Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix backup authentication method variable resolution #381

Merged
merged 8 commits into from
Aug 26, 2020
4 changes: 2 additions & 2 deletions class-two-factor-core.php
Original file line number Diff line number Diff line change
Expand Up @@ -540,7 +540,7 @@ public static function backup_2fa() {
$nonce = filter_input( INPUT_GET, 'wp-auth-nonce', FILTER_SANITIZE_STRING );
$provider = filter_input( INPUT_GET, 'provider', FILTER_SANITIZE_STRING );

if ( ! $wp_auth_id || ! $wp_auth_nonce || ! $provider ) {
if ( ! $wp_auth_id || ! $nonce || ! $provider ) {
return;
}

Expand Down Expand Up @@ -811,7 +811,7 @@ public static function login_form_validate_2fa() {
$wp_auth_id = filter_input( INPUT_POST, 'wp-auth-id', FILTER_SANITIZE_NUMBER_INT );
$nonce = filter_input( INPUT_POST, 'wp-auth-nonce', FILTER_SANITIZE_STRING );

if ( ! $wp_auth_id || ! $wp_auth_nonce ) {
if ( ! $wp_auth_id || ! $nonce ) {
return;
}

Expand Down
2 changes: 1 addition & 1 deletion providers/class-two-factor-fido-u2f.php
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ public static function get_u2f_app_id() {
* @since 0.1-dev
*/
public function get_label() {
return _x( 'FIDO Universal 2nd Factor (U2F)', 'Provider Label', 'two-factor' );
return _x( 'FIDO U2F Security Keys', 'Provider Label', 'two-factor' );
}

/**
Expand Down
7 changes: 5 additions & 2 deletions providers/class-two-factor-totp.php
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ public static function get_instance() {
* Returns the name of the provider.
*/
public function get_label() {
return _x( 'Time Based One-Time Password (Google Authenticator)', 'Provider Label', 'two-factor' );
return _x( 'Time Based One-Time Password (TOTP)', 'Provider Label', 'two-factor' );
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are more ways to do TOTP these days so make it generic.

}

/**
Expand Down Expand Up @@ -142,7 +142,7 @@ public function user_two_factor_options( $user ) {
</p>
<?php else : ?>
<p class="success">
<?php esc_html_e( 'Secret key configured and registered.', 'two-factor' ); ?>
<?php esc_html_e( 'Secret key is configured and registered. It is not possible to view it again for security reasons.', 'two-factor' ); ?>
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has been a frequent question in the support forums so we explain why the secret key is not shown again.

</p>
<p>
<a class="button" href="<?php echo esc_url( self::get_token_delete_url_for_user( $user->ID ) ); ?>"><?php esc_html_e( 'Reset Key', 'two-factor' ); ?></a>
Expand Down Expand Up @@ -454,6 +454,9 @@ public function is_available_for_user( $user ) {
public function authentication_page( $user ) {
require_once ABSPATH . '/wp-admin/includes/template.php';
?>
<p>
<?php esc_html_e( 'Please enter the code generated by your authenticator app.', 'two-factor' ); ?>
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Explain where to get the code from.

</p>
<p>
<label for="authcode"><?php esc_html_e( 'Authentication Code:', 'two-factor' ); ?></label>
<input type="tel" autocomplete="off" name="authcode" id="authcode" class="input" value="" size="20" pattern="[0-9]*" />
Expand Down
16 changes: 8 additions & 8 deletions readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,14 @@
![Banner](assets/banner-1544x500.png)
Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.

**Contributors:** [georgestephanis](https://profiles.wordpress.org/georgestephanis), [valendesigns](https://profiles.wordpress.org/valendesigns), [stevenkword](https://profiles.wordpress.org/stevenkword), [extendwings](https://profiles.wordpress.org/extendwings), [sgrant](https://profiles.wordpress.org/sgrant), [aaroncampbell](https://profiles.wordpress.org/aaroncampbell), [johnbillion](https://profiles.wordpress.org/johnbillion), [stevegrunwell](https://profiles.wordpress.org/stevegrunwell), [netweb](https://profiles.wordpress.org/netweb), [kasparsd](https://profiles.wordpress.org/kasparsd), [alihusnainarshad](https://profiles.wordpress.org/alihusnainarshad), [passoniate](https://profiles.wordpress.org/passoniate)
**Tags:** [two factor](https://wordpress.org/plugins/tags/two-factor), [two step](https://wordpress.org/plugins/tags/two-step), [authentication](https://wordpress.org/plugins/tags/authentication), [login](https://wordpress.org/plugins/tags/login), [totp](https://wordpress.org/plugins/tags/totp), [fido u2f](https://wordpress.org/plugins/tags/fido-u2f), [u2f](https://wordpress.org/plugins/tags/u2f), [email](https://wordpress.org/plugins/tags/email), [backup codes](https://wordpress.org/plugins/tags/backup-codes), [2fa](https://wordpress.org/plugins/tags/2fa), [yubikey](https://wordpress.org/plugins/tags/yubikey)
**Requires at least:** 4.3
**Tested up to:** 5.4
**Stable tag:** trunk (master)
**Requires PHP:** 5.6

