search

WordPress / two-factor

Two-Factor Authentication for WordPress.
https://wordpress.org/plugins/two-factor/
GNU General Public License v2.0
732 stars 153 forks source link

Hooks to support requesting 2FA for plugins extending `two-factor` core functionality #644

Open jeffpaul opened 1 month ago

jeffpaul commented 1 month ago

Is your enhancement related to a problem? Please describe.

There are potential cases of other plugins, or perhaps custom site functionality, where they might want to leverage the two-factor core plugin functionality to trigger a re-auth of a specific users 2FA credentials. One example here would be a site with an expected high traffic event (e.g. Cyber Monday ad, Super Bowl ad) or perhaps becoming a larger target for hacks and improper publishing (e.g. news org during a national election) wherein they want to force someone trying to update or publish new content to go through re-auth via 2FA to ensure that the author and content being updated/published is done so by a properly credentialed user (versus someone who perhaps gained access to someone's machine to try and update/publish nefarious content).

Proposed Solution

Well documented hooks to expose portions of the 2FA auth flow from places within the WP Admin or site front end as well as some sample code snippets feels like a solid option to support this sort of compatibility/extension of the two-factor plugin.

Designs

No response

Describe alternatives you've considered

No response

Please confirm that you have searched existing issues in this repository.

Yes

dd32 commented 1 month ago

I've been working on something similar for WordPress.org: https://github.com/WordPress/wporg-two-factor/pull/283 A way to prompt a user for 2FA validation within a certain timeframe (Last 5 minutes for example) to proceed with an action.