Changeset 12578

Timestamp:

05/08/2023 05:46:57 AM (2 years ago)

Author:

dd32

Message:

Login: SSO: Allow for the 2FA revalidate_2fa to be presented on other origins.

See ​https://github.com/WordPress/wporg-two-factor/pull/147.

File:

• sites/trunk/common/includes/wporg-sso/wp-plugin.php (modified) (2 diffs)

sites/trunk/common/includes/wporg-sso/wp-plugin.php

@@ -283 +283 @@
                     // Allow logout to process. See self::login_form_logout()
                     if ( isset( $_GET['action'] ) && empty( $_POST ) && 'logout' == $_GET['action'] ) {
+                        return;
+                    }
+
+                    // Don't redirect the 2fa 'revalidate_2fa' handler to login.wordpress.org when presented on WordPress.org
+                    if ( isset( $_REQUEST['action'] ) && 'revalidate_2fa' == $_REQUEST['action'] ) {
                         return;
                     }
@@ -421 +426 @@
             }
 
+            // Don't alter the revalidate 2fa form.
+            if ( str_contains( $url, 'wp-login.php?action=revalidate_2fa' ) ) {
+                return $url;
+            }
+
             return $this->sso_host_url . '/wp-login.php';
         }