verification codes sent when wp_set_current_user() used

  • technicalx

    (@technicalx)


    9 months, 2 weeks ago

    I’ve had customers worried about 2FA alerts but the alerts are caused by my pricing code which uses wp_set_current_user()

    Can 2FA be disabled for wp_set_current_user() function? this would also be handy for use with Switch User plugins.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author as247

    (@as247)

    9 months, 2 weeks ago

    Hi

    When using the “Login As” feature (switching to another user from admin), WP2SV may still require two-step verification.
    To mark the session as already having passed two-step verification, add:


    add_action(‘wp2sv_handle’, function ($wp2sv) {
    $wp2sv->make(‘handler’)->passed();
    },9);

    You may also disable wp2sv for safe request
    add_action(‘wp2sv_trusted_request’,’__return_true’)

    Hope this help

    Thread Starter technicalx

    (@technicalx)

    9 months, 2 weeks ago

    This doesn’t appear to work when I attach to filter “attach_session_information” from Switch User plugin by John Blackbourn. the 2FA still happens when using Switch User.

    My function runs, I see the log.

    function custom_session_filter($user_id, $old_user_id, $new_token, $old_token) {
    add_action('wp2sv_trusted_request','__return_true');
    add_action('wp2sv_handle', function ($wp2sv) {
    $wp2sv->make('handler')->passed();
    }, 9);
    error_log('wp2sv_trusted_request attach_session_information ');
    }
    add_filter('attach_session_information', 'custom_session_filter', 99, 4);

    This is the code in plugin 

    add_filter( 'attach_session_information', $session_filter, 99 );
    wp_clear_auth_cookie();
    wp_set_auth_cookie( $user_id, $remember, '', $new_token );
    wp_set_current_user( $user_id );

    remove_filter( 'attach_session_information', $session_filter, 99 );
    • This reply was modified 9 months, 2 weeks ago by technicalx.
    Plugin Author as247

    (@as247)

    9 months, 2 weeks ago

    @technicalx Please try

    wp2sv()->get(‘auth’)->setCookie($user_id, $remember) after
    wp_set_auth_cookie( $user_id, $remember, ”, $new_token );

    Thread Starter technicalx

    (@technicalx)

    9 months, 1 week ago

    if(function_exists('wp2sv')){ wp2sv()->get('auth')->setCookie($user_id, $remember); }

    Does work, however editing the Switch User plugin core code isn’t a viable option. I need a function filter which can handle the same.

    Plugin Author as247

    (@as247)

    9 months, 1 week ago

    you may do it in set_auth_cookie action, when wp_set_auth_cookie is called it trigger set_auth_cookie action.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘verification codes sent when wp_set_current_user() used’ is closed to new replies.