Skip to content

Add filter for rest_api_can_edit_user_and_update_two_factor_options#689

Merged
kasparsd merged 2 commits intoWordPress:masterfrom
gutobenn:add_filter_rest_api_can_edit_user
Dec 10, 2025
Merged

Add filter for rest_api_can_edit_user_and_update_two_factor_options#689
kasparsd merged 2 commits intoWordPress:masterfrom
gutobenn:add_filter_rest_api_can_edit_user

Conversation

@gutobenn
Copy link
Contributor

@gutobenn gutobenn commented May 7, 2025

What?

Introduce a new filter hook in the Two_Factor_Core::rest_api_can_edit_user_and_update_two_factor_options method.

Why?

To allow developers to programmatically control whether REST API endpoints related to Two-Factor authentication can edit a specific user’s settings.

How?

Added a new filter, two_factor_rest_api_can_edit_user, which allows overriding the default behavior by modifying the return value of the rest_api_can_edit_user_and_update_two_factor_options method.

Testing Instructions

The following snippet disables Two-Factor-related REST API endpoints (rest_setup_totp, rest_delete_totp, and rest_generate_codes) for a specific user (user ID 123):

add_filter( 'two_factor_rest_api_can_edit_user', function( $can_edit, $user_id ) {
    if ( $user_id === 123 ) {
        return false;
    }

    return $can_edit;
}, 10, 2 );

Testing Instructions

  1. Apply the above filter to your codebase.
  2. Attempt to call the Two-Factor-related REST API endpoints for user ID 123.
  3. Confirm that the calls are blocked.
  4. Ensure the endpoints continue to work for other users.

Changelog Entry

Added - New two_factor_rest_api_can_edit_user filter to control edit permissions via the REST API for specific users

@jeffpaul jeffpaul added this to the Future Release milestone May 7, 2025
@jeffpaul jeffpaul requested a review from kasparsd May 7, 2025 17:22
kasparsd
kasparsd approved these changes Dec 10, 2025
View reviewed changes
Copy link
Collaborator

@kasparsd kasparsd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, thanks for your contribution @gutobenn!

Let me know if you don't have the capacity to document the filter and we can address that in a follow-up pull request.

@gutobenn
Copy link
Contributor Author

gutobenn commented Dec 10, 2025

@kasparsd done ;)

@kasparsd kasparsd merged commit 605d066 into WordPress:master Dec 10, 2025
3 of 27 checks passed
@jeffpaul jeffpaul modified the milestones: Future Release, 0.15.0 Dec 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kasparsd kasparsd kasparsd approved these changes

Assignees

@gutobenn gutobenn

Labels

None yet

Projects

None yet

Milestone

0.14.2

Development

Successfully merging this pull request may close these issues.

3 participants

@gutobenn @kasparsd @jeffpaul