From f9632afcdb744b76a6db3458c881bf429b219a19 Mon Sep 17 00:00:00 2001 From: Brian Date: Mon, 23 Feb 2026 20:20:56 +0100 Subject: [PATCH 1/8] add since docs --- providers/class-two-factor-email.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/providers/class-two-factor-email.php b/providers/class-two-factor-email.php index 2f5cf1f4..d322f061 100644 --- a/providers/class-two-factor-email.php +++ b/providers/class-two-factor-email.php @@ -66,6 +66,8 @@ public function get_alternative_provider_label() { /** * Get the email token length. * + * @since 0.11.0 + * * @return int Email token string length. */ private function get_token_length() { @@ -99,6 +101,8 @@ public function generate_token( $user_id ) { /** * Check if user has a valid token already. * + * @since 0.2.0 + * * @param int $user_id User ID. * @return boolean If user has a valid email token. */ @@ -115,6 +119,8 @@ public function user_has_token( $user_id ) { /** * Has the user token validity timestamp expired. * + * @since 0.6.0 + * * @param integer $user_id User ID. * * @return boolean @@ -134,6 +140,8 @@ public function user_token_has_expired( $user_id ) { /** * Get the lifetime of a user token in seconds. * + * @since 0.6.0 + * * @param integer $user_id User ID. * * @return integer|null Return `null` if the lifetime can't be measured. @@ -151,6 +159,8 @@ public function user_token_lifetime( $user_id ) { /** * Return the token time-to-live for a user. * + * @since 0.6.0 + * * @param integer $user_id User ID. * * @return integer @@ -182,6 +192,8 @@ public function user_token_ttl( $user_id ) { /** * Get the authentication token for the user. * + * @since 0.2.0 + * * @param int $user_id User ID. * * @return string|boolean User token or `false` if no token found. @@ -237,6 +249,8 @@ public function delete_token( $user_id ) { /** * Get the client IP address for the current request. * + * @since 0.15.0 + * * Note that the IP address is used only for information purposes * and is expected to be configured correctly, if behind proxy. * @@ -359,6 +373,8 @@ public function authentication_page( $user ) { * Send the email code if missing or requested. Stop the authentication * validation if a new token has been generated and sent. * + * @since 0.2.0 + * * @param WP_User $user WP_User object of the logged-in user. * @return boolean */ @@ -427,6 +443,8 @@ public function user_options( $user ) { /** * Return user meta keys to delete during plugin uninstall. * + * @since 0.10.0 + * * @return array */ public static function uninstall_user_meta_keys() { From 0a86103ebed14cdb63f5d41bc43298ba5f11d532 Mon Sep 17 00:00:00 2001 From: Brian Date: Mon, 23 Feb 2026 20:25:12 +0100 Subject: [PATCH 2/8] add since docs --- providers/class-two-factor-provider.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/providers/class-two-factor-provider.php b/providers/class-two-factor-provider.php index 001194f2..7f042966 100644 --- a/providers/class-two-factor-provider.php +++ b/providers/class-two-factor-provider.php @@ -98,6 +98,8 @@ abstract public function authentication_page( $user ); * Return `true` to prevent the authentication and render the * authentication page. * + * @since 0.2.0 + * * @param WP_User $user WP_User object of the logged-in user. * @return boolean */ @@ -118,6 +120,8 @@ abstract public function validate_authentication( $user ); /** * Whether this Two Factor provider is configured and available for the user specified. * + * @since 0.7.0 + * * @param WP_User $user WP_User object of the logged-in user. * @return boolean */ @@ -126,6 +130,8 @@ abstract public function is_available_for_user( $user ); /** * If this provider should be available for the user. * + * @since 0.13.0 + * * @param WP_User|int $user WP_User object, user ID or null to resolve the current user. * * @return bool @@ -159,6 +165,8 @@ public static function get_code( $length = 8, $chars = '1234567890' ) { /** * Sanitizes a numeric code to be used as an auth code. * + * @since 0.8.0 + * * @param string $field The _REQUEST field to check for the code. * @param int $length The valid expected length of the field. * @return false|string Auth code on success, false if the field is not set or not expected length. @@ -182,6 +190,8 @@ public static function sanitize_code_from_request( $field, $length = 0 ) { /** * Return the user meta keys that need to be deletated on plugin uninstall. * + * @since 0.10.0 + * * @return array */ public static function uninstall_user_meta_keys() { @@ -191,6 +201,8 @@ public static function uninstall_user_meta_keys() { /** * Return the option keys that need to be deleted on plugin uninstall. * + * @since 0.10.0 + * * Note: this method doesn't have access to the instantiated provider object. * * @return array From b5f62929e49eb72079edcbe129ec3048c78de544 Mon Sep 17 00:00:00 2001 From: Brian Date: Mon, 23 Feb 2026 22:13:55 +0100 Subject: [PATCH 3/8] add phpstan error --- providers/class-two-factor-backup-codes.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/class-two-factor-backup-codes.php b/providers/class-two-factor-backup-codes.php index ee6ec2e6..4666a9a2 100644 --- a/providers/class-two-factor-backup-codes.php +++ b/providers/class-two-factor-backup-codes.php @@ -244,7 +244,7 @@ private function get_backup_code_length( $user ) { * @param array $args Optional arguments for assigning new codes. * @return array */ - public function generate_codes( $user, $args = '' ) { + public function generate_codes( $user, $args = array() ) { $codes = array(); $codes_hashed = array(); From 7cbf109458a9fcf28a328b3ff510ffcff0fa6b85 Mon Sep 17 00:00:00 2001 From: Brian Date: Mon, 23 Feb 2026 22:15:58 +0100 Subject: [PATCH 4/8] fix phpstan issues --- providers/class-two-factor-totp.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php index d458d990..65fb26c5 100644 --- a/providers/class-two-factor-totp.php +++ b/providers/class-two-factor-totp.php @@ -169,7 +169,7 @@ public function enqueue_assets( $hook_suffix ) { * Rest API endpoint for handling deactivation of TOTP. * * @param WP_REST_Request $request The Rest Request object. - * @return array Success array. + * @return WP_Error|array Array of data on success, WP_Error on error. */ public function rest_delete_totp( $request ) { $user_id = $request['user_id']; @@ -623,15 +623,15 @@ public static function get_authcode_valid_ticktime( $key, $authcode, $hash = sel $ticks = range( - $max_ticks, $max_ticks ); usort( $ticks, array( __CLASS__, 'abssort' ) ); - $time = floor( self::time() / $time_step ); + $time = (int) floor( self::time() / $time_step ); $digits = strlen( $authcode ); foreach ( $ticks as $offset ) { - $log_time = $time + $offset; + $log_time = (int) ( $time + $offset ); if ( hash_equals( self::calc_totp( $key, $log_time, $digits, $hash, $time_step ), $authcode ) ) { // Return the tick timestamp. - return $log_time * self::DEFAULT_TIME_STEP_SEC; + return (int) ( $log_time * self::DEFAULT_TIME_STEP_SEC ); } } From f2ce8e9b35959add433e377a74d995d2c5dc83b6 Mon Sep 17 00:00:00 2001 From: Brian Date: Mon, 23 Feb 2026 22:18:58 +0100 Subject: [PATCH 5/8] Revert "add since docs" This reverts commit 0a86103ebed14cdb63f5d41bc43298ba5f11d532. --- providers/class-two-factor-provider.php | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/providers/class-two-factor-provider.php b/providers/class-two-factor-provider.php index 7f042966..001194f2 100644 --- a/providers/class-two-factor-provider.php +++ b/providers/class-two-factor-provider.php @@ -98,8 +98,6 @@ abstract public function authentication_page( $user ); * Return `true` to prevent the authentication and render the * authentication page. * - * @since 0.2.0 - * * @param WP_User $user WP_User object of the logged-in user. * @return boolean */ @@ -120,8 +118,6 @@ abstract public function validate_authentication( $user ); /** * Whether this Two Factor provider is configured and available for the user specified. * - * @since 0.7.0 - * * @param WP_User $user WP_User object of the logged-in user. * @return boolean */ @@ -130,8 +126,6 @@ abstract public function is_available_for_user( $user ); /** * If this provider should be available for the user. * - * @since 0.13.0 - * * @param WP_User|int $user WP_User object, user ID or null to resolve the current user. * * @return bool @@ -165,8 +159,6 @@ public static function get_code( $length = 8, $chars = '1234567890' ) { /** * Sanitizes a numeric code to be used as an auth code. * - * @since 0.8.0 - * * @param string $field The _REQUEST field to check for the code. * @param int $length The valid expected