Skip to content

Add filter for rest_api_can_edit_user_and_update_two_factor_options #689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kasparsd merged 2 commits into from
Dec 10, 2025
Merged

Add filter for rest_api_can_edit_user_and_update_two_factor_options #689

kasparsd merged 2 commits into from
Dec 10, 2025

Conversation

@gutobenn
Copy link
Contributor

@gutobenn gutobenn commented May 7, 2025

What?

Introduce a new filter hook in the Two_Factor_Core::rest_api_can_edit_user_and_update_two_factor_options method.

Why?

To allow developers to programmatically control whether REST API endpoints related to Two-Factor authentication can edit a specific user’s settings.

How?

Added a new filter, two_factor_rest_api_can_edit_user, which allows overriding the default behavior by modifying the return value of the rest_api_can_edit_user_and_update_two_factor_options method.

Testing Instructions

The following snippet disables Two-Factor-related REST API endpoints (rest_setup_totp, rest_delete_totp, and rest_generate_codes) for a specific user (user ID 123):

add_filter( 'two_factor_rest_api_can_edit_user', function( $can_edit, $user_id ) {
    if ( $user_id === 123 ) {
        return false;
    }

    return $can_edit;
}, 10, 2 );

Testing Instructions

  1. Apply the above filter to your codebase.
  2. Attempt to call the Two-Factor-related REST API endpoints for user ID 123.
  3. Confirm that the calls are blocked.
  4. Ensure the endpoints continue to work for other users.

Changelog Entry

Added - New two_factor_rest_api_can_edit_user filter to control edit permissions via the REST API for specific users

@jeffpaul jeffpaul added this to the Future Release milestone May 7, 2025
@jeffpaul jeffpaul requested a review from kasparsd May 7, 2025 17:22
kasparsd
kasparsd approved these changes Dec 10, 2025
View reviewed changes
Copy link
Collaborator

@kasparsd kasparsd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, thanks for your contribution @gutobenn!

Let me know if you don't have the capacity to document the filter and we can address that in a follow-up pull request.

@gutobenn
Copy link
Contributor Author

gutobenn commented Dec 10, 2025

@kasparsd done ;)

@kasparsd kasparsd merged commit 605d066 into WordPress:master Dec 10, 2025
3 of 27 checks passed
@jeffpaul jeffpaul modified the milestones: Future Release, 0.15.0 Dec 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kasparsd kasparsd kasparsd approved these changes

Assignees

@gutobenn gutobenn

Labels

None yet

Projects

None yet

Milestone

0.14.2

Development

Successfully merging this pull request may close these issues.

3 participants

@gutobenn @kasparsd @jeffpaul