Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions class-two-factor-core.php
Original file line number Diff line number Diff line change
Expand Up @@ -1022,10 +1022,10 @@ public static function maybe_show_last_login_failure_notice( $user ) {
echo '<div id="login_notice" class="message"><strong>';
printf(
esc_html(
/* translators: 1: number of failed login attempts, 2: time since last failed attempt */
/* translators: 1: number of failed verification code attempts, 2: human-readable time since the last attempt, e.g. "5 minutes" */
_n(
'WARNING: Your account has attempted to login %1$s time without providing a valid two factor token. The last failed login occurred %2$s ago. If this wasn\'t you, you should reset your password.',
'WARNING: Your account has attempted to login %1$s times without providing a valid two factor token. The last failed login occurred %2$s ago. If this wasn\'t you, you should reset your password.',
'%1$s failed verification code attempt on this account. The last attempt was %2$s ago. If you did not make this attempt, review your account security after logging in.',
'%1$s failed verification code attempts on this account. The last attempt was %2$s ago. If you did not make these attempts, review your account security after logging in.',
$failed_login_count,
'two-factor'
)
Expand Down
26 changes: 23 additions & 3 deletions tests/class-two-factor-core.php
Original file line number Diff line number Diff line change
Expand Up @@ -797,8 +797,7 @@ public function test_maybe_show_last_login_failure_notice() {

$this->assertNotEmpty( $contents );
$this->assertStringNotContainsString( '1 times', $contents );
$this->assertStringContainsString( 'attempted to login', $contents );
$this->assertStringContainsString( 'without providing a valid two factor token', $contents );
$this->assertStringContainsString( 'failed verification code attempt', $contents );

// 5 failed login attempts 5 hours ago - User should be informed.
$five_hours_ago = time() - 5 * HOUR_IN_SECONDS;
Expand All @@ -809,10 +808,31 @@ public function test_maybe_show_last_login_failure_notice() {
$contents = ob_get_clean();

$this->assertNotEmpty( $contents );
$this->assertStringContainsString( '5 times', $contents );
$this->assertStringContainsString( 'failed verification code attempts', $contents );
$this->assertStringContainsString( human_time_diff( $five_hours_ago ), $contents );
}

/**
* Test that the login failure notice uses calm, informational language.
*
* @covers Two_Factor_Core::maybe_show_last_login_failure_notice()
*/
public function test_login_failure_notice_language_is_calm_and_informational() {
$user = $this->get_dummy_user();
update_user_meta( $user->ID, Two_Factor_Core::USER_FAILED_LOGIN_ATTEMPTS_KEY, 3 );
update_user_meta( $user->ID, Two_Factor_Core::USER_RATE_LIMIT_KEY, time() - 60 );

ob_start();
Two_Factor_Core::maybe_show_last_login_failure_notice( $user );
$contents = ob_get_clean();

$this->assertStringNotContainsString( 'WARNING', $contents );
$this->assertStringNotContainsString( "wasn't you", $contents );
$this->assertStringNotContainsString( 'reset your password', $contents );
$this->assertStringContainsString( 'failed verification code', $contents );
$this->assertStringContainsString( 'review your account security', $contents );
}

/**
* Test no reset notice when no errors.
*
Expand Down
Loading