Brute Force Protection: Do not log failed attempt logging on password validation failure #41941

dkmyta · 2025-02-21T03:47:35Z

Fixes #
Currently when password validation fails during the Account Protection login password detection flow, we throw a unique error, capture it in the wp_login_failed action and redirect accordingly. Just so happens BFP uses this same hook to log failed attempts and currently logs one every time password validation fails. It would take a significant number of failed validations over a short period of time to trigger a BFP block but it can be done. This PR addresses that possibility and ensures that when our particular error is thrown, we will not log that attempt as failed.

Other information:

Have you written new tests for your changes, if applicable?
Have you checked the E2E test CI results, and verified that your changes do not break them?
Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

https://github.com/Automattic/jetpack-scan-team/issues/1720

Does this pull request change what data or activity we track or use?

No

Testing instructions:

Checkout this branch in JT
Load Protect with Account Protection and Brute Force Protection enabled
Add an error log in Brute_Force_Protection::log_failed_attempt() with the new check this PR adds
Login with a known compromised password and when redirect to the password detection page refer to your error logs to ensure that BFP returns early and bypasses logging the attempt as failed
Ensure no regressions in BFP or Account Protection functionality are introduced

github-actions · 2025-02-21T03:48:49Z

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

To test on WoA, go to the Plugins menu on a WordPress.com Simple site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin, and enable the update/packages/waf-bfp-no-failed-attempt-logging-on-password-validation-failure branch.

To test on Simple, run the following command on your sandbox:

bin/jetpack-downloader test jetpack update/packages/waf-bfp-no-failed-attempt-logging-on-password-validation-failure

Interested in more tips and information?

In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
Read more about our development workflow here: PCYsg-eg0-p2
Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

github-actions · 2025-02-21T03:48:51Z

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

✅ Include a description of your PR changes.
✅ Add a "[Status]" label (In Progress, Needs Team Review, ...).
🔴 Add a "[Type]" label (Bug, Enhancement, Janitorial, Task).
✅ Add testing instructions.
✅ Specify whether this PR includes any changes to data or privacy.
✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.

Follow this PR Review Process:

Ensure all required checks appearing at the bottom of this PR are passing.
Choose a review path based on your changes:
- A. Team Review: add the "[Status] Needs Team Review" label
  - For most changes, including minor cross-team impacts.
  - Example: Updating a team-specific component or a small change to a shared library.
- B. Crew Review: add the "[Status] Needs Review" label
  - For significant changes to core functionality.
  - Example: Major updates to a shared library or complex features.
- C. Both: Start with Team, then request Crew
  - For complex changes or when you need extra confidence.
  - Example: Refactor affecting multiple systems.
Get at least one approval before merging.

Still unsure? Reach out in #jetpack-developers for guidance!

jp-launch-control · 2025-02-21T03:59:35Z

Code Coverage Summary

No summary data is avilable for parent commit d32f169, cannot calculate coverage changes. 😴

If that commit is a feature branch rather than a trunk commit, this is expected. Otherwise, this should be updated once coverage for d32f169 is available.

Full summary · PHP report · JS report

projects/packages/waf/src/class-brute-force-protection.php

nateweller

👍 👍 👍

… validation failure (#41941) * Do not log failed attempts of validation failure * changelog * Minor adjustments to PHPdoc comments --------- Co-authored-by: Nate Weller <[email protected]>

