Fix #644: Expose existing 2FA revalidation flow to third-party plugins via action hook#924
Open
chetanupare wants to merge 1 commit into
Open
Conversation
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
This hook allows third-party plugins to easily trigger a 2FA re-authentication flow for sensitive actions. Fixes WordPress#644.
48c33a9 to
24d111a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What?
Introduces the two_factor_revalidate_session action hook which allows developers to programmatically trigger a 2FA re-authentication check.
Fixes #644
Why?
There are cases where other plugins or custom site logic need to verify that an authenticated user has recently passed a 2FA check before allowing them to perform a sensitive action (such as accessing a billing portal or publishing a high-profile post). This PR exposes the core plugin's existing re-authentication flow through a standardized, easy-to-use action hook.
How?
Use of AI Tools
AI Assistance: No
Testing Instructions
add_action( 'admin_init', function() { global $pagenow; if ( $pagenow === 'post.php' || $pagenow === 'post-new.php' ) { // Force re-auth if the 2FA session is older than 60 seconds do_action( 'two_factor_revalidate_session', 60 ); } } );Changelog Entry
Added - two_factor_revalidate_session action hook to allow third-party code to trigger a 2FA revalidation flow for an existing user session.