Skip to content

Commit

Permalink
Merge pull request #6 from humanmade/allow-enforcing-2fa-on-super-adm…
Browse files Browse the repository at this point in the history 
…in-role

Allow enforcing 2fa for super adminns
  • Loading branch information
@shadyvb
shadyvb authored Feb 14, 2022
2 parents 6b59def + e1debbf commit 92f9ce5
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 5 deletions.
10 changes: 8 additions & 2 deletions class.two-factor-force.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,12 @@ public static function is_two_factor_forced( $user_id ) {

// Check whether a user is in a user role that requires two-factor authentication.
$two_factor_forced_roles = self::get_forced_user_roles();
$required_roles = array_filter( $user->roles, function( $role ) use ( $two_factor_forced_roles ) {
$user_roles = $user->roles;
if ( is_super_admin( $user->ID ) ) {
array_push( $user_roles, 'super-admin' );
}

$required_roles = array_filter( $user_roles, function( $role ) use ( $two_factor_forced_roles ) {
return in_array( $role, $two_factor_forced_roles, true );
}, ARRAY_FILTER_USE_BOTH );

Expand Down Expand Up @@ -373,12 +378,13 @@ public static function global_force_2fa_field() {
public static function global_force_2fa_by_role_field() {
$forced_roles = self::get_forced_user_roles();
$is_universally_forced = self::get_universally_forced_option();
$roles = array_merge( [ 'super-admin' => [ 'name' => __( 'Super Admin' ) ] ], get_editable_roles() );

?>
<input type="hidden" name="<?php echo esc_attr( sprintf( '%s[%s]', self::FORCED_ROLES_META_KEY, 'no-role-selected' ) ); ?>" />
<?php

foreach ( get_editable_roles() as $slug => $role ) :
foreach ( $roles as $slug => $role ) :
?>
<label>
<input type='checkbox' name="<?php echo esc_attr( sprintf( '%s[%s]', self::FORCED_ROLES_META_KEY, $slug ) ); ?>" value="1" <?php checked( in_array( $slug, $forced_roles, true ) ); ?> <?php echo ( $is_universally_forced ) ? 'readonly' : ''; ?> />
Expand Down
23 changes: 20 additions & 3 deletions tests/class.two-factor-force.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ class Test_ClassTwoFactorForce extends WP_UnitTestCase {
*/
public function test_add_hooks() {
Two_Factor_Force::add_hooks();

$this->assertGreaterThan(
0,
has_action(
Expand Down Expand Up @@ -170,6 +170,23 @@ public function test_is_two_factor_forced_captured_role() {
$this->assertTrue( Two_Factor_Force::is_two_factor_forced( $user->ID ) );
}

/**
* @covers Two_Factor_Force::is_two_factor_forced
*/
public function test_is_two_factor_forced_super_admin() {
// Set role-based value to editors and adminstrators.
update_site_option( Two_Factor_Force::FORCED_ROLES_META_KEY, [ 'super-admin' ] );

$user = new WP_User( $this->factory->user->create( [ 'role' => 'administrator' ] ) );
wp_set_current_user( $user->ID );
// Make the user super admin
add_filter( 'pre_site_option_site_admins', function() use ( $user ) {
return [ $user->user_login ];
} );

$this->assertTrue( Two_Factor_Force::is_two_factor_forced( $user->ID ) );
}

/**
* @covers Two_Factor_Force::get_universally_forced_option
*/
Expand All @@ -185,8 +202,8 @@ public function test_get_universally_forced_option_multisite() {
*/
public function test_get_forced_user_roles_multisite() {
// Set role-based value to editors and adminstrators.
update_site_option( Two_Factor_Force::FORCED_ROLES_META_KEY, [ 'author', 'editor', 'administrator' ] );
update_site_option( Two_Factor_Force::FORCED_ROLES_META_KEY, [ 'author', 'editor', 'administrator', 'super-admin' ] );

$this->assertEquals( [ 'author', 'editor', 'administrator' ], Two_Factor_Force::get_forced_user_roles() );
$this->assertEquals( [ 'author', 'editor', 'administrator', 'super-admin' ], Two_Factor_Force::get_forced_user_roles() );
}
}

0 comments on commit 92f9ce5

Please sign in to comment.