Enable TOTP method when method is configured #643
Conversation
…s one of the enabled options
| @@ -818,52 +818,52 @@ public function test_show_password_reset_error() { | |||
| public function test_enable_disable_provider_for_user() { | |||
| $user = self::factory()->user->create_and_get(); | |||
| $enabled_providers = Two_Factor_Core::get_enabled_providers_for_user( $user->ID ); | |||
| $this->assertEmpty( $enabled_providers ); | |||
| $this->assertEmpty( $enabled_providers, 'No providers are enabled by default' ); | |||
There was a problem hiding this comment.
These help us identify failing tests instead of just showing the test method name.
| @@ -151,6 +151,10 @@ public function rest_delete_totp( $request ) { | |||
|
|
|||
| $this->delete_user_totp_key( $user_id ); | |||
|
|
|||
| if ( ! Two_Factor_Core::disable_provider_for_user( $user_id, 'Two_Factor_Totp' ) ) { | |||
There was a problem hiding this comment.
Deleting the TOTP key now also disables the method because it is unusable without the key.
| if ( in_array( $new_provider, $enabled_providers ) ) { | ||
| return true; | ||
| } | ||
|
|
||
| $enabled_providers[] = $new_provider; | ||
| $enabled = update_user_meta( $user_id, self::ENABLED_PROVIDERS_USER_META_KEY, $enabled_providers ); | ||
|
|
||
| // Primary provider must be enabled. |
There was a problem hiding this comment.
The primary provider is determined during get_primary_provider_for_user() so there is no need update it here. If no primary is configured, we always default to the first enabled.
| @@ -1902,30 +1901,20 @@ public static function user_two_factor_options( $user ) { | |||
| * @return bool True if the provider was enabled, false otherwise. | |||
| */ | |||
| public static function enable_provider_for_user( $user_id, $new_provider ) { | |||
| $available_providers = self::get_providers(); | |||
There was a problem hiding this comment.
This method is very heavy as it will instantiate new set of provider classes on every call. That's why we introduced get_provider_classes() earlier which doesn't do any of that.
| @@ -386,8 +391,10 @@ public function user_two_factor_options( $user ) { | |||
|
|
|||
| $error.find('p').text( errorMessage ); | |||
|
|
|||
| $( '#enabled-Two_Factor_Totp' ).prop( 'checked', false ); | |||
There was a problem hiding this comment.
We now enable the TOTP method when the key has been registered by default.
What?
Users expect a method to be enabled if they chose to configure it.
Why?
Fixes #556.
How?
Testing Instructions
Setup workflow:
Reset workflow:
Screenshots or screencast
totp-actions.mp4
Changelog Entry