Sync two-factor session meta to newly created sessions

[dd32]

What?

Copies two-factor session information from the current session to newly created sessions.

Fixes #573

Why?

WordPress creates a new session when the user changes their password, for no particular reason.

See https://core.trac.wordpress.org/ticket/58427
See WordPress/wporg-two-factor#191

How?

Testing Instructions

See screen recording. The debug shown is from this change:

diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index 53fa43b..ce5b197 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -1718,6 +1718,11 @@ class Two_Factor_Core {
                        $show_2fa_options ? '' : 'disabled="disabled"',
                );

+       echo '<pre>'; var_dump( [
+               'token' => wp_get_session_token(),
+               'session' => Two_Factor_Core::get_current_user_session(),
+       ] ); echo '</pre>';
+
                wp_nonce_field( 'user_two_factor_options', '_nonce_user_two_factor_options', false );
                ?>
                <input type="hidden" name="<?php echo esc_attr( self::ENABLED_PROVIDERS_USER_META_KEY ); ?>[]" value="<?php /* Dummy input so $_POST value is passed when no providers are enabled. */ ?>" />

Screenshots or screencast

See the Issue for the before.

Note that in the recording the Session token changes, but the metadata remains.

Screen.Recording.2023-05-30.at.3.25.00.pm.mov

Changelog Entry

N/A - Fix for an unreleased change: #528

[iandunn]

Code looks good and it works in my tests 👍🏻