search

WordPress / two-factor

Two-Factor Authentication for WordPress.
https://wordpress.org/plugins/two-factor/
GNU General Public License v2.0
724 stars 151 forks source link

Add the possibility to activate/deactive features in front page dashboard for customers #189

Open mcpat-it opened 7 years ago

mcpat-it commented 7 years ago

I have a website with woocommerce and I block the access to the dashboard to my customers. Would it be possible to add 2FA to the front page dashboard, so my customers can activate/deactivate/delete at least google authenticator in the front page. Nice would be if they have all options (email, google, U2F, one time passwords incl. regenerate)

monecchi commented 6 years ago

Good point @pwallner! The plugin should provide a few action/filter hooks in order to do that.

pgreivel commented 6 years ago

That sounds like a great idea. I ran into the same issue. So would love to have this possibility too! :)

ph00lt0 commented 6 years ago

Would be a good idea to do this through a shortcode so you can add it to you desired location. For example add it to the WC menu.

samueleastdev commented 5 years ago

We would also like this to allow our users to enable email auth from their custom profile page.

Currently just hacked it like this while we prototype and test some stuff so not suggesting anybody do this here an example ajax call.

function user_two_factor_callback(){

    // AUTH:
    if (!is_user_logged_in()) exit();

    // NONCE SECURITY:
    check_ajax_referer( 'check_security', 'security' );

    if( current_user_can('editor') || current_user_can('administrator') ) {  

        wp_send_json(array(
            'status' => false,
            'message' => 'Will not set Two Factor for administrators'
        ));

    }

if ( class_exists( 'Two_Factor_Core' ) ) {

        $enable = ["", "Two_Factor_Email"];
        $providers = Two_Factor_Core::get_providers();

        $enabled_providers = array_intersect($enable, array_keys( $providers ) );
        update_user_meta( get_current_user_id(),Two_Factor_Core::ENABLED_PROVIDERS_USER_META_KEY, $enabled_providers );

        // Primary provider must be enabled.
        $new_provider = isset( $_POST[ Two_Factor_Core::PROVIDER_USER_META_KEY ] ) ? $_POST[ Two_Factor_Core::PROVIDER_USER_META_KEY ] : '';
        if ( ! empty( $new_provider ) && in_array( $new_provider, $enabled_providers, true ) ) {
            update_user_meta( get_current_user_id(), Two_Factor_Core::PROVIDER_USER_META_KEY, $new_provider );
        }

        wp_send_json(array(
            'status' => true,
            'message' => 'You have enabled Two Factor email authentication, next time you log in you will be emailed a authenticate code.'
        ));

    }else{

        wp_send_json(array(
            'status' => false,
            'message' => 'Failed please contact support.'
        ));

    }

}

add_action('wp_ajax_user_two_factor', 'user_two_factor_callback');
ecgroupcom commented 5 years ago

Add the possibility of activating / deactivating features in the main page panel for clients either in Woocommerce, BBpress, BuddyPress, WC Marketplace ... that the client activates this security in the same way, personalize each message sent if This has activated verification by mail.

DestructiveBurn commented 4 years ago

O, dear, this was mentioned on Aug 4, 2017, and it still hasn't been implemented into the Two Factor. This really should get done for those who block the backend dashboard and use the WooCommerce login system. There are other two-step plugins doing it.

It's time to add it!

NicolasKulka commented 1 year ago

+1 pour l'ajout front Woocommerce