[![Build Status](https://travis-ci.org/WordPress/two-factor.svg?branch=master)](https://travis-ci.org/WordPress/two-factor) [![Coverage Status](https://coveralls.io/repos/WordPress/two-factor/badge.svg?branch=master)](https://coveralls.io/github/WordPress/two-factor) [![Built with Grunt](https://gruntjs.com/cdn/builtwith.svg)](http://gruntjs.com)
**Contributors:** [georgestephanis](https://profiles.wordpress.org/georgestephanis), [valendesigns](https://profiles.wordpress.org/valendesigns), [stevenkword](https://profiles.wordpress.org/stevenkword), [extendwings](https://profiles.wordpress.org/extendwings), [sgrant](https://profiles.wordpress.org/sgrant), [aaroncampbell](https://profiles.wordpress.org/aaroncampbell), [johnbillion](https://profiles.wordpress.org/johnbillion), [stevegrunwell](https://profiles.wordpress.org/stevegrunwell), [netweb](https://profiles.wordpress.org/netweb), [kasparsd](https://profiles.wordpress.org/kasparsd), [alihusnainarshad](https://profiles.wordpress.org/alihusnainarshad), [passoniate](https://profiles.wordpress.org/passoniate)
**Tags:** [two factor](https://wordpress.org/plugins/tags/two-factor), [two step](https://wordpress.org/plugins/tags/two-step), [authentication](https://wordpress.org/plugins/tags/authentication), [login](https://wordpress.org/plugins/tags/login), [totp](https://wordpress.org/plugins/tags/totp), [fido u2f](https://wordpress.org/plugins/tags/fido-u2f), [u2f](https://wordpress.org/plugins/tags/u2f), [email](https://wordpress.org/plugins/tags/email), [backup codes](https://wordpress.org/plugins/tags/backup-codes), [2fa](https://wordpress.org/plugins/tags/2fa), [yubikey](https://wordpress.org/plugins/tags/yubikey)
**Requires at least:** 4.3
**Tested up to:** 5.5
**Stable tag:** trunk (master)
**Requires PHP:** 5.6

[![Build Status](https://travis-ci.org/wordpress/two-factor.svg?branch=master)](https://travis-ci.org/wordpress/two-factor) [![Coverage Status](https://coveralls.io/repos/wordpress/two-factor/badge.svg?branch=master)](https://coveralls.io/github/wordpress/two-factor) [![Built with Grunt](https://gruntjs.com/cdn/builtwith.svg)](http://gruntjs.com)

## Description ##

Expand Down
2 changes: 1 addition & 1 deletion readme.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
Contributors: georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd, alihusnainarshad, passoniate
Tags: two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey
Requires at least: 4.3
Tested up to: 5.4
Tested up to: 5.5
Requires PHP: 5.6
Stable tag: trunk

Expand Down
2 changes: 1 addition & 1 deletion tests/providers/class-two-factor-fido-u2f.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public function setUp() {
* Verify the label value.
*/
public function test_get_label() {
$this->assertContains( 'FIDO Universal 2nd Factor (U2F)', $this->provider->get_label() );
$this->assertContains( 'FIDO U2F Security Keys', $this->provider->get_label() );
}

/**
Expand Down
2 changes: 1 addition & 1 deletion tests/providers/class-two-factor-totp.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public function test_get_instance() {
* @covers Two_Factor_Totp::get_label
*/
public function test_get_label() {
$this->assertContains( 'Google Authenticator', $this->provider->get_label() );
$this->assertContains( 'Time Based One-Time Password (TOTP)', $this->provider->get_label() );
}

/**
Expand Down