WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Two Factor Auth by role

[Resolved] Two Factor Auth by role

Viewing 14 replies - 1 through 14 (of 14 total)
  • Plugin Author Paul G.
    Participant

    @paultgoodchild

    Never really thought of that… I’ll see about adding this

    Thanks for the idea!
    Paul.

    barnabasnagy
    Member

    @barnabasnagy

    No worries. I also have a client who I trialled two factor auth and neither editors nor members did not get how to use it. So I only applied to to admins. Which is what level of access hackers try to get in anyway.

    Plugin Author Paul G.
    Participant

    @paultgoodchild

    Would a minimum level work? Say, enforce 2-factor for all levels above… ‘Editor’?

    barnabasnagy
    Member

    @barnabasnagy

    Hi Paul,

    It would be much better but I would not like to say it would work for me perfectly. I may want to have 2 factor for admins and contributors, leaving out editors. Oskar Hane’s plugin just does this well with simple checkboxes.

    Is that more difficult to do?

    Barnabas

    Plugin Author Paul G.
    Participant

    @paultgoodchild

    Hey,

    Yea, much easier to have a single option value instead of several; either way, it’ll take a few days to get this put through.

    It should be in the next release though.
    Cheers,
    Paul.

    Plugin Author Paul G.
    Participant

    @paultgoodchild

    Hi Barnabas,

    I decided to get cracking on this and I’ve pushed out v2.5.6 which should allow you to select multiple roles that are subject to 2-factor auth.

    Please let me know if this is what you were looking for.

    Thanks,
    Paul.

    barnabasnagy
    Member

    @barnabasnagy

    Hi Paul,

    This works like a charm! Thanks so much.

    Barnabas

    Plugin Author Paul G.
    Participant

    @paultgoodchild

    Happy to help! 🙂

    barnabasnagy
    Member

    @barnabasnagy

    Hi Paul,

    Two issues:

    1. When I unselect all roles and save, it auto selects Contributor and above. But this is the least issue.

    2. I selected Admin role two factor for a site that uses S2 Member. When I logged in with my test editor it did not ask it to two factor which is how it should be. But then I logged in with my test member user that is assigned S2 Member level #1 and it asked me to two factor – which I do not want obviously!

    For now I had to disable two factor for the whole site because of this.

    Could you please help?

    Barnabas

    Plugin Author Paul G.
    Participant

    @paultgoodchild

    Hey Barnabas,

    For #1 this is expected behaviour, because if you want to actually turn of Two-Factor authentication, you wouldn’t do it by deselecting the roles, you’d do it by deselecting the two-factor option itself.

    #2, I’ve released v2.5.7 to hopefully address this. It’s hard to say because I can’t replicate the issue exactly, so I simplified the logic used to determine whether 2-factor would be applied to a role.

    My concern might be how perhaps S2 Member is affecting roles and levels, but I’m not sure. Determining roles and levels in WordPress, like many things WordPress, is a dark art, so for now I’m going with this translation for roles and levels:
    https://codex.wordpress.org/Roles_and_Capabilities#User_Level_to_Role_Conversion

    Let me know how this update works for you.
    Cheers,
    Paul.

    barnabasnagy
    Member

    @barnabasnagy

    Hi Paul,

    1. “you’d do it by deselecting the two-factor option itself.” – how to do that? I did not find an option.

    2. It WORKS!

    Thanks a lot!

    Barnabas

    Plugin Author Paul G.
    Participant

    @paultgoodchild

    There are 2x two-factor auth options – one by IP address, the other by Cookie. Simply deselecting both these options will turn off 2-factor.

    barnabasnagy
    Member

    @barnabasnagy

    I see. Just a gentle feedback – it wasn’t obvious 😉

    Logically both could have disabled the 2 factor.

    1. Deselecting the users.
    2. Deselecting the options.

    The most obvious would be to add a tick box next to the two factor headline that says enable. If unticked it would disable it.

    Plugin Author Paul G.
    Participant

    @paultgoodchild

    The problem is that it would be an extra option that doesn’t actually do anything more than the other two. I may add just some explanatory text to the section.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘[Resolved] Two Factor Auth by role’ is closed to new replies.