@Package

* Add account protection package * Initialize project branch * Update lock files * Fix versions * Update phan baseline * Jetpack: Add Account Protection security settings (#40938) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Update changelog * Make account protection class init static * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update @Package * Enable module by default * Protect: Add Account Protection settings (#40942) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Update @Package * Enable module by default * Enable module by default * Update projects/plugins/protect/src/js/data/account-protection/use-account-protection-mutation.ts Co-authored-by: Kolja Zuelsdorf <[email protected]> * Update lock files --------- Co-authored-by: Kolja Zuelsdorf <[email protected]> * Account Protection: Add password detection flow (#41105) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @Package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Update projects/plugins/protect/src/js/data/account-protection/use-account-protection-mutation.ts Co-authored-by: Kolja Zuelsdorf <[email protected]> * Update lock files --------- Co-authored-by: Kolja Zuelsdorf <[email protected]> * Account Protection: Remove strict mode (#41316) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @Package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Account Protection: Update password detection flow (#41365) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @Package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Fix phan errors * Revert prior change * Send auth code via wpcom only * Update method name * Account Protection: Add tests for newly added code (#41463) * Created new branch with cherrypicked changes from tests because something to screwed up with the base branch. * Added tests for email service. * Added tests for account protection module class. * Added tests for password detection class. * Added changelog entry. * Fix PHP 8 consistency issue in test. * Fixed phan issues. * Jetpack: Update Account Protection copy (#41404) * Update description copy * Update copy * Protect: Update Account Protection copy (#41402) * Update copy as per design input * Fix typo * Remove learn more copy to maintain consistency with Jetpack * Update copy * Optimize css * Add wordbless dep, update consumer lock files * Allow core installer * Update lock files * Account Protection: Fix invalid auth early return (#41652) * Remove early return after auth code validation to render error * Fix tests * Improve tests * Reapply return type and type hints * Fix spacing * Reset to base (#41691) * Account Protection: Restore JetpackTestEnvironment (#41736) * Restore JetpackTestEnvironment * Update lock files * Account Protection: Add password validation (#41401) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @Package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Fix tests * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Protect: Fix Account Protection initial toggle state on activation (#41699) * Invalidate account protection query on connection * Ensure account protection query exists before invalidating * Fix BFP recovery process conflict (#41739) * Account Protection: Add custom password strength meter (#41485) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @Package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Add foundation for the custom password strength meter * Fix tests * Add ajax request for password validation * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Updates and improvements * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Add password validation status handling and hook up ajax callback * Update variables names * Add loading state * Remove todos * Add nonce to ajax request * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Improve logic * Improvements and reorg * Add info popovers * Add core req to initial validation state * Generalize core info popover message * Fix core strength meter status * Remove testing code * Ensure save enabled when appropriate * Update todos * Center validation items * Fix tests * Save alt approach * Fix styling, centralize core references * Reorg * Use global pagenow for context, restrict user specific check to profile updates * Compartmentalize generating and appending validation meter and status initial states * Optimization and reorg improvements * Remove todos * Remove unneeded comments * Ensure info popover fits in all form views * Fix test * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Fix bindEvents * Correct colors * Add aria-live attr to strength-meter * Remove core input mods and use custom selectors to apply strength meter margins * Update core validation item message, and display only on failure * Add clarifying comment * Remove unnecessary user->ID check, and redundant method * Improve the display of error notices on the password detection screen (#41692) * Account Protection: Improve auth success flow (#41727) * Account Protection: clean up changelogs (#41833) * Update projects/plugins/jetpack/modules/account-protection.php Co-authored-by: Nate Weller <[email protected]> * Update projects/packages/account-protection/src/class-password-manager.php Co-authored-by: Nate Weller <[email protected]> * Update projects/plugins/jetpack/modules/account-protection.php * Account Protection: Add Settings Class (#41829) * Protect: use object for account protection settings, add isEnabled and isSupported * Add test for Settings class * Minor clean up * Account Protection: Disable setting in