two-factor/two-factor.php index c4a64c09..276054cc 100644 --- a/wp-content/plugins/two-factor/two-factor.php +++ b/wp-content/plugins/two-factor/two-factor.php @@ -12,7 +12,7 @@ * Plugin URI: https://wordpress.org/plugins/two-factor/ * Description: Two-Factor Authentication using time-based one-time passwords, Universal 2nd Factor (FIDO U2F), email and backup verification codes. * Author: Plugin Contributors - * Version: 0.8.1 + * Version: 0.8.2 * Author URI: https://github.com/wordpress/two-factor/graphs/contributors * Network: True * Text Domain: two-factor @@ -26,7 +26,7 @@ define( 'TWO_FACTOR_DIR', plugin_dir_path( __FILE__ ) ); /** * Version of the plugin. */ -define( 'TWO_FACTOR_VERSION', '0.8.1' ); +define( 'TWO_FACTOR_VERSION', '0.8.2' ); /** * Include the base class here, so that other plugins can also extend it.