Jetpack: Account Protection #40925
Open
Jetpack: Account Protection #40925
+5,186
−413
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available. Follow this PR Review Process:
If you have questions about anything, reach out in #jetpack-developers for guidance! Jetpack plugin: The Jetpack plugin has different release cadences depending on the platform:
If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack. Protect plugin: No scheduled milestone found for this plugin. If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack. |
github-actions
bot
added
the
[Status] Needs Author Reply
github-actions
bot
added
[Package] Account Protection
[Tests] Includes Tests
Docs
labels
|
Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.
Interested in more tips and information?
|
github-actions
bot
added
[Feature] WPCOM API
[JS Package] API
[Plugin] Jetpack
dkmyta
force-pushed
the
add/account-protection
branch
from
a4b2f4a to
639a306
Compare
Code Coverage SummaryCoverage changed in 5 files.
10 files are newly checked for coverage. Only the first 5 are listed here.
Full summary · PHP report · JS report Add label
I don't care about code coverage for this PR
|
Code Coverage SummaryCoverage changed in 8 files. Only the first 5 are listed here.
10 files are newly checked for coverage. Only the first 5 are listed here.
Full summary · PHP report · JS report If appropriate, add one of these labels to override the failing coverage check:
Covered by non-unit tests
|
nateweller
reviewed
Feb 15, 2025
nateweller
reviewed
Feb 15, 2025
projects/js-packages/api/changelog/add-jetpack-account-protection-security-settings
Outdated
Show resolved
Hide resolved
nateweller
reviewed
Feb 16, 2025
projects/packages/account-protection/src/class-password-manager.php
Outdated
Show resolved
Hide resolved
3 tasks
dkmyta
commented
Feb 16, 2025
| * Module Name: Account protection | ||
| * Module Description: When enabled, users can only set passwords that meet strong security standards, helping protect their accounts and your site. | ||
| * Sort Order: 4 | ||
| * First Introduced: $$next-version$$ |
There was a problem hiding this comment.
Suggested change
| * First Introduced: $$next-version$$ | |
| * First Introduced: 14.4 |
This caused build errors, reverted for now but leaving this here as a reminder that this will need to be updated.
[plugins/jetpack 4.266] ::error file=projects/plugins/jetpack/modules/account-protection.php,line=6::Unexpected `$$next-version$$` token.
[plugins/jetpack 5.382] Build failed: Error: Command failed with exit code 1: /home/runner/work/jetpack/jetpack/tools/replace-next-version-tag.sh -v plugins/jetpack 14.4-a.4
Co-authored-by: Nate Weller <[email protected]>
…r.php Co-authored-by: Nate Weller <[email protected]>
* Protect: use object for account protection settings, add isEnabled and isSupported * Add test for Settings class * Minor clean up
…ments (#41830) * Protect: use object for account protection settings, add isEnabled and isSupported * Protect: disable account protection toggle when not supported in current env * Adjust implementation * Remove custom class name for disabled case * Fix tests * Fix error * Align copy --------- Co-authored-by: dkmyta <[email protected]> Co-authored-by: dkmyta <[email protected]>
…ments (#41831) * Protect: use object for account protection settings, add isEnabled and isSupported * Jetpack: disable account protection toggle and show notice when in unsupported env * Use SimpleNotice and adjust position * Refactor --------- Co-authored-by: dkmyta <[email protected]>
* Protect: use object for account protection settings, add isEnabled and isSupported * Jetpack: disable account protection toggle and show notice when in unsupported env * Use SimpleNotice and adjust position * Refactor * Adjust account protection settings UI in Jetpack --------- Co-authored-by: dkmyta <[email protected]>
* Close modal after auth success * Simplify * Improve render_content logic * Fix phan errors * Simplify body class logic and remove ABSPATH check
* Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @Package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Add foundation for the custom password strength meter * Fix tests * Add ajax request for password validation * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Updates and improvements * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Add password validation status handling and hook up ajax callback * Update variables names * Add loading state * Remove todos * Add nonce to ajax request * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Improve logic * Improvements and reorg * Add info popovers * Add core req to initial validation state * Generalize core info popover message * Fix core strength meter status * Remove testing code * Ensure save enabled when appropriate * Update todos * Center validation items * Fix tests * Save alt approach * Fix styling, centralize core references * Reorg * Use global pagenow for context, restrict user specific check to profile updates * Compartmentalize generating and appending validation meter and status initial states * Optimization and reorg improvements * Remove todos * Remove unneeded comments * Ensure info popover fits in all form views * Fix test * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Fix bindEvents * Correct colors * Add aria-live attr to strength-meter * Remove core input mods and use custom selectors to apply strength meter margins * Update core validation item message, and display only on failure * Add clarifying comment * Remove unnecessary user->ID check, and redundant method * Only render validating state if not already validating * Debounce input event listener to limit number of requests * Ensure hidden checklist items get re-hidden when validating * Optimize icon svgs * Improve text centering
* Add Account Protection to pricing table * changelog
… validation failure (#41941) * Do not log failed attempts of validation failure * changelog * Minor adjustments to PHPdoc comments --------- Co-authored-by: Nate Weller <[email protected]>
* Update to support links * Fix link concat * Fix typo * Ensure all links open new window
…detected (#41956) * Update to support links * Fix link concat * Fix typo * Ensure all links open new window * Disable feature in Protect if unsupported Jetpack version is found * Fix phan errors * Update checks to Jetpack 14.5
* Improve the display of error notices on the password detection screen * Improve success flow, add success notices * Fix phan errors * Fix tests * Fix notice responsiveness * Use API errors and error object for setting error transients * Use correct transient prefix constant * Improve rate limiting * Enforce request limit per token * Update account recovery message * Fix constant * General constants * Remove unneeded comments * Update email request limit message * Show recovery message on email_send_error also * Fix phan errors * Update recovery message to recommend a password reset * Fix typo * Remove unrelated changes * Fix expected transient prefix in tests --------- Co-authored-by: Nate Weller <[email protected]>
* Optimize icon rendering * Fix passwordInput border flicker after empty state * Add todos * Reorg * Improve styling * Remove unused assets --------- Co-authored-by: Nate Weller <[email protected]>
* Set and validate transient to avoid bypass * Use user ID in validation
nateweller
force-pushed
the
add/account-protection
branch
from
dafcb31 to
d224ab8
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Project branch for the Account Protection project based off of #40923.
Proposed changes:
Other information:
Jetpack product discussion
Does this pull request change what data or activity we track or use?
Testing instructions: