added filter to control whether authcode autosubmits #741
Conversation
kasparsd
left a comment
kasparsd
left a comment
There was a problem hiding this comment.
This looks good! Had one optional suggestion for moving the PHP state into JS variable to help move these scripts into standalone JS eventually.
Could you please document the filter, add the docblock comment (similar to other filters)?
class-two-factor-core.php
Outdated
| if ( undefined !== form.requestSubmit ) { | ||
| form.requestSubmit(); | ||
| form.submit.disabled = "disabled"; | ||
| <?php if ( $auto_submit_authcode ) { ?> |
There was a problem hiding this comment.
Could we use the variable state to generate a JS variable instead? That would allow us to eventually move this JS into an external file and pass that as data to the script.
Something like const autoSubmitEnabled = <?php echo json_encode( ... ); ?> and then use that here in pure JS if-check?
There was a problem hiding this comment.
Happy to make this change! How/where would you like the JS variable to be output? I could output it as a data attribute on the form element (something like data-auto-submit) or could output it as a small <script> snippet in the <head> tag so it's a global variable that can be accessed. I kind of lean toward the data attribute to keep it scoped to the form itself.
There was a problem hiding this comment.
@kasparsd any thoughts on the question above on approach?
3 participants
What?
Adds a filter to allow a theme or plugin to turn off auto submission of authcodes
Why?
Plugins that enhance two-factor may want to turn off auto-submission to allow the user time to interact with other form elements on the page prior to submission. See #723.
How?
A filter is added and assigned to a variable. That variable is checked prior to the relevant JS being output (and prevents it from printing entirely if the value is false).
Testing Instructions
functions.php, add the following:Changelog Entry