From e86c56dafb36cf1c3aceea9cf29561668d5845be Mon Sep 17 00:00:00 2001 From: Volodymyr Kolesnykov Date: Tue, 17 May 2022 10:39:28 +0300 Subject: [PATCH] GH-93: add an option to turn off the old U2F provider --- inc/class-adminsettings.php | 12 ++++++++ inc/class-plugin.php | 7 +++++ inc/class-settings.php | 8 ++++- index.php | 2 +- lang/two-factor-provider-webauthn-ru_RU.mo | Bin 6047 -> 7708 bytes lang/two-factor-provider-webauthn-ru_RU.po | 33 +++++++++++++++------ lang/two-factor-provider-webauthn.pot | 28 ++++++++++------- readme.txt | 6 ++++ 8 files changed, 75 insertions(+), 21 deletions(-) diff --git a/inc/class-adminsettings.php b/inc/class-adminsettings.php index b56f1ee5..f94b7209 100644 --- a/inc/class-adminsettings.php +++ b/inc/class-adminsettings.php @@ -121,5 +121,17 @@ public function register_settings(): void { ), ] ); + + add_settings_field( + 'disable_u2f', + __( 'Disable old U2F provider', 'two-factor-provider-webauthn' ), + [ $this->input_factory, 'checkbox' ], + Admin::OPTIONS_MENU_SLUG, + $settings_section, + [ + 'label_for' => 'disable_u2f', + 'help' => __( 'This option allows you to turn off the old U2F provider in the Two Factor plugin.', 'two-factor-provider-webauthn' ), + ] + ); } } diff --git a/inc/class-plugin.php b/inc/class-plugin.php index 634ea28f..63718118 100644 --- a/inc/class-plugin.php +++ b/inc/class-plugin.php @@ -2,6 +2,7 @@ namespace WildWolf\WordPress\TwoFactorWebAuthn; +use Two_Factor_FIDO_U2F; use TwoFactor_Provider_WebAuthn; use WildWolf\Utils\Singleton; @@ -34,6 +35,12 @@ public function init(): void { */ public function two_factor_providers( array $providers ): array { $providers[ TwoFactor_Provider_WebAuthn::class ] = __DIR__ . '/class-twofactor-provider-webauthn.php'; + + $disable_u2f = Settings::instance()->get_disable_u2f(); + if ( $disable_u2f ) { + unset( $providers[ Two_Factor_FIDO_U2F::class ] ); + } + return $providers; } diff --git a/inc/class-settings.php b/inc/class-settings.php index 081c5a2d..641e4e00 100644 --- a/inc/class-settings.php +++ b/inc/class-settings.php @@ -11,7 +11,8 @@ * authenticator_attachment: string, * user_verification_requirement: string, * timeout: int, - * u2f_hack: bool + * u2f_hack: bool, + * disable_u2f: bool, * } * * @template-implements ArrayAccess @@ -31,6 +32,7 @@ final class Settings implements ArrayAccess { 'user_verification_requirement' => 'preferred', 'timeout' => 0, 'u2f_hack' => true, + 'disable_u2f' => false, ]; /** @@ -116,4 +118,8 @@ public function get_timeout(): int { public function get_u2f_hack(): bool { return $this->options['u2f_hack']; } + + public function get_disable_u2f(): bool { + return $this->options['disable_u2f']; + } } diff --git a/index.php b/index.php index 32ef43f1..6c2f31a2 100644 --- a/index.php +++ b/index.php @@ -2,7 +2,7 @@ /* * Plugin Name: WebAuthn Provider for Two Factor * Description: WebAuthn Provider for Two Factor plugin. - * Version: 1.0.3 + * Version: 1.0.4 * Author: Volodymyr Kolesnykov * License: MIT * Text Domain: two-factor-provider-webauthn diff --git a/lang/two-factor-provider-webauthn-ru_RU.mo b/lang/two-factor-provider-webauthn-ru_RU.mo index 5db6fd352b795600993936f40a40c0dace1983fa..ab2c3132e4b296be97b9eeb547f8e8689c8bf59d 100644 GIT binary patch delta 2555 zcma)*TWnNC7{>=%1-YouREnrQTN_iQe+ z`{rc(@s8ZZrL`X^MhnlqJa5lYY9st*E`N+~Yn1w!weR39%wzm%=)v{yeYggmgKOb$ za1mU5t5T~t*9hk^e~Q0*;4>Az4sTN`r}jlJY7o}4;RxiXKCG-CgJSp;Tn2xH*i@I` z33$0OKQdpbyO|$_J@6~o0UPl09NYofs!qYB@JqNH|EkQ(T`XLHZSYShYOGwKR6E=b z?