Skip to content

Fixing bug where Super Admins cannot setup Time Based One-Time Password as first Two Factor option on WP VIP #560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dd32 merged 2 commits into from
May 2, 2023
Merged

Fixing bug where Super Admins cannot setup Time Based One-Time Password as first Two Factor option on WP VIP #560

dd32 merged 2 commits into from
May 2, 2023

Conversation

@spenserhale
Copy link
Contributor

@spenserhale spenserhale commented Apr 28, 2023

What

Fixing bug where WP VIP Super Admins and WooCommerce shop_manager cannot setup Time Based One-Time Password as their first Two Factor option. Please have a look at #559 for more detailed information.

Why

Fixes #559
Fixes #557

How?

I am setting the controller parameter configuration to have user_id as an integer instead of a number because strict comparison requires matching types.

Steps to Test

  1. Setup a multisite
  2. Create a new user that is a super_admin
  3. Log in as the new super_admin
  4. Go to wp-admin > Edit Profile
  5. Submit an authentication code

Changelog Entry

Fixing bug where WP VIP Super Admins and WooCommerce shop_manager cannot setup Time Based One-Time Password as their first Two Factor option

Notes

Original PR: Automattic/vip-go-mu-plugins#4410

@spenserhale
fix(Two_Factor_Totp): setting user_id type to integer instead of number
541e4e0 
current_user_can() expects user_id to be integer

Fixes WordPress#559
Fixes WordPress#557
@spenserhale
refactor(Two_Factor_Backup_Codes): setting user_id type to integer in…
7fac436 
…stead of number

to make consistent with Two_Factor_Totp
@spenserhale spenserhale mentioned this pull request Apr 28, 2023
Closed
@dd32 dd32 added Bug TOTP Time-based One-time Passwords Backup Codes PHP Pull requests that update Php code labels May 2, 2023
@dd32 dd32 added this to the 0.9.0 milestone May 2, 2023
@dd32 dd32 merged commit c725c9b into WordPress:master May 2, 2023
@benlk
Copy link

benlk commented May 18, 2023

I was just about to report this bug, based on an experience I'm having with a VIP Go site. Thanks!

@benlk benlk mentioned this pull request May 18, 2023
Closed
dd32 pushed a commit that referenced this pull request May 22, 2023
@spenserhale @dd32
Use the integer REST API type instead of number, to resolve overly st…
441690f 
…rict user_id capability checks (#560)

* Fixing bug where Super Admins cannot setup Time Based One-Time Password as first Two Factor option on WP VIP
* refactor(Two_Factor_Backup_Codes): setting user_id type to integer instead of number to make consistent with Two_Factor_Totp

Fixes #559
Fixes #557
@jeffpaul jeffpaul modified the milestones: 0.9.0, 0.8.2 May 24, 2023
@jeffpaul jeffpaul linked an issue Aug 7, 2023 that may be closed by this pull request
WooCommerce Shop Manager role "Sorry, you are not allowed to do that" error when entering auth code for TOTP #584
Closed
@kasparsd kasparsd mentioned this pull request Apr 23, 2024
Merged
@jeffpaul jeffpaul modified the milestones: 0.8.2, 0.9.0 Jul 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Backup Codes PHP Pull requests that update Php code TOTP Time-based One-time Passwords

Projects

None yet

Milestone

0.9.0

4 participants

@spenserhale @benlk @dd32 @jeffpaul