length of the field. * @return false|string Auth code on success, false if the field is not set or not expected length. @@ -190,8 +182,6 @@ public static function sanitize_code_from_request( $field, $length = 0 ) { /** * Return the user meta keys that need to be deletated on plugin uninstall. * - * @since 0.10.0 - * * @return array */ public static function uninstall_user_meta_keys() { @@ -201,8 +191,6 @@ public static function uninstall_user_meta_keys() { /** * Return the option keys that need to be deleted on plugin uninstall. * - * @since 0.10.0 - * * Note: this method doesn't have access to the instantiated provider object. * * @return array From 240e700906c4bb71c13ce94be42c814c776ed487 Mon Sep 17 00:00:00 2001 From: Brian Date: Mon, 23 Feb 2026 22:19:01 +0100 Subject: [PATCH 6/8] Revert "add since docs" This reverts commit f9632afcdb744b76a6db3458c881bf429b219a19. --- providers/class-two-factor-email.php | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/providers/class-two-factor-email.php b/providers/class-two-factor-email.php index d322f061..2f5cf1f4 100644 --- a/providers/class-two-factor-email.php +++ b/providers/class-two-factor-email.php @@ -66,8 +66,6 @@ public function get_alternative_provider_label() { /** * Get the email token length. * - * @since 0.11.0 - * * @return int Email token string length. */ private function get_token_length() { @@ -101,8 +99,6 @@ public function generate_token( $user_id ) { /** * Check if user has a valid token already. * - * @since 0.2.0 - * * @param int $user_id User ID. * @return boolean If user has a valid email token. */ @@ -119,8 +115,6 @@ public function user_has_token( $user_id ) { /** * Has the user token validity timestamp expired. * - * @since 0.6.0 - * * @param integer $user_id User ID. * * @return boolean @@ -140,8 +134,6 @@ public function user_token_has_expired( $user_id ) { /** * Get the lifetime of a user token in seconds. * - * @since 0.6.0 - * * @param integer $user_id User ID. * * @return integer|null Return `null` if the lifetime can't be measured. @@ -159,8 +151,6 @@ public function user_token_lifetime( $user_id ) { /** * Return the token time-to-live for a user. * - * @since 0.6.0 - * * @param integer $user_id User ID. * * @return integer @@ -192,8 +182,6 @@ public function user_token_ttl( $user_id ) { /** * Get the authentication token for the user. * - * @since 0.2.0 - * * @param int $user_id User ID. * * @return string|boolean User token or `false` if no token found. @@ -249,8 +237,6 @@ public function delete_token( $user_id ) { /** * Get the client IP address for the current request. * - * @since 0.15.0 - * * Note that the IP address is used only for information purposes * and is expected to be configured correctly, if behind proxy. * @@ -373,8 +359,6 @@ public function authentication_page( $user ) { * Send the email code if missing or requested. Stop the authentication * validation if a new token has been generated and sent. * - * @since 0.2.0 - * * @param WP_User $user WP_User object of the logged-in user. * @return boolean */ @@ -443,8 +427,6 @@ public function user_options( $user ) { /** * Return user meta keys to delete during plugin uninstall. * - * @since 0.10.0 - * * @return array */ public static function uninstall_user_meta_keys() { From 282bde36ea187f38306f20dd5b2807a9899f1bfa Mon Sep 17 00:00:00 2001 From: Brian Date: Mon, 23 Feb 2026 22:22:07 +0100 Subject: [PATCH 7/8] update phpstan version --- phpstan.dist.neon | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpstan.dist.neon b/phpstan.dist.neon index fc02e7c0..36c52652 100644 --- a/phpstan.dist.neon +++ b/phpstan.dist.neon @@ -1,7 +1,7 @@ includes: - vendor/szepeviktor/phpstan-wordpress/extension.neon parameters: - level: 0 + level: 3 paths: - includes - providers From b8d4ad57fd3b502e7243dcf2feafedf1cd38fc05 Mon Sep 17 00:00:00 2001 From: Brian Date: Tue, 24 Feb 2026 19:38:44 +0100 Subject: [PATCH 8/8] revert phpstan update --- phpstan.dist.neon | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpstan.dist.neon b/phpstan.dist.neon index 36c52652..fc02e7c0 100644 --- a/phpstan.dist.neon +++ b/phpstan.dist.neon @@ -1,7 +1,7 @@ includes: - vendor/szepeviktor/phpstan-wordpress/extension.neon parameters: - level: 3 + level: 0 paths: - includes - providers