Lack of interest [Developer Tool] Two-factor authentication: "disable" handler

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.

DragonByte Tech

Well-known member
At the moment, when you disable any given 2FA provider, it simply deletes the entity.

It would be great if you could add a new method to \XF\Tfa\AbstractProvider like so:
PHP:
    public function handleDisable(
        \XF\Mvc\Controller $controller, \XF\Entity\TfaProvider $provider, \XF\Entity\User $user, array $config
    )
    {
        return true;
    }

Then above $userTfa->delete(); inside actionTwoStepDisable add something like this:
PHP:
        /** @var \XF\Tfa\AbstractProvider $handler */
        $handler = $provider->handler;
        $result = $handler->handleDisable($this, $provider, \XF::visitor(), $userTfa->provider_data);
        if (!$result)
        {
            return $this->redirect($this->buildLink('account/two-step'));
        }

Use case: I am working on integration with physical security keys, and I need to run certain clean-up actions to ensure that re-registering the device does not produce an error message.

Impact: The impact of adding this code should be minimal, as it is not an abstract method, and the default return value satisfies the $result check. I don't believe this would constitute a breaking change nor would it require a great amount of testing, so there would not be a lot of QA testing opportunity cost.
 
Upvote 2
This suggestion has been closed. Votes are no longer accepted.
Back
Top Bottom