Add ability to re-encrypt secrets

[jeffpaul]

Add a WP CLI command or plugin setting to re-encrypt secrets for all users by supplying the old key and the new key.

More details to be shared.

[calvinalkan]

@jeffpaul Ping me here or in PR's

This needs to be done in batches otherwise you might take down the DB.

[jeffpaul]

@calvinalkan thanks for reaching out on this, if you've got any other technical direction then please share that here (or if you're open to crafting a PR to ensure this is done in batches then please do so and I'll coordinate on getting that reviewed/merged).

[calvinalkan]

Actually, I was thinking it might be better to force reset everything..

An inconvenience is better than a hack.

[calvinalkan]

@jeffpaul

Our library snicco/better-wpdb now has support for batch processing with db locks.

The prerequisite is PHP7.4

[iandunn]

If we take the approach that I outlined in https://github.com/WordPress/two-factor/pull/389#issuecomment-1456703943, then I think the best approach is to give admins these two options to choose from:

1. Asking users to use a backup code to login, and then setup TOTP again. We could automatically display instructions to the user if they fail login and the admin has added define( 'TWO_FACTOR_ENCRYPTION_KEY_ROTATED', true ) to wp-config.php.
2. Running a wp-cli command to migrate from the old to the new. The admin would have to define an TWO_FACTOR_ENCRYPTION_KEY__NEW in wp-config. The script would decrypt the usermeta values with the old key, and then encrypt them with the new key. Then the admin would rename TWO_FACTOR_ENCRYPTION_KEY__NEW to TWO_FACTOR_ENCRYPTION_KEY.