From bb9a0ae7bbbe8fa1bd038c7629afaa97ac166cc7 Mon Sep 17 00:00:00 2001
From: Kaspars Dambis <hi@kaspars.net>
Date: Wed, 26 Aug 2020 11:50:30 +0300
Subject: [PATCH 1/8] Match the name resolved from the request

---
 class-two-factor-core.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index 6f8062ec..fdd4fbcf 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -540,7 +540,7 @@ public static function backup_2fa() {
 		$nonce      = filter_input( INPUT_GET, 'wp-auth-nonce', FILTER_SANITIZE_STRING );
 		$provider   = filter_input( INPUT_GET, 'provider', FILTER_SANITIZE_STRING );
 
-		if ( ! $wp_auth_id || ! $wp_auth_nonce || ! $provider ) {
+		if ( ! $wp_auth_id || ! $nonce || ! $provider ) {
 			return;
 		}
 

From 3dd8b15bdb2214209aa0706764392296d28d6b57 Mon Sep 17 00:00:00 2001
From: Kaspars Dambis <hi@kaspars.net>
Date: Wed, 26 Aug 2020 11:55:55 +0300
Subject: [PATCH 2/8] Bump the tested WP version

---
 readme.md  | 16 ++++++++--------
 readme.txt |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/readme.md b/readme.md
index 6fbeca92..fd83f1e6 100644
--- a/readme.md
+++ b/readme.md
@@ -4,14 +4,14 @@
 ![Banner](assets/banner-1544x500.png)
 Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.
 
-**Contributors:** [georgestephanis](https://profiles.wordpress.org/georgestephanis), [valendesigns](https://profiles.wordpress.org/valendesigns), [stevenkword](https://profiles.wordpress.org/stevenkword), [extendwings](https://profiles.wordpress.org/extendwings), [sgrant](https://profiles.wordpress.org/sgrant), [aaroncampbell](https://profiles.wordpress.org/aaroncampbell), [johnbillion](https://profiles.wordpress.org/johnbillion), [stevegrunwell](https://profiles.wordpress.org/stevegrunwell), [netweb](https://profiles.wordpress.org/netweb), [kasparsd](https://profiles.wordpress.org/kasparsd), [alihusnainarshad](https://profiles.wordpress.org/alihusnainarshad), [passoniate](https://profiles.wordpress.org/passoniate)
-**Tags:** [two factor](https://wordpress.org/plugins/tags/two-factor), [two step](https://wordpress.org/plugins/tags/two-step), [authentication](https://wordpress.org/plugins/tags/authentication), [login](https://wordpress.org/plugins/tags/login), [totp](https://wordpress.org/plugins/tags/totp), [fido u2f](https://wordpress.org/plugins/tags/fido-u2f), [u2f](https://wordpress.org/plugins/tags/u2f), [email](https://wordpress.org/plugins/tags/email), [backup codes](https://wordpress.org/plugins/tags/backup-codes), [2fa](https://wordpress.org/plugins/tags/2fa), [yubikey](https://wordpress.org/plugins/tags/yubikey)
-**Requires at least:** 4.3
-**Tested up to:** 5.4
-**Stable tag:** trunk (master)
-**Requires PHP:** 5.6
-
-[![Build Status](https://travis-ci.org/WordPress/two-factor.svg?branch=master)](https://travis-ci.org/WordPress/two-factor) [![Coverage Status](https://coveralls.io/repos/WordPress/two-factor/badge.svg?branch=master)](https://coveralls.io/github/WordPress/two-factor) [![Built with Grunt](https://gruntjs.com/cdn/builtwith.svg)](http://gruntjs.com)
+**Contributors:** [georgestephanis](https://profiles.wordpress.org/georgestephanis), [valendesigns](https://profiles.wordpress.org/valendesigns), [stevenkword](https://profiles.wordpress.org/stevenkword), [extendwings](https://profiles.wordpress.org/extendwings), [sgrant](https://profiles.wordpress.org/sgrant), [aaroncampbell](https://profiles.wordpress.org/aaroncampbell), [johnbillion](https://profiles.wordpress.org/johnbillion), [stevegrunwell](https://profiles.wordpress.org/stevegrunwell), [netweb](https://profiles.wordpress.org/netweb), [kasparsd](https://profiles.wordpress.org/kasparsd), [alihusnainarshad](https://profiles.wordpress.org/alihusnainarshad), [passoniate](https://profiles.wordpress.org/passoniate)  
+**Tags:** [two factor](https://wordpress.org/plugins/tags/two-factor), [two step](https://wordpress.org/plugins/tags/two-step), [authentication](https://wordpress.org/plugins/tags/authentication), [login](https://wordpress.org/plugins/tags/login), [totp](https://wordpress.org/plugins/tags/totp), [fido u2f](https://wordpress.org/plugins/tags/fido-u2f), [u2f](https://wordpress.org/plugins/tags/u2f), [email](https://wordpress.org/plugins/tags/email), [backup codes](https://wordpress.org/plugins/tags/backup-codes), [2fa](https://wordpress.org/plugins/tags/2fa), [yubikey](https://wordpress.org/plugins/tags/yubikey)  
+**Requires at least:** 4.3  
+**Tested up to:** 5.5  
+**Stable tag:** trunk (master)  
+**Requires PHP:** 5.6  
+
+[![Build Status](https://travis-ci.org/wordpress/two-factor.svg?branch=master)](https://travis-ci.org/wordpress/two-factor) [![Coverage Status](https://coveralls.io/repos/wordpress/two-factor/badge.svg?branch=master)](https://coveralls.io/github/wordpress/two-factor) [![Built with Grunt](https://gruntjs.com/cdn/builtwith.svg)](http://gruntjs.com) 
 
