/** * Two-Factor Authentication settings (Pro). */ import { __ } from '@wordpress/i18n'; import { useSelect, useDispatch } from '@wordpress/data'; import { PanelBody, PanelRow, ToggleControl, Notice, Spinner, Button, TextControl, CheckboxControl, } from '@wordpress/components'; import { useMemo, useCallback, useState, useEffect } from '@wordpress/element'; import apiFetch from '@wordpress/api-fetch'; import ProBadge from '../../components/ProBadge'; import { useSaveBar } from '../../components/SaveBar'; import { SECURITY_DEFAULTS } from '../../utils/defaults'; const ROLE_OPTIONS = [ { value: 'administrator', label: __( 'Administrator', 'wp-edit-password-protected' ) }, { value: 'editor', label: __( 'Editor', 'wp-edit-password-protected' ) }, { value: 'author', label: __( 'Author', 'wp-edit-password-protected' ) }, { value: 'contributor', label: __( 'Contributor', 'wp-edit-password-protected' ) }, { value: 'subscriber', label: __( 'Subscriber', 'wp-edit-password-protected' ) }, ]; const TwoFactor = () => { const { settings, isLoading, isPro } = useSelect( ( select ) => { const store = select( 'wpepp/settings' ); return { settings: store.getSectionSettings( 'security' ), isLoading: store.isLoading(), isPro: store.isPro(), }; } ); const { updateSetting, saveSettings, resetSettings } = useDispatch( 'wpepp/settings' ); const s = useMemo( () => ( { ...SECURITY_DEFAULTS, ...settings } ), [ settings ] ); const update = useCallback( ( key, value ) => { updateSetting( 'security', key, value ); }, [ updateSetting ] ); const handleSave = useCallback( () => { saveSettings( 'security', s ); }, [ saveSettings, s ] ); const handleReset = useCallback( () => { resetSettings( 'security' ); }, [ resetSettings ] ); useSaveBar( handleSave, handleReset ); // 2FA personal setup state. const [ setupLoading, setSetupLoading ] = useState( false ); const [ setupData, setSetupData ] = useState( null ); const [ verifyCode, setVerifyCode ] = useState( '' ); const [ recoveryCodes, setRecoveryCodes ] = useState( null ); const [ twoFaStatus, setTwoFaStatus ] = useState( null ); const [ setupError, setSetupError ] = useState( '' ); const loadStatus = useCallback( async () => { try { const res = await apiFetch( { path: '/wpepp/v1/2fa/status' } ); setTwoFaStatus( res ); } catch { // Ignore — not pro or not available. } }, [] ); // Load status on first render. useEffect( () => { if ( isPro ) { loadStatus(); } }, [ isPro, loadStatus ] ); const startSetup = useCallback( async () => { setSetupLoading( true ); setSetupError( '' ); try { const res = await apiFetch( { path: '/wpepp/v1/2fa/setup', method: 'POST' } ); setSetupData( res ); } catch ( err ) { setSetupError( err.message || __( 'Setup failed.', 'wp-edit-password-protected' ) ); } setSetupLoading( false ); }, [] ); const confirmSetup = useCallback( async () => { setSetupLoading( true ); setSetupError( '' ); try { const res = await apiFetch( { path: '/wpepp/v1/2fa/confirm', method: 'POST', data: { code: verifyCode }, } ); setRecoveryCodes( res.recovery_codes ); setSetupData( null ); setVerifyCode( '' ); loadStatus(); } catch ( err ) { setSetupError( err.message || __( 'Verification failed.', 'wp-edit-password-protected' ) ); } setSetupLoading( false ); }, [ verifyCode, loadStatus ] ); const disableSetup = useCallback( async () => { setSetupLoading( true ); try { await apiFetch( { path: '/wpepp/v1/2fa/disable', method: 'POST' } ); setTwoFaStatus( { enabled: false, required: twoFaStatus?.required } ); setSetupData( null ); setRecoveryCodes( null ); } catch { // Ignore. } setSetupLoading( false ); }, [ twoFaStatus ] ); const toggleRole = useCallback( ( role, checked ) => { const current = Array.isArray( s.two_factor_roles ) ? [ ...s.two_factor_roles ] : [ 'administrator' ]; if ( checked ) { if ( ! current.includes( role ) ) { current.push( role ); } } else { const idx = current.indexOf( role ); if ( idx > -1 ) { current.splice( idx, 1 ); } } update( 'two_factor_roles', current ); }, [ s.two_factor_roles, update ] ); if ( isLoading ) { return ; } const roles = Array.isArray( s.two_factor_roles ) ? s.two_factor_roles : [ 'administrator' ]; return (

{ __( 'Two-Factor Authentication', 'wp-edit-password-protected' ) }

{ /* --- Global 2FA Settings --- */ } { __( 'Enable Two-Factor Authentication', 'wp-edit-password-protected' ) } { ! isPro && } } checked={ isPro && s.two_factor_enabled } onChange={ ( v ) => update( 'two_factor_enabled', v ) } disabled={ ! isPro } /> { isPro && s.two_factor_enabled && ( <> { __( 'Users in the selected roles will be prompted for a 6-digit code from their authenticator app (Google Authenticator, Authy, Microsoft Authenticator, etc.) when logging in.', 'wp-edit-password-protected' ) }
{ __( 'Require 2FA for these roles:', 'wp-edit-password-protected' ) }
{ ROLE_OPTIONS.map( ( opt ) => ( toggleRole( opt.value, v ) } /> ) ) }
{ __( 'Users must set up 2FA from their WordPress Profile page. Until they do, they can still log in without a code.', 'wp-edit-password-protected' ) } ) } { /* --- Personal 2FA Setup (for current admin) --- */ } { isPro && s.two_factor_enabled && ( { twoFaStatus?.enabled ? ( <> ✓ { __( 'Two-factor authentication is active on your account.', 'wp-edit-password-protected' ) } ) : ( <> { ! setupData && ! recoveryCodes && ( <>

{ __( 'Set up two-factor authentication for your account using an authenticator app.', 'wp-edit-password-protected' ) }

) } { setupData && ( <>

{ __( 'Step 1:', 'wp-edit-password-protected' ) } { __( 'Scan this QR code with your authenticator app:', 'wp-edit-password-protected' ) }

{

{ __( 'Manual key:', 'wp-edit-password-protected' ) }{ ' ' } { setupData.secret }

{ __( 'Step 2:', 'wp-edit-password-protected' ) } { __( 'Enter the 6-digit code from your app to verify:', 'wp-edit-password-protected' ) }

{ setupError && ( { setupError } ) } ) } ) } { recoveryCodes && ( <> { __( 'Save your recovery codes!', 'wp-edit-password-protected' ) }
{ __( 'These codes can be used to log in if you lose access to your authenticator app. Each code can only be used once. Store them in a safe place.', 'wp-edit-password-protected' ) }
{ recoveryCodes.map( ( code, i ) => (
{ code }
) ) }
) } ) }
); }; export default TwoFactor;