Add network-level provider settings for WordPress Multisite#915
Add network-level provider settings for WordPress Multisite#915faisalahammad wants to merge 2 commits into
Conversation
- Add network options for enabled providers and subsite override toggle. - Network Admin settings page under Settings -> Two-Factor (network-activated only). - Apply network-wide provider list; subsites can only narrow it when override is enabled. - Keep site-level settings as fallback when the network has not configured providers. - Show read-only notice on subsite settings when network-managed, with disabled providers visible. - Add tests and uninstall cleanup for the network options. Fixes WordPress#894
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
|
Thanks for working on this PR. This matches the Multisite use case I described in #894. From my perspective as a network admin, the most important behavior is that providers disabled in Network Admin should not be re-enabled by individual subsites. If “Allow subsites to override” is disabled, the network provider list should be the effective policy for all subsites. Even if subsite override is enabled, subsites should only be able to narrow the network provider list, not expand it. I noticed two small points while looking at the implementation:
Thanks again for taking this on. |
- Make plugin Settings action link network-aware: points to Network Admin Two-Factor settings when network-activated and user can manage_network_options. - Add network_admin_plugin_action_links handler so the link appears on Network Admin > Plugins. - Guard Network Settings save against empty provider list to prevent network-wide lockout; show error notice and preserve existing config. - Add PHPUnit tests for network-aware link and empty-list rejection. Refs WordPress#915
|
Hi @acer2021lg, Thank you for the feedback. Both points are addressed:
Thanks again. |
Summary
This PR adds a Network Admin settings page for Two-Factor provider configuration. When the plugin is network-activated, a Super Admin can choose which providers are available across the network and decide whether subsites may override that list. The change keeps the existing site-level settings screen intact for non-network mode or when no network policy is configured.
Fixes #894
Changes
class-two-factor-core.phpENABLED_PROVIDERS_NETWORK_OPTION_KEYandNETWORK_ALLOW_SITE_OVERRIDE_OPTION_KEY.uninstall()to delete the new network options withdelete_site_option().two-factor.phptwo_factor_is_network_mode()with atwo_factor_network_modefilter so the network logic can be unit-tested without a Multisite install.network_admin_menuonly when the plugin is network-activated.two_factor_get_site_enabled_providers_option()and rewrotetwo_factor_get_enabled_providers_option()to return the effective provider list: network option first, with subsite intersection when override is allowed.settings/class-two-factor-network-settings.php(new)settings/class-two-factor-settings.phptests/class-two-factor-network-settings.php(new)Testing
Test 1: Network-managed provider list
Test 2: Subsite override disabled
Test 3: Subsite override enabled
Automated tests
npm run composer -- test npm run lint:php npm run lint:phpstanAll 203 tests pass, PHPStan reports no errors, and no new PHPCS errors are introduced in the changed files.