Protect in unsupported environments (#41830) * Protect: use object for account protection settings, add isEnabled and isSupported * Protect: disable account protection toggle when not supported in current env * Adjust implementation * Remove custom class name for disabled case * Fix tests * Fix error * Align copy --------- Co-authored-by: dkmyta <[email protected]> Co-authored-by: dkmyta <[email protected]> * Account Protection: Disable setting in Jetpack in unsupported environments (#41831) * Protect: use object for account protection settings, add isEnabled and isSupported * Jetpack: disable account protection toggle and show notice when in unsupported env * Use SimpleNotice and adjust position * Refactor --------- Co-authored-by: dkmyta <[email protected]> * Adjust account protection settings UI in Jetpack (#41832) * Protect: use object for account protection settings, add isEnabled and isSupported * Jetpack: disable account protection toggle and show notice when in unsupported env * Use SimpleNotice and adjust position * Refactor * Adjust account protection settings UI in Jetpack --------- Co-authored-by: dkmyta <[email protected]> * Protect: Fix unsupported environment notice display while toggling (#41875) * Add optimistic update revert, remove async from sync function (#41878) * Jetpack E2E: add account protection tests (#41835) * Account Protection: Fix interim-login handling (#41924) * Close modal after auth success * Simplify * Improve render_content logic * Fix phan errors * Simplify body class logic and remove ABSPATH check * Account Protection: Improve strength meter implementation (#41802) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @Package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Add foundation for the custom password strength meter * Fix tests * Add ajax request for password validation * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Updates and improvements * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Add password validation status handling and hook up ajax callback * Update variables names * Add loading state * Remove todos * Add nonce to ajax request * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Improve logic * Improvements and reorg * Add info popovers * Add core req to initial validation state * Generalize core info popover message * Fix core strength meter status * Remove testing code * Ensure save enabled when appropriate * Update todos * Center validation items * Fix tests * Save alt approach * Fix styling, centralize core references * Reorg * Use global pagenow for context, restrict user specific check to profile updates * Compartmentalize generating and appending validation meter and status initial states * Optimization and reorg improvements * Remove todos * Remove unneeded comments * Ensure info popover fits in all form views * Fix test * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Fix bindEvents * Correct colors * Add aria-live attr to strength-meter * Remove core input mods and use custom selectors to apply strength meter margins * Update core validation item message, and display only on failure * Add clarifying comment * Remove unnecessary user->ID check, and redundant method * Only render validating state if not already validating * Debounce input event listener to limit number of requests * Ensure hidden checklist items get re-hidden when validating * Optimize icon svgs * Improve text centering * Change actions to filters (#41914) * Protect: Add Account Protection feature to pricing table (#41929) * Add Account Protection to pricing table * changelog * Brute Force Protection: Do not log failed attempt logging on password validation failure (#41941) * Do not log failed attempts of validation failure * changelog * Minor adjustments to PHPdoc comments --------- Co-authored-by: Nate Weller <[email protected]> * Account Protection: Update support links (#41950) * Update to support links * Fix link concat * Fix typo * Ensure all links open new window * Fix typo * Protect: Disable Account Protection when unsupported Jetpack version detected (#41956) * Update to support links * Fix link concat * Fix typo * Ensure all links open new window * Disable feature in Protect if unsupported Jetpack version is found * Fix phan errors * Update checks to Jetpack 14.5 * Merge custom errors with core error on form submission (#41938) * Account Protection: Update auth code email handling (#41801) * Improve the display of error notices on the password detection screen * Improve success flow, add success notices * Fix phan errors * Fix tests * Fix notice responsiveness * Use API errors and error object for setting error transients * Use correct transient prefix constant * Improve rate limiting * Enforce request limit per token * Update account recovery message * Fix constant * General constants * Remove unneeded comments * Update email request limit message * Show recovery message on email_send_error also * Fix phan errors * Update recovery message to recommend a password reset * Fix typo * Remove unrelated changes * Fix expected transient prefix in tests --------- Co-authored-by: Nate Weller <[email protected]> * Improve Validation_Service test coverage * Fix phan errors * Add Password_Detection tests * Satisfy PHP code sniffer * Update function access types * Fix method access * Update file names * Update method access for tests * Remove unneeded assets --------- Co-authored-by: Kolja Zuelsdorf <[email protected]> Co-authored-by: Nate Weller <[email protected]> Co-authored-by: Nate Weller <[email protected]>

