add date and time information above totp setup instructions#772
add date and time information above totp setup instructions#772kasparsd merged 3 commits intoWordPress:masterfrom
Conversation
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
providers/class-two-factor-totp.php
Outdated
| $datetime = wp_date( get_option( 'date_format' ) . ' ' . get_option( 'time_format' ) ); | ||
| $tz_display = wp_timezone_string(); | ||
| ?> | ||
| <p class="two-factor-server-datetime"> |
There was a problem hiding this comment.
Minor thought -- would it be worth adding in a data-attribute to this p with the current timestamp and tz, so we could do a bit of js to do comparisons on page load and flag if there's a notable discrepancy with the client browser?
Possibly overengineering.
There was a problem hiding this comment.
(I also advocated years ago for trying to autodetect timezone in js and suggesting that on the site's options page, or autopopulating it on new sites)
There was a problem hiding this comment.
wouldnt even need time and tz in a data attribute for scripting, just throw the unixtime in there, stupidly simple and impossible to misinterpret (it's literally just a number) and the client could process this then into whatever is needed.
while obviously everyone has their own taste, at least imo for 99% of things that is processing unixtime is the nicest to handle, rather than working back and forth from all sorts of time display formats meant for human usage.
There was a problem hiding this comment.
Thanks for the feedback! i think a JS note would be nice to show the user if a potential mismatch is there. not sure how its in line with WordPress Core standards though. A data-attribute should be fine so i added one for the review
<p class="two-factor-server-datetime" data-server-epoch="1770849123"> Your server date and time is F......</p>
What do you think? @georgestephanis @My1
georgestephanis
left a comment
georgestephanis
left a comment
There was a problem hiding this comment.
Minor thought for a possible enhancement, but nothing worth holding this up over. Worth doing, I think.
5 participants
Fixes #357
What?
Adds a one-line server date/time display to the TOTP setup UI so users can verify the server clock and timezone when registering an authenticator app.
Why?
TOTP relies on timestamps; a misconfigured server clock or timezone causes OTPs to be invalid. Showing the current server date/time helps site administrators and users quickly confirm the server time is correct and avoid TOTP failures.
How?
Inserted a single translatable line above the QR/secret instructions in user_two_factor_options():
Uses date format and time format set in wordpress settings to format it appropriately.
Testing Instructions
Screenshots or screencast
F j, Yand timeformatg:i ad.m.Yand timeformatH:iChangelog Entry