two-factor
two-factor copied to clipboard
WordPress
Add the possibility to activate/deactive features in front page dashboard for customers
I have a website with woocommerce and I block the access to the dashboard to my customers. Would it be possible to add 2FA to the front page dashboard, so my customers can activate/deactivate/delete at least google authenticator in the front page. Nice would be if they have all options (email, google, U2F, one time passwords incl. regenerate)
Good point @pwallner! The plugin should provide a few action/filter hooks in order to do that.
That sounds like a great idea. I ran into the same issue. So would love to have this possibility too! :)
Would be a good idea to do this through a shortcode so you can add it to you desired location. For example add it to the WC menu.
We would also like this to allow our users to enable email auth from their custom profile page.
Currently just hacked it like this while we prototype and test some stuff so not suggesting anybody do this here an example ajax call.
function user_two_factor_callback(){
// AUTH:
if (!is_user_logged_in()) exit();
// NONCE SECURITY:
check_ajax_referer( 'check_security', 'security' );
if( current_user_can('editor') || current_user_can('administrator') ) {
wp_send_json(array(
'status' => false,
'message' => 'Will not set Two Factor for administrators'
));
}
if ( class_exists( 'Two_Factor_Core' ) ) {
$enable = ["", "Two_Factor_Email"];
$providers = Two_Factor_Core::get_providers();
$enabled_providers = array_intersect($enable, array_keys( $providers ) );
update_user_meta( get_current_user_id(),Two_Factor_Core::ENABLED_PROVIDERS_USER_META_KEY, $enabled_providers );
// Primary provider must be enabled.
$new_provider = isset( $_POST[ Two_Factor_Core::PROVIDER_USER_META_KEY ] ) ? $_POST[ Two_Factor_Core::PROVIDER_USER_META_KEY ] : '';
if ( ! empty( $new_provider ) && in_array( $new_provider, $enabled_providers, true ) ) {
update_user_meta( get_current_user_id(), Two_Factor_Core::PROVIDER_USER_META_KEY, $new_provider );
}
wp_send_json(array(
'status' => true,
'message' => 'You have enabled Two Factor email authentication, next time you log in you will be emailed a authenticate code.'
));
}else{
wp_send_json(array(
'status' => false,
'message' => 'Failed please contact support.'
));
}
}
add_action('wp_ajax_user_two_factor', 'user_two_factor_callback');
Add the possibility of activating / deactivating features in the main page panel for clients either in Woocommerce, BBpress, BuddyPress, WC Marketplace ... that the client activates this security in the same way, personalize each message sent if This has activated verification by mail.
O, dear, this was mentioned on Aug 4, 2017, and it still hasn't been implemented into the Two Factor. This really should get done for those who block the backend dashboard and use the WooCommerce login system. There are other two-step plugins doing it.
It's time to add it!
