Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce 2FA for super admins #17

Merged
merged 1 commit into from
Nov 18, 2022
Merged

Enforce 2FA for super admins #17

merged 1 commit into from
Nov 18, 2022

Conversation

iandunn
Copy link
Member

@iandunn iandunn commented Nov 17, 2022

See #6

This adds a few roles to get started. If this looks good, we can add more in a future PR.

This will require a small change to capes.php:

-	$super_admins =& $supes;
+	// This is a copy rather than a reference so that `$supes` can represent folks who _might_ have elevated
+	// privileges, and `$super_admins` can represent folks who _do_ currently have them.
+	// `wporg-two-factor` needs that distinction to disable capabilities until 2FA is setup.
+	$super_admins = array_merge( $supes );

@iandunn iandunn requested a review from dd32 November 17, 2022 02:15
dd32
dd32 approved these changes Nov 17, 2022
View reviewed changes
Copy link
Member

@dd32 dd32 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I've added some comments on my thoughts of implementation, but I think this is good to go regardless of those.

wporg-two-factor.php Show resolved Hide resolved
wporg-two-factor.php
Comment on lines +79 to +83
$allcaps = array(
'subscriber' => true,
'read' => true,
);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another option here I think is to return the do_not_allow cap when the requested cap is anything other than the whitelisted caps.

I believe that would override the super-admin always-truthful caps too, but remove_super_admins_until_2fa_enabled() would be best kept still then too.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, that's a good point 👍🏻

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Er, nevermind, it looks like user_has_cap doesn't even get called in that case.

https://github.com/WordPress/wordpress-develop/blob/a71d7373ad6ce0a8f252717832f42aebc3e08854/src/wp-includes/class-wp-user.php#L780-L809

@iandunn
Copy link
Member Author

iandunn commented Nov 18, 2022

I'll wait until Monday to deploy the capes.php change, and a few related ones I noticed since then. I'll go ahead and merge this now though, since I think it's ready.

@iandunn iandunn merged commit a10a26d into trunk Nov 18, 2022
@iandunn iandunn deleted the enforce-2fa branch November 18, 2022 21:31
@iandunn iandunn mentioned this pull request Nov 18, 2022
Closed
20 tasks
@iandunn iandunn added this to the MVP milestone Feb 22, 2023
@iandunn iandunn mentioned this pull request Sep 13, 2023
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dd32 dd32 dd32 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
MVP
Development

Successfully merging this pull request may close these issues.
2 participants
@iandunn @dd32