}PhcGdvC-g5N;N{4%VE4GSY>*1{&{&%&2r2EGQrhmXN#P|lFUZPYN9Du9g&rmYH3Lk_L{tB=f)>5X;kfUlVQ9KS`uJ8jWnVyHO@K-2y7B(nV z2baQ}Y*@pK1D}AXrapm<@D#iX%TNNFKqgV>JX}EFSK$xLYtbDc)lX0Y*+HSjt^*~3 z3=}1g!RO(5xDBpoLcTrRai5&lH-?NAKug&LlK55qFN0{?uL0jjtPLtajO2f)P zSu5#UJBwtNW?aW3C6j)TAxTKjNK&+eS|qYjR)xa0ra(O)e+(&wbZm9dXSVUAG%`rq zHmbafYIbzEyE->}>6o7loE|sc(a!uyolU!e-s1*d!izZ>&rfMDty6wR=K^d|p89b|j0fsAiATFZ8~6SM1yq~F)v z*3libcSftzpx9Lyd`j!>GC-kYv=#iRIebl2AHI_AgSW{I-5YCv~qGdAXHAt(Gm zr?at`n@%UPN$q5bJe8?rcs+z2l@w=-AXgRRe;U$I~+0(GMn*y*I= z(Yh?fos82>Hih-`_s*^9>uoK3zF^~=S}EJ;r}fJotq5ky;Q=#a#!L}Tn!Gk;rsu-L zX5234!vRxdKBCREDUN>DP@ik!EpN}2%#@sKv4?cn&xsjx8bf(=mQ&NF6polF`G9?M zrn;ofq~>HvHkhe!P#(<|G4`IRdORHV<9mz`n3o{Kclq8Q=K5vtI6lPvj5RwE?G=A` zyFm`PpZZtxnv-TmEX`m`?3^W>8EdC>Q*Cmyi8GrfW7hZ?>G)Qpl}Pi=lDPOPh66Yc zha$PnbT|?Ygp%?IY7&T*TO;3?h%ejao2;%YV&HUm&>D;+n9$gk8ij*sUA8h}!%U1` zsauh|c3sWM>$Q&j-89kJ^2Gmt-P1C&JJ*zQFdP{DyKY%dn-fuEP|}jLlqhe@A2o$3 zw&?H>A1a9>O}}ii%|wTclhc84D5~rksX3{fr31!rGAvpmE(WLZIIKy%Ot+N6;mX}C z{JyYzUhZhLg%b!_-NLJM{J1SvMQXkh$|RBwhleEI@Gxz~QeJ{E$X&fPc{33OV=u35 zRdWtE1>4<4ef|2jslw*E<#R@t)YrWtHzho1?}^+IF>kH(n@JW+SVxHPzzzCXqUTPW U#?81~oNDGn;laYI^-tIQ123$pT>t<8 delta 966 zcmXxj%}Z2K7{~EvoSD>7^QFm`DQ(oze5o`G2^=ESRuKsU?g|u9(UpcS61f`}K`nxi z3{oL!Q-Q&yAPNfHlpyHFMU)%=f&oFKg?@i$t`BqX=bSq;XP)OdXWpb&JG{M$$f6Og zTo<`ULS{YqF^?Ou6gG?EYfR!QcH&QL#w@mBb;PU~`>=sE1~8xbW4>I2bAgLk$b3Dg zXI~lcS=&H;;aBj1ZPdblunMDR%y?NXw-rnU^9`(KzKLVFk7>NeVp{Jhw+eiL7jO+L z@dsWr&uo{$6&^$jSRA`h-59{j_yn8rEynRTCUFm2@E8ZNg|Z%^hu!!OwO%}C_KA*k zVHxxNBG$$OY~uIrE`1|uo5U1OV;#Q22;1-l&ockU?G|nZhD&pmrSU4yAE4Hm$8)$4 zyuXA)%s(KxS_xSsuoAr^2G<$zvi5Sdg!W;Kj3;r6`7HfY0{yJ2R%WmXN3jE+V+OzD zeJrC*xA75b>y}Zi|BUMF4(j{=$p#!K4Im|97#8s;OS8xVhCED+LE@gij zjSO@?*j{5xT_-8f{hPoQC^=?sdo)&XJS?S*PeXqbwMRk0F8twWHvIBk;d|eU&E)xq V#XTW^s(d)#&(tJB{@=u%@Cmm5Q`Z0h diff --git a/lang/two-factor-provider-webauthn-ru_RU.po b/lang/two-factor-provider-webauthn-ru_RU.po index 54a0b7bf..ddc5c061 100644 --- a/lang/two-factor-provider-webauthn-ru_RU.po +++ b/lang/two-factor-provider-webauthn-ru_RU.po @@ -3,9 +3,9 @@ msgid "" msgstr "" "Project-Id-Version: WebAuthn Provider for Two Factor 1.0.0\n" -"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/two-factor-" +"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-two-factor-" "provider-webauthn\n" -"POT-Creation-Date: 2022-02-21T21:24:41+02:00\n" +"POT-Creation-Date: 2022-05-17T07:26:06+00:00\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -94,6 +94,11 @@ msgid "" "em>: user verification is required for successful authentication. Please " "note that not all browsers support this setting.
" msgstr "" +"Не проверять: проверка пользователя не требуется (например, по соображениям " +"сведения к минимуму вмешательств в процесс взаимодействия с пользователем).
По возможности: проверка пользователя (например, ввод PIN-кода) " +"может выполняться, но не является необходимой для успешной аутентификации.
