From 441690f46f1f3253545373a01fef869f1a4aaf6e Mon Sep 17 00:00:00 2001 From: Spenser Hale Date: Mon, 1 May 2023 21:52:06 -0700 Subject: [PATCH] Use the integer REST API type instead of number, to resolve overly strict user_id capability checks (#560) * Fixing bug where Super Admins cannot setup Time Based One-Time Password as first Two Factor option on WP VIP * refactor(Two_Factor_Backup_Codes): setting user_id type to integer instead of number to make consistent with Two_Factor_Totp Fixes #559 Fixes #557 --- providers/class-two-factor-backup-codes.php | 2 +- providers/class-two-factor-totp.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/providers/class-two-factor-backup-codes.php b/providers/class-two-factor-backup-codes.php index 85a8d180..0aa20c21 100644 --- a/providers/class-two-factor-backup-codes.php +++ b/providers/class-two-factor-backup-codes.php @@ -75,7 +75,7 @@ public function register_rest_routes() { 'args' => array( 'user_id' => array( 'required' => true, - 'type' => 'number', + 'type' => 'integer', ), 'enable_provider' => array( 'required' => false, diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php index a562d389..bfc4557d 100644 --- a/providers/class-two-factor-totp.php +++ b/providers/class-two-factor-totp.php @@ -83,7 +83,7 @@ public function register_rest_routes() { 'args' => array( 'user_id' => array( 'required' => true, - 'type' => 'number', + 'type' => 'integer', ), ), ), @@ -96,7 +96,7 @@ public function register_rest_routes() { 'args' => array( 'user_id' => array( 'required' => true, - 'type' => 'number', + 'type' => 'integer', ), 'key' => array( 'type' => 'string', @@ -227,7 +227,7 @@ public static function generate_qr_code_url( $user, $secret_key ) { /** * Filter the Label for the TOTP. - * + * * Must follow the TOTP format for a "label". Do not URL Encode. * * @see https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label