feat(totp): Consistent user experience for TOTP setup #792
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -311,59 +311,71 @@ public function user_two_factor_options( $user ) { | |
| if ( empty( $key ) ) : | ||
| $key = $this->generate_key(); | ||
| $totp_url = $this->generate_qr_code_url( $user, $key ); | ||
| ?> | ||
| <p> | ||
| <?php esc_html_e( 'Please follow these steps in order to complete setup:', 'two-factor' ); ?> | ||
| </p> | ||
| <ol class="totp-steps"> | ||
| <li> | ||
| <?php esc_html_e( 'Install an authenticator app on your desktop/laptop and/or phone. Popular examples are Microsoft Authenticator, Google Authenticator and Authy.', 'two-factor' ); ?> | ||
| </li> | ||
| <li> | ||
| <?php esc_html_e( 'Scan this QR code using the app you installed:', 'two-factor' ); ?> | ||
| <p id="two-factor-qr-code"> | ||
| <a href="<?php echo esc_url( $totp_url, array( 'otpauth' ) ); ?>"> | ||
| <?php esc_html_e( 'Loading…', 'two-factor' ); ?> | ||
| <img src="<?php echo esc_url( admin_url( 'images/spinner.gif' ) ); ?>" alt="" /> | ||
| </a> | ||
| </p> | ||
| <p> | ||
| <?php | ||
| esc_html_e( | ||
| 'If scanning isn\'t possible or doesn\'t work, click on the QR code or use the secret key shown below to add the account to your chosen app:', | ||
| 'two-factor' | ||
| ); | ||
| ?> | ||
| </p> | ||
| <p> | ||
| <code><?php echo esc_html( $key ); ?></code> | ||
|
Collaborator
Author
There was a problem hiding this comment. This is now in own line for simple copy-paste. I also experimented with adding a "Copy" button next to it but decided to leave it to a follow-up pull request. |
||
| </p> | ||
| </li> | ||
| <li> | ||
| <p><?php esc_html_e( 'Enter the code generated by the Authenticator app to complete the setup:', 'two-factor' ); ?></p> | ||
|
Collaborator
Author
There was a problem hiding this comment. This is now all part of the third step instead of being outside of the |
||
| <p> | ||
| <input type="hidden" id="two-factor-totp-key" name="two-factor-totp-key" value="<?php echo esc_attr( $key ); ?>" /> | ||
| <label for="two-factor-totp-authcode"> | ||
| <?php esc_html_e( 'Authentication Code:', 'two-factor' ); ?> | ||
| <?php | ||
| /* translators: Example auth code. */ | ||
| $placeholder = sprintf( __( 'eg. %s', 'two-factor' ), '123456' ); | ||
| ?> | ||
| <input type="text" inputmode="numeric" name="two-factor-totp-authcode" id="two-factor-totp-authcode" class="input" value="" size="20" pattern="[0-9 ]*" placeholder="<?php echo esc_attr( $placeholder ); ?>" autocomplete="off" /> | ||
| </label> | ||
| <input type="submit" class="button totp-submit" name="two-factor-totp-submit" value="<?php esc_attr_e( 'Verify', 'two-factor' ); ?>" /> | ||
| </p> | ||
| <p class="description"> | ||
| <?php | ||
| printf( | ||
| /* translators: 1: server date and time */ | ||
| esc_html__( 'If the code is rejected, check that your web server time is accurate: %1$s. Your device and server times must match.', 'two-factor' ), | ||
|
Collaborator
Author
There was a problem hiding this comment. Reworded this from:
so that:
|
||
| sprintf( | ||
| '<time class="two-factor-server-datetime-epoch" datetime="%1$s">%2$s (%3$s)</time>', | ||
| esc_attr( wp_date( 'c' ) ), | ||
|
Collaborator
Author
There was a problem hiding this comment. Introduced |
||
| esc_html( wp_date( get_option( 'date_format' ) . ' ' . get_option( 'time_format' ) ) ), | ||
| esc_html( wp_timezone_string() ) | ||
| ) | ||
| ); | ||
| ?> | ||
| </p> | ||
| </li> | ||
| </ol> | ||
| <style> | ||
| #two-factor-qr-code { | ||
| /* The size of the image will change based on the length of the URL inside it. */ | ||
| min-width: 205px; | ||
| min-height: 205px; | ||
| } | ||
| </style> | ||
|
Collaborator
Author
There was a problem hiding this comment. All the JS and CSS was grouped under the inputs for consistency. Eventually we want to move them into external JS and CSS per #562. |
||
| <script> | ||
| (function(){ | ||
| var qr_generator = function() { | ||
|
|
@@ -397,27 +409,6 @@ public function user_two_factor_options( $user ) { | |
| window.addEventListener( 'DOMContentLoaded', qr_generator ); | ||
| } | ||
| })(); | ||
| (function($){ | ||
| // Focus the auth code input when the checkbox is clicked. | ||
| document.getElementById('enabled-Two_Factor_Totp').addEventListener('click', function(e) { | ||
|
|
@@ -459,7 +450,6 @@ public function user_two_factor_options( $user ) { | |
| } ); | ||
| })(jQuery); | ||
| </script> | ||
| <?php else : ?> | ||
| <p class="success"> | ||
| <?php esc_html_e( 'An authenticator app is currently configured. You will need to re-scan the QR code on all devices if reset.', 'two-factor' ); ?> | ||
|
|
@@ -724,7 +714,7 @@ protected static function pad_secret( $secret, $length ) { | |
| * @param int $digits The number of digits in the returned code. | ||
| * @param string $hash The hash used to calculate the code. | ||
| * @param int $time_step The size of the time step. | ||
| * | ||
| * @throws InvalidArgumentException If the hash type is invalid. | ||
| * | ||
| * @return string The totp code | ||
|
|
@@ -744,7 +734,7 @@ public static function calc_totp( $key, $step_count = false, $digits = self::DEF | |
| break; | ||
| default: | ||
| throw new InvalidArgumentException( 'Invalid hash type specified!' ); | ||
| } | ||
|
|
||
| if ( false === $step_count ) { | ||
| $step_count = floor( self::time() / $time_step ); | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved this notice to the footer -- bellow the code input since that is where it could fail due to server time offset.