[WIP] Two Factor User Profile Shortcode

[kasparsd]

Fixes #247.

Approach

• Abstract the profile settings away from WP core user profile.

• Introduce a shortcode for rendering the two-factor user settings.

Known Issues

• WP_List_Table used for FIDO U2F settings doesn't work outside WP admin.

    Fatal error: Uncaught Error: Call to undefined function convert_to_screen() in /srv/www/wordpress-default/wp-admin/includes/class-wp-list-table.php:132 Stack trace: #0 /srv/www/projects/plugins/two-factor/providers/class.two-factor-fido-u2f-admin.php(182): WP_List_Table->__construct() #1 /srv/www/wordpress-default/wp-includes/class-wp-hook.php(286): Two_Factor_FIDO_U2F_Admin::show_user_profile(Object(WP_User)) #2 /srv/www/wordpress-default/wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters('', Array) #3 /srv/www/wordpress-default/wp-includes/plugin.php(453): WP_Hook->do_action(Array) #4 /srv/www/projects/plugins/two-factor/class.two-factor-core.php(748): do_action('show_user_secur...', Object(WP_User)) #5 /srv/www/projects/plugins/two-factor/class.two-factor-core.php(235): Two_Factor_Core::user_two_factor_options(Object(WP_User)) #6 /srv/www/wordpress-default/wp-includes/shortcodes.php(319): Two_Factor_Core::user_profile_shortcode('', '', 'two-factor-user...') #7 [internal function]: do_shortcode_tag(Array) #8 /sr in /srv/www/wordpress-default/wp-admin/includes/class-wp-list-table.php on line 132
  

[olasinola]

I understand that there are issues with FIDO U2F not working outside WP admin and also some issues with multi sites. But, is there a way I can use the shortcode feature without FIDO U2F. I am willing to experiment it on a single production site.

[olasinola]

The new interface for updating TOTP is not working, I used -
public function user_two_factor_options_update( $user_id ) instead of public function save_user_settings( $user ) { in providers/class.two-factor-totp.php and also deleted public function save_user_settings( $user ) {} from providers/class.two-factor-provider.php

This resolved the setting of the key in the admin as well as on the front end. public function save_user_settings( $user ) is not setting the TOTP key.

The frontend shortcode is working for TOTP, I have not tried FIDO U2F.

[kasparsd]

Thanks for testing the work in progress @olasinola!

As you can see -- this is a pretty large changeset and touches many areas of the plugin so I'm not sure this can be implemented in one go without breaking things. I also don't know when I'll have time to continue with this. It would be useful to split this up into smaller fixes somehow.

[naomicbush]

Hi everyone. We needed 2FA for our WordPress meetup website and @wpscholar recommended this plugin over the other ones, so I merged this feature/profile-shortcode branch into the current master to get the latest updates, and then fixed the code so that the TOTP settings actually save from the front-end shortcode.

I wasn't sure of the protocol for coming in on someone else's branch (and it doesn't look like there's any discussion the Slack channel), so you can find the working copy on the master branch here:

https://github.com/wpgwinnett/two-factor

@olasinola save_user_settings actually works great — it just wasn't being called anywhere 😄 The action hooks were still calling the old function so I just subbed in save_user_settings and all worked well

[gytisrepecka]

Hi everyone. We needed 2FA for our WordPress meetup website and @wpscholar recommended this plugin over the other ones, so I merged this feature/profile-shortcode branch into the current master to get the latest updates, and then fixed the code so that the TOTP settings actually save from the front-end shortcode.

@naomicbush was it able to show TOTP QR code and backup keys as well? You mean you've got it fully functional from shortcode in frontend?

[gytisrepecka]

Just recently tried - https://github.com/wpgwinnett/two-factor (master branch) gives fatal errors on current version of WordPress.

[gytisrepecka]

@kasparsd any chances porting feature/profile-shortcode to current master?

[jeffpaul]

@kasparsd perhaps this might be best to close and look to craft a block for this instead?

[kasparsd]

This requires a fresh start so I'm closing it out.