Проверять: проверка пользователя необходима для успешной аутентификации. Обратите внимение, что не все браузеры поддерживают данную опцию.
" #: inc/class-adminsettings.php:94 msgid "Timeout" @@ -124,31 +129,41 @@ msgstr "" "зарегистрирован при помощи U2F; если да, то поддержка AppID включается " "принудительно." -#: inc/class-ajax.php:33 +#: inc/class-adminsettings.php:127 +msgid "Disable old U2F provider" +msgstr "" + +#: inc/class-adminsettings.php:133 +msgid "" +"This option allows you to turn off the old U2F provider in the Two Factor " +"plugin." +msgstr "Данная опция позволяет отключить старый провайдер U2F в плагине Two Factor." + +#: inc/class-ajax.php:32 msgid "The nonce has expired. Please reload the page and try again." msgstr "" "Срок действия одноразового номера истёк. Пожалуйста, обновите страницу и " "попытайтесь выполнить действие снова." -#: inc/class-ajax.php:85 +#: inc/class-ajax.php:84 msgid "Unable to retrieve the registration context." msgstr "Не удалось получить контекст регистрации." -#: inc/class-ajax.php:95 inc/class-ajax.php:124 +#: inc/class-ajax.php:94 inc/class-ajax.php:123 #: inc/class-webauthn-provider.php:118 msgid "Bad request." msgstr "Неверный запрос." -#: inc/class-ajax.php:111 +#: inc/class-ajax.php:110 #, fuzzy msgid "Unable to save the key to the database." msgstr "Не удалось получить контекст регистрации." -#: inc/class-ajax.php:151 +#: inc/class-ajax.php:150 msgid "Key name cannot be empty." msgstr "Имя ключа не может быть пустым." -#: inc/class-ajax.php:160 +#: inc/class-ajax.php:159 msgid "Failed to rename the key." msgstr "Не удалось переименовать ключ." @@ -199,7 +214,7 @@ msgstr "Не удалось получить контекст аутентифи #: inc/class-webauthn-user.php:52 msgid "Unable to save the user handle to the database." -msgstr "" +msgstr "Не удалось сохранить дескриптор пользователя в базу данных." #: views/login.php:2 msgid "Please insert (and tap) your security key." diff --git a/lang/two-factor-provider-webauthn.pot b/lang/two-factor-provider-webauthn.pot index a37884f0..f72694b3 100644 --- a/lang/two-factor-provider-webauthn.pot +++ b/lang/two-factor-provider-webauthn.pot @@ -2,14 +2,14 @@ # This file is distributed under the MIT. msgid "" msgstr "" -"Project-Id-Version: WebAuthn Provider for Two Factor 1.0.3\n" -"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/two-factor-provider-webauthn\n" +"Project-Id-Version: WebAuthn Provider for Two Factor 1.0.4\n" +"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-two-factor-provider-webauthn\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"POT-Creation-Date: 2022-02-21T21:24:41+02:00\n" +"POT-Creation-Date: 2022-05-17T07:36:42+00:00\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "X-Generator: WP-CLI 2.6.0\n" "X-Domain: two-factor-provider-webauthn\n" @@ -96,29 +96,37 @@ msgstr "" msgid "Chrome for Android sometimes ignores the AppID extension required for interoperability between the old U2F and the modern WebAuthn protocol.
When enabled, this hack enables the check whether the security key used was registered with U2F and if so, forces the use of the AppID extension." msgstr "" -#: inc/class-ajax.php:33 +#: inc/class-adminsettings.php:127 +msgid "Disable old U2F provider" +msgstr "" + +#: inc/class-adminsettings.php:133 +msgid "This option allows you to turn off the old U2F provider in the Two Factor plugin." +msgstr "" + +#: inc/class-ajax.php:32 msgid "The nonce has expired. Please reload the page and try again." msgstr "" -#: inc/class-ajax.php:85 +#: inc/class-ajax.php:84 msgid "Unable to retrieve the registration context." msgstr "" -#: inc/class-ajax.php:95 -#: inc/class-ajax.php:124 +#: inc/class-ajax.php:94 +#: inc/class-ajax.php:123 #: inc/class-webauthn-provider.php:118 msgid "Bad request." msgstr "" -#: inc/class-ajax.php:111 +#: inc/class-ajax.php:110 msgid "Unable to save the key to the database." msgstr "" -#: inc/class-ajax.php:151 +#: inc/class-ajax.php:150 msgid "Key name cannot be empty." msgstr "" -#: inc/class-ajax.php:160 +#: inc/class-ajax.php:159 msgid "Failed to rename the key." msgstr "" diff --git a/readme.txt b/readme.txt index 60c17424..c83647aa 100644 --- a/readme.txt +++ b/readme.txt @@ -33,6 +33,12 @@ Be the first to ask. == Changelog == += 1.0.4 = +* Update translations +* GH-93: add an option to turn off the old U2F provider +* Update dependencies +* Add more E2E tests + = 1.0.3 = * GH-33: increase length of credential_id column to solve issues with Chrome on Mac * GH-38: fix bugs preventing plugin uninstallation