Project

General

Profile

Actions

Bug #18118

closed

Two Factor v0.8 breaks our BP Two Factor frontend implementation

Added by Raymond Hoh over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
Authentication
Target version:
Start date:
2023-04-25
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

I received a report that our BP Two Factor plugin is broken due to changes in the latest, major version of the core Two Factor plugin -- v0.8.0. In v0.8.0, the Two Factor plugin switched to using the WP REST API to do various save routines and removed some previous code that our BP Two Factor plugin was referencing.

What this means is if you go to /members/USERNAME/settings/, you will get a fatal error. I have committed some fixes in my repo and have added them to production without committing so the user settings page will still be functioning. However, there are still some usability things I want to sort out before committing such as ensuring the TOTP checkbox is checked after successful TOTP setup and ensuring some of our custom verbiage is used. I'm looking into this.

Actions #1

Updated by Raymond Hoh over 1 year ago

  • Status changed from New to Resolved

I've made some fixes to be fully compatible with two-factor v0.8.0. See https://github.com/r-a-y/bp-two-factor/issues/1. Apart from the fatal error fix, the most notable change is when setting up Time Based One-Time Passwords (TOTP). The Two Factor Core plugin no longer requires a page refresh to validate the TOTP set up or to reset the TOTP secret key; it uses the REST API and AJAX to do that now. This necessitated changing parts of the JS and how our plugin modifies the default strings so it will use our custom verbiage during REST API requests.

I've committed the fixes to v2.1.x branch here: https://github.com/cuny-academic-commons/cac/commit/0ef24b582882f8b308249f51330831203987cca6 . And have deployed the fix to production.

Actions

Also available in: Atom PDF