Making WordPress.org

Changeset 13926


Ignore:
Timestamp:
07/26/2024 03:59:52 AM (7 weeks ago)
Author:
dd32
Message:

Login: Remind users to enable 2FA upon login if they should have it enabled.

Currently this is only for "special" users, but user_should_2fa() will be extended to other roles soon.

Closes https://github.com/WordPress/wordpress.org/pull/351
See https://github.com/WordPress/wporg-two-factor/pull/288

Location:
sites/trunk
Files:
1 added
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r13917 r13926  
    11<?php
     2use function WordPressdotorg\Two_Factor\user_should_2fa;
     3
    24/**
    35 * WordPress-specific WPORG SSO: redirects all WP login and registration screens to our SSO ones.
     
    2729            // Primarily for logged in users.
    2830            'updated-tos'     => '/updated-policies',
     31            'enable-2fa'      => '/enable-2fa',
    2932            'logout'          => '/logout',
    3033
     
    9497                    // Updated TOS interceptor.
    9598                    add_filter( 'send_auth_cookies', [ $this, 'maybe_block_auth_cookies' ], 100, 5 );
     99
     100                    // Maybe nag about 2FA
     101                    add_filter( 'login_redirect', [ $this, 'maybe_redirect_to_enable_2fa' ], 1000, 3 );
    96102                }
    97103            }
     
    811817
    812818        /**
     819         * Redirects the user to a "please enable 2fa" page after login.
     820         */
     821        public function maybe_redirect_to_enable_2fa( $redirect, $orig_redirect, $user ) {
     822            if (
     823                ! str_contains( $redirect, '/enable-2fa' ) &&
     824                ! is_wp_error( $user ) &&
     825                user_should_2fa( $user ) &&
     826                ! Two_Factor_Core::is_user_using_two_factor( $user->ID )
     827            ) {
     828                $redirect = add_query_arg(
     829                    'redirect_to',
     830                    urlencode( $redirect ),
     831                    home_url( '/enable-2fa' )
     832                );
     833            }
     834
     835            return $redirect;
     836        }
     837
     838        /**
    813839         * Whether the given user_id has agreed to the current version of the TOS.
    814840         */
Note: See TracChangeset for help on using the changeset viewer.