Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable-2FA notice shown when already setup #144

Draft
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Draft

Enable-2FA notice shown when already setup #144

wants to merge 1 commit into from

Conversation

dd32
Copy link
Member

@dd32 dd32 commented May 2, 2023

remove_capabilities_until_2fa_enabled() doesn't verify that the accounts capabilities being filtered is the current user, as a result, running user_can( $other_user, 'admin_only_cap' ) will cause this plugin to add the enable-2fa notice.

  • Unit tests

@dd32 dd32 marked this pull request as ready for review May 4, 2023 07:47
@dd32
Copy link
Member Author

dd32 commented Jan 9, 2024
edited
Loading

I'm not convinced this PR is correct anymore.

I do suspect the notice is still being added incorrectly, and should be gated like so:

		if ( get_current_user_id() === $user->ID ) {
			add_action( 'admin_notices', __NAMESPACE__ . '\render_2fa_admin_notice' );
			add_filter( 'wporg_global_header_alert_markup', __NAMESPACE__ . '\get_enable_2fa_notice' );
		}

I can duplicate the notice appearing incorrectly still when viewing https://wordpress.org/support/plugin/test-plugin-3/reviews/

I haven't been able to create a unit test that shows the behaviour however..

@dd32 dd32 marked this pull request as draft January 9, 2024 07:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dd32