diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 7c0ad9a0..df6e566c 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1022,10 +1022,10 @@ public static function maybe_show_last_login_failure_notice( $user ) { echo '
'; printf( esc_html( - /* translators: 1: number of failed login attempts, 2: time since last failed attempt */ + /* translators: 1: number of failed verification code attempts, 2: human-readable time since the last attempt, e.g. "5 minutes" */ _n( - 'WARNING: Your account has attempted to login %1$s time without providing a valid two factor token. The last failed login occurred %2$s ago. If this wasn\'t you, you should reset your password.', - 'WARNING: Your account has attempted to login %1$s times without providing a valid two factor token. The last failed login occurred %2$s ago. If this wasn\'t you, you should reset your password.', + '%1$s failed verification code attempt on this account. The last attempt was %2$s ago. If you did not make this attempt, review your account security after logging in.', + '%1$s failed verification code attempts on this account. The last attempt was %2$s ago. If you did not make these attempts, review your account security after logging in.', $failed_login_count, 'two-factor' ) diff --git a/tests/class-two-factor-core.php b/tests/class-two-factor-core.php index 38052106..e1a44f98 100644 --- a/tests/class-two-factor-core.php +++ b/tests/class-two-factor-core.php @@ -797,8 +797,7 @@ public function test_maybe_show_last_login_failure_notice() { $this->assertNotEmpty( $contents ); $this->assertStringNotContainsString( '1 times', $contents ); - $this->assertStringContainsString( 'attempted to login', $contents ); - $this->assertStringContainsString( 'without providing a valid two factor token', $contents ); + $this->assertStringContainsString( 'failed verification code attempt', $contents ); // 5 failed login attempts 5 hours ago - User should be informed. $five_hours_ago = time() - 5 * HOUR_IN_SECONDS; @@ -809,10 +808,31 @@ public function test_maybe_show_last_login_failure_notice() { $contents = ob_get_clean(); $this->assertNotEmpty( $contents ); - $this->assertStringContainsString( '5 times', $contents ); + $this->assertStringContainsString( 'failed verification code attempts', $contents ); $this->assertStringContainsString( human_time_diff( $five_hours_ago ), $contents ); } + /** + * Test that the login failure notice uses calm, informational language. + * + * @covers Two_Factor_Core::maybe_show_last_login_failure_notice() + */ + public function test_login_failure_notice_language_is_calm_and_informational() { + $user = $this->get_dummy_user(); + update_user_meta( $user->ID, Two_Factor_Core::USER_FAILED_LOGIN_ATTEMPTS_KEY, 3 ); + update_user_meta( $user->ID, Two_Factor_Core::USER_RATE_LIMIT_KEY, time() - 60 ); + + ob_start(); + Two_Factor_Core::maybe_show_last_login_failure_notice( $user ); + $contents = ob_get_clean(); + + $this->assertStringNotContainsString( 'WARNING', $contents ); + $this->assertStringNotContainsString( "wasn't you", $contents ); + $this->assertStringNotContainsString( 'reset your password', $contents ); + $this->assertStringContainsString( 'failed verification code', $contents ); + $this->assertStringContainsString( 'review your account security', $contents ); + } + /** * Test no reset notice when no errors. *