Skip to content

Commit

Permalink
Ensure that doesn't 'fail open' if existing providers poof.
Browse files Browse the repository at this point in the history 
This also ensures if a user only had U2F enabled, and it's deprecated and removed, that it won't "fail open" for lack of any available methods.

If Email is available, shove it in.  If not, return an error.
  • Loading branch information
@georgestephanis
georgestephanis committed Aug 24, 2023
1 parent f2227ab commit c79bbcc
Showing 1 changed file with 24 additions and 2 deletions.
26 changes: 24 additions & 2 deletions class-two-factor-core.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -413,15 +413,37 @@ public static function get_enabled_providers_for_user( $user = null ) {
if ( empty( $enabled_providers ) ) {
$enabled_providers = array();
}
$enabled_providers = array_intersect( $enabled_providers, array_keys( $providers ) );
$enabled_existing_providers = array_intersect( $enabled_providers, array_keys( $providers ) );

/**
* If the user had enabled providers, but none of them exist currently,
* if emailed codes is available force it to be on, so that deprecated
* or removed providers don't result in the two-factor requirement being
* removed and 'failing open'.
*/
if ( $enabled_providers && empty( $enabled_existing_providers ) ) {
if ( isset( $providers['Two_Factor_Email'] ) ) {
// Force Emailed codes to 'on'.
$enabled_existing_providers[] = 'Two_Factor_Email';
} else {
return new WP_Error(
'no_available_2fa_methods',
__( 'Error: User has Two Factor method(s) enabled, but provider(s) no longer exist,', 'two-factor' ),
array(
'enabled_providers' => $enabled_providers,
'available_providers' => array_keys( $providers ),
)
);
}
}

/**
* Filter the enabled two-factor authentication providers for this user.
*
* @param array $enabled_providers The enabled providers.
* @param int $user_id The user ID.
*/
return apply_filters( 'two_factor_enabled_providers_for_user', $enabled_providers, $user->ID );
return apply_filters( 'two_factor_enabled_providers_for_user', $enabled_existing_providers, $user->ID );
}

/**
Expand Down

0 comments on commit c79bbcc

Please sign in to comment.