 ## Description ##
 
diff --git a/readme.txt b/readme.txt
index b355343a..59aaee4a 100644
--- a/readme.txt
+++ b/readme.txt
@@ -2,7 +2,7 @@
 Contributors: georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd, alihusnainarshad, passoniate
 Tags: two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey
 Requires at least: 4.3
-Tested up to: 5.4
+Tested up to: 5.5
 Requires PHP: 5.6
 Stable tag: trunk
 

From 0434cacb2731f69d9d6bb91207239d93d6e9139c Mon Sep 17 00:00:00 2001
From: Kaspars Dambis <hi@kaspars.net>
Date: Wed, 26 Aug 2020 12:06:47 +0300
Subject: [PATCH 3/8] Another instance of the same variable naming issue

---
 class-two-factor-core.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index fdd4fbcf..e319cf62 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -811,7 +811,7 @@ public static function login_form_validate_2fa() {
 		$wp_auth_id = filter_input( INPUT_POST, 'wp-auth-id', FILTER_SANITIZE_NUMBER_INT );
 		$nonce      = filter_input( INPUT_POST, 'wp-auth-nonce', FILTER_SANITIZE_STRING );
 
-		if ( ! $wp_auth_id || ! $wp_auth_nonce ) {
+		if ( ! $wp_auth_id || ! $nonce ) {
 			return;
 		}
 

From dbc433fb5ea7982e8a8ea1db4f7095b8aafe9cfd Mon Sep 17 00:00:00 2001
From: Kaspars Dambis <hi@kaspars.net>
Date: Wed, 26 Aug 2020 12:11:26 +0300
Subject: [PATCH 4/8] There are now a lot of apps and tools that do this

Fixes #367
---
 providers/class-two-factor-totp.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php
index 7cc0c147..5c349190 100644
--- a/providers/class-two-factor-totp.php
+++ b/providers/class-two-factor-totp.php
@@ -71,7 +71,7 @@ public static function get_instance() {
 	 * Returns the name of the provider.
 	 */
 	public function get_label() {
-		return _x( 'Time Based One-Time Password (Google Authenticator)', 'Provider Label', 'two-factor' );
+		return _x( 'Time Based One-Time Password (TOTP)', 'Provider Label', 'two-factor' );
 	}
 
 	/**

From 2dcc8f2c7bce996fb0702cf07664021ace3b4734 Mon Sep 17 00:00:00 2001
From: Kaspars Dambis <hi@kaspars.net>
Date: Wed, 26 Aug 2020 12:20:27 +0300
Subject: [PATCH 5/8] =?UTF-8?q?Explain=20what=20code=20we=E2=80=99re=20exp?=
 =?UTF-8?q?ecting=20here?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes #380
---
 providers/class-two-factor-totp.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php
index 5c349190..5c3ab7b4 100644
--- a/providers/class-two-factor-totp.php
+++ b/providers/class-two-factor-totp.php
@@ -454,6 +454,9 @@ public function is_available_for_user( $user ) {
 	public function authentication_page( $user ) {
 		require_once ABSPATH . '/wp-admin/includes/template.php';
 		?>
+		<p>
+			<?php esc_html_e( 'Please enter the code generated by your authenticator app.', 'two-factor' ); ?>
+		</p>
 		<p>
 			<label for="authcode"><?php esc_html_e( 'Authentication Code:', 'two-factor' ); ?></label>
 			<input type="tel" autocomplete="off" name="authcode" id="authcode" class="input" value="" size="20" pattern="[0-9]*" />

