Bug #18118
closed
Two Factor v0.8 breaks our BP Two Factor frontend implementation
Added by Raymond Hoh about 1 year ago.
Updated about 1 year ago.
Category name:
Authentication
Description
I received a report that our BP Two Factor plugin is broken due to changes in the latest, major version of the core Two Factor plugin -- v0.8.0. In v0.8.0, the Two Factor plugin switched to using the WP REST API to do various save routines and removed some previous code that our BP Two Factor plugin was referencing.
What this means is if you go to /members/USERNAME/settings/, you will get a fatal error. I have committed some fixes in my repo and have added them to production without committing so the user settings page will still be functioning. However, there are still some usability things I want to sort out before committing such as ensuring the TOTP checkbox is checked after successful TOTP setup and ensuring some of our custom verbiage is used. I'm looking into this.
- Status changed from New to Resolved
I've made some fixes to be fully compatible with two-factor v0.8.0. See https://github.com/r-a-y/bp-two-factor/issues/1. Apart from the fatal error fix, the most notable change is when setting up Time Based One-Time Passwords (TOTP). The Two Factor Core plugin no longer requires a page refresh to validate the TOTP set up or to reset the TOTP secret key; it uses the REST API and AJAX to do that now. This necessitated changing parts of the JS and how our plugin modifies the default strings so it will use our custom verbiage during REST API requests.
I've committed the fixes to v2.1.x branch here: https://github.com/cuny-academic-commons/cac/commit/0ef24b582882f8b308249f51330831203987cca6 . And have deployed the fix to production.
Also available in: Atom
PDF