wporg two factor

WPorg Two-Factor

WordPress.org-specific customizations for the Two Factor plugin

Setup

1. Set up a local WP Multisite.

2. Add this code to your wp-config.php:

   define( 'WP_ENVIRONMENT_TYPE', 'local' );// Mimic w.org for testing wporg-two-factorglobal $supes, $super_admins;$supes = array('your_username');$super_admins = array_merge( $supes );function is_special_user( $user_id ) {$user = get_userdata( $user_id );return in_array( $user->user_login, $GLOBALS['supes'], true );
   }

3. Add this code to your wp-content/mu-plugins/0-sandbox.php:

   require_once WPMU_PLUGIN_DIR. '/wporg-mu-plugins/mu-plugins/loader.php';// Enable dummy provider for convenience when testing locally.add_filter( 'two_factor_providers', function( $providers ) {$providers['Two_Factor_Dummy'] = TWO_FACTOR_DIR . 'providers/class-two-factor-dummy.php';return $providers;
   }, 100 ); // Must run _after_ wporg-two-factor.// Mimics `mu-plugins/main-network/site-support.php`.function add_rewrite_rules() {// e.g., https://wordpress.org/support/users/foo/edit/account/add_rewrite_rule(bbp_get_user_slug() . '/([^/]+)/' . bbp_get_edit_slug() . '/account/?$','index.php?' . bbp_get_user_rewrite_id() . '=$matches[1]&' . 'edit_account=1','top'
   	);
   }add_action( 'init', __NAMESPACE__ . 'add_rewrite_rules' );

4. Install, build, and activate the wporg-support theme.

5. Install two-factor-provider-webauthn, bbPress and Gutenberg. You might need to clone & build trunk branch of Gutenberg if we happen to be using any new features.

6. git clone https://github.com/WordPress/two-factor/ into wp-content/plugins and follow their setup instructions.

7. git clone this repo into wp-content/plugins

8. cd wporg-two-factor && composer install

9. yarn && yarn workspaces run build

10. Setup environment tools yarn setup:tools

11. Start the environment: yarn wp-env start

12. Network-activate all of the plugins.

13. If you want to make JS changes, then yarn workspaces run start

14. Open wp-admin/options-general.php?page=bbpress and uncheck Prefix all forum content with the Forum Root slug (Recommended), then save.

15. Visit https://example.org/users/{username}/edit/account/ to view the custom settings UI. If you get a 404 error, visit wp-admin/options-permalinks.php and then try again.

Testing

Front-end unit tests can be run in /settings using the npm run test:unit or npm run test:unit:watch commands.

Back-end unit tests can be run in / using the composer run test or composer run test:watch commands. composer run coverage will generate a coverage report.  

Security

Please privately report any potential security issues to the WordPress HackerOne program.