* Initialize project branch * Update lock files * Jetpack: Add Account Protection security settings (#40938) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Update changelog * Make account protection class init static * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update @package * Enable module by default * Protect: Add Account Protection settings (#40942) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Update @package * Enable module by default * Enable module by default * Update projects/plugins/protect/src/js/data/account-protection/use-account-protection-mutation.ts Co-authored-by: Kolja Zuelsdorf <[email protected]> * Update lock files --------- Co-authored-by: Kolja Zuelsdorf <[email protected]> * Account Protection: Add password detection flow (#41105) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Update projects/plugins/protect/src/js/data/account-protection/use-account-protection-mutation.ts Co-authored-by: Kolja Zuelsdorf <[email protected]> * Update lock files --------- Co-authored-by: Kolja Zuelsdorf <[email protected]> * Account Protection: Remove strict mode (#41316) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Account Protection: Update password detection flow (#41365) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Fix phan errors * Revert prior change * Send auth code via wpcom only * Update method name * Account Protection: Add tests for newly added code (#41463) * Created new branch with cherrypicked changes from tests because something to screwed up with the base branch. * Added tests for email service. * Added tests for account protection module class. * Added tests for password detection class. * Added changelog entry. * Fix PHP 8 consistency issue in test. * Fixed phan issues. * Jetpack: Update Account Protection copy (#41404) * Update description copy * Update copy * Protect: Update Account Protection copy (#41402) * Update copy as per design input * Fix typo * Remove learn more copy to maintain consistency with Jetpack * Update copy * Optimize css * Add wordbless dep, update consumer lock files * Allow core installer * Update lock files * Account Protection: Fix invalid auth early return (#41652) * Remove early return after auth code validation to render error * Fix tests * Improve tests * Reapply return type and type hints * Fix spacing * Reset to base (#41691) * Account Protection: Restore JetpackTestEnvironment (#41736) * Restore JetpackTestEnvironment * Update lock files * Account Protection: Add password validation (#41401) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Fix tests * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Protect: Fix Account Protection initial toggle state on activation (#41699) * Invalidate account protection query on connection * Ensure account protection query exists before invalidating * Fix BFP recovery process conflict (#41739) * Account Protection: Add custom password strength meter (#41485) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Add foundation for the custom password strength meter * Fix tests * Add ajax request for password validation * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Updates and improvements * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Add password validation status handling and hook up ajax callback * Update variables names * Add loading state * Remove todos * Add nonce to ajax request * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Improve logic * Improvements and reorg * Add info popovers * Add core req to initial validation state * Generalize core info popover message * Fix core strength meter status * Remove testing code * Ensure save enabled when appropriate * Update todos * Center validation items * Fix tests * Save alt approach * Fix styling, centralize core references * Reorg * Use global pagenow for context, restrict user specific check to profile updates * Compartmentalize generating and appending validation meter and status initial states * Optimization and reorg improvements * Remove todos * Remove unneeded comments * Ensure info popover fits in all form views * Fix test * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Fix bindEvents * Correct colors * Add aria-live attr to strength-meter * Remove core input mods and use custom selectors to apply strength meter margins * Update core validation item message, and display only on failure * Add clarifying comment * Remove unnecessary user->ID check, and redundant method * Improve the display of error notices on the password detection screen (#41692) * Account Protection: Improve auth success flow (#41727) * Account Protection: clean up changelogs (#41833) * Update projects/plugins/jetpack/modules/account-protection.php Co-authored-by: Nate Weller <[email protected]> * Update projects/packages/account-protection/src/class-password-manager.php Co-authored-by: Nate Weller <[email protected]> * Update projects/plugins/jetpack/modules/account-protection.php * Account Protection: Add Settings Class (#41829) * Protect: use object for account protection settings, add isEnabled and isSupported * Add test for Settings class * Minor clean up * Account Protection: Disable setting in Protect in unsupported environments (#41830) * Protect: use object for account protection settings, add isEnabled and isSupported * Protect: disable account protection toggle when not supported in current env * Adjust implementation * Remove custom class name for disabled case * Fix tests * Fix error * Align copy --------- Co-authored-by: dkmyta <[email protected]> Co-authored-by: dkmyta <[email protected]> * Account Protection: Disable setting in Jetpack in unsupported environments (#41831) * Protect: use object for account protection settings, add isEnabled and isSupported * Jetpack: disable account protection toggle and show notice when in unsupported env * Use SimpleNotice and adjust position * Refactor --------- Co-authored-by: dkmyta <[email protected]> * Adjust account protection settings UI in Jetpack (#41832) * Protect: use object for account protection settings, add isEnabled and isSupported * Jetpack: disable account protection toggle and show notice when in unsupported env * Use SimpleNotice and adjust position * Refactor * Adjust account protection settings UI in Jetpack --------- Co-authored-by: dkmyta <[email protected]> * Protect: Fix unsupported environment notice display while toggling (#41875) * Add optimistic update revert, remove async from sync function (#41878) * Jetpack E2E: add account protection tests (#41835) * Account Protection: Fix interim-login handling (#41924) * Close modal after auth success * Simplify * Improve render_content logic * Fix phan errors * Simplify body class logic and remove ABSPATH check * Account Protection: Improve strength meter implementation (#41802) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Add foundation for the custom password strength meter * Fix tests * Add ajax request for password validation * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Updates and improvements * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Add password validation status handling and hook up ajax callback * Update variables names * Add loading state * Remove todos * Add nonce to ajax request * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Improve logic * Improvements and reorg * Add info popovers * Add core req to initial validation state * Generalize core info popover message * Fix core strength meter status * Remove testing code * Ensure save enabled when appropriate * Update todos * Center validation items * Fix tests * Save alt approach * Fix styling, centralize core references * Reorg * Use global pagenow for context, restrict user specific check to profile updates * Compartmentalize generating and appending validation meter and status initial states * Optimization and reorg improvements * Remove todos * Remove unneeded comments * Ensure info popover fits in all form views * Fix test * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Fix bindEvents * Correct colors * Add aria-live attr to strength-meter * Remove core input mods and use custom selectors to apply strength meter margins * Update core validation item message, and display only on failure * Add clarifying comment * Remove unnecessary user->ID check, and redundant method * Only render validating state if not already validating * Debounce input event listener to limit number of requests * Ensure hidden checklist items get re-