Auto Enable 2fa when user's signup?

Question

Auto Enable 2fa when user's signup?

Closed this issue 4 months ago · 5 comments

Is your enhancement related to a problem? Please describe.

We've been using the 2FA plugin for a couple of years now. One issue we're encountering is that we have to manually enable it whenever a new user signs up for our service.

Proposed Solution

automatically enable it when a new user signs up?

Designs

No response

Describe alternatives you've considered

No response

Please confirm that you have searched existing issues in this repository.

Yes

Answer 1 · 2024-06-10T21:06:25.000Z

@jmattcustorio can you provide a bit more information on the flows that you'd expect as it relates to the 2FA plugin?

Answer 2 · 2024-06-13T15:42:17.000Z

Hi @jeffpaul thank you for responding to my question.
So currently we are using memberpress and everytime a user signs up the 2FA will auto enable as a default?
What we are doing right now is to navigate to user profile and manually enable it like this https://prnt.sc/BQidsRxr5uLI

Let me know if you need more information. Thank you!

Answer 3 · 2024-06-13T15:51:11.000Z

@jmattcustorio are you asking if there's a hook to require a certain 2FA method or ANY 2FA method for new users?

Answer 4 · 2024-07-07T16:13:45.000Z

I was looking for the same feature. My solution was to write the code below, which runs daily and automatically activates for all "customer" users, if not already activated, the email-based Two-Factor Authentication (2FA).

<?php
// WordPress Two-Factor - Settings
// Requirements: "Two-Factor" plugin (https://wordpress.org/plugins/two-factor/ / https://github.com/WordPress/two-factor)
// Last update: 2024-07-08


if (class_exists('Two_Factor_Core')) {

    // Settings
    define('SENDER_EMAIL', 'email@website.com');

    add_filter($hook_name = 'wp_mail_from', $callback = function ($original_email_address) {return SENDER_EMAIL;}, $priority = 10, $accepted_args = 1);

    // Set sender name
    add_filter($hook_name = 'wp_mail_from_name', $callback = function ($original_email_from_name) {return get_option($option = 'blogname', $default_value = false);}, $priority = 10, $accepted_args = 1);

    // Ensure email content is HTML
    add_filter($hook_name = 'wp_mail_content_type', $callback = function ($content_type) {return 'text/html';}, $priority = 10, $accepted_args = 1);

    // Customize Login Screen
    add_action($hook_name = 'login_enqueue_scripts', $callback = 'two_factor_customize_login_screen', $priority = 10, $accepted_args = 1);

    function two_factor_customize_login_screen()
    {
        ?>
        <style type="text/css">
            /* Logo */
            .login h1 a {
                background-image: url("<?php echo get_option($option = 'siteurl', $default_value = false); ?>/wp-content/uploads/kaffeeart-logo.png") !important;
                height: 80px !important;
                width: auto !important;
                background-size: contain !important;
                display: block !important;
                text-indent: -9999px;
            }

            /* Form styles */
            .login #loginform {
                background-color: #ECEAE3;
                border: 1px solid #6565651A;
                border-radius: 10px;
            }
            .login .privacy-policy-link {
                color: #AB8C6C !important;
            }
            .login .privacy-policy-link:hover {
                color: #BCA38A !important;
            }
            .login .input[type="text"],
            .login .input[type="password"]			{
                background-color: #6565651A !important;
                border: 1px solid #6565651A !important;
            }

            /* Background color */
            body.login {
                background-color: #F2F0EB !important;
            }

            /* Buttons */
            .login .two-factor-email-resend .button,
            .login .button {
                border: 2px solid #262626 !important;
                padding: 10px 20px !important;
                border-radius: 0 !important;
                transition: all 0.3s !important;
            }
            .login .two-factor-email-resend .button {
                color: #262626 !important;
                background-color: transparent !important;
            }
            .login .two-factor-email-resend .button:hover {
                color: #FFFFFF !important;
                background-color: #262626 !important;
            }
            .login .button {
                color: #FFFFFF !important;
                background-color: #262626 !important;
            }
            .login .wp-hide-pw,
            .login .hide-if-no-js {
                display: none !important;
            }

            /* Hide reCAPTCHA v3 */
            .grecaptcha-badge {
                visibility: hidden !important;
            }
        </style>
        <script type="text/javascript">
            document.addEventListener("DOMContentLoaded", function() {
                var wpLink = document.querySelector(".login h1 a");
                if (wpLink) {
                    wpLink.href = "";
                }
            });
        </script>
        <?php
    }
}

Answer 5 · 2024-07-12T07:41:55.000Z

@jmattcustorio There is a filter two_factor_enabled_providers_for_user that allows you to force-enable one of the available methods if the user doesn't have any configured in their profile as described in this comment #307 (comment) (place that logic into a dedicated must-use plugin file under wp-content/mu-plugins, for example).

The feature to configure the auto-enabled methods is tracked as part of that same issue so I'm going to close this as a duplicate.