From 65695a53f09d50d4276e03ab1b42df0b8ad3c753 Mon Sep 17 00:00:00 2001
From: Kaspars Dambis <hi@kaspars.net>
Date: Wed, 26 Aug 2020 12:28:10 +0300
Subject: [PATCH 6/8] People associate U2F with physical keys so we make it
 friendlier this way

---
 providers/class-two-factor-fido-u2f.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/class-two-factor-fido-u2f.php b/providers/class-two-factor-fido-u2f.php
index ff4fd29a..330451c2 100644
--- a/providers/class-two-factor-fido-u2f.php
+++ b/providers/class-two-factor-fido-u2f.php
@@ -116,7 +116,7 @@ public static function get_u2f_app_id() {
 	 * @since 0.1-dev
 	 */
 	public function get_label() {
-		return _x( 'FIDO Universal 2nd Factor (U2F)', 'Provider Label', 'two-factor' );
+		return _x( 'FIDO U2F Security Keys', 'Provider Label', 'two-factor' );
 	}
 
 	/**

From b626a484ec673f6ae88df967e80e33bd234f0ce1 Mon Sep 17 00:00:00 2001
From: Kaspars Dambis <hi@kaspars.net>
Date: Wed, 26 Aug 2020 12:28:35 +0300
Subject: [PATCH 7/8] Describe why it is not possible to view the QR code again

---
 providers/class-two-factor-totp.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php
index 5c3ab7b4..11f71f6e 100644
--- a/providers/class-two-factor-totp.php
+++ b/providers/class-two-factor-totp.php
@@ -142,7 +142,7 @@ public function user_two_factor_options( $user ) {
 			</p>
 		<?php else : ?>
 			<p class="success">
-				<?php esc_html_e( 'Secret key configured and registered.', 'two-factor' ); ?>
+				<?php esc_html_e( 'Secret key is configured and registered. It is not possible to view it again for security reasons.', 'two-factor' ); ?>
 			</p>
 			<p>
 				<a class="button" href="<?php echo esc_url( self::get_token_delete_url_for_user( $user->ID ) ); ?>"><?php esc_html_e( 'Reset Key', 'two-factor' ); ?></a>

From ad02052b8c5220a55dcb2f283f6eccae31518bf2 Mon Sep 17 00:00:00 2001
From: Kaspars Dambis <hi@kaspars.net>
Date: Wed, 26 Aug 2020 12:34:09 +0300
Subject: [PATCH 8/8] Update the tests to match the new names

---
 tests/providers/class-two-factor-fido-u2f.php | 2 +-
 tests/providers/class-two-factor-totp.php     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/providers/class-two-factor-fido-u2f.php b/tests/providers/class-two-factor-fido-u2f.php
index 797296cb..833e2e83 100644
--- a/tests/providers/class-two-factor-fido-u2f.php
+++ b/tests/providers/class-two-factor-fido-u2f.php
@@ -50,7 +50,7 @@ public function setUp() {
 	 * Verify the label value.
 	 */
 	public function test_get_label() {
-		$this->assertContains( 'FIDO Universal 2nd Factor (U2F)', $this->provider->get_label() );
+		$this->assertContains( 'FIDO U2F Security Keys', $this->provider->get_label() );
 	}
 
 	/**
diff --git a/tests/providers/class-two-factor-totp.php b/tests/providers/class-two-factor-totp.php
index 75247c0c..be5e72c5 100644
--- a/tests/providers/class-two-factor-totp.php
+++ b/tests/providers/class-two-factor-totp.php
@@ -57,7 +57,7 @@ public function test_get_instance() {
 	 * @covers Two_Factor_Totp::get_label
 	 */
 	public function test_get_label() {
-		$this->assertContains( 'Google Authenticator', $this->provider->get_label() );
+		$this->assertContains( 'Time Based One-Time Password (TOTP)', $this->provider->get_label() );
 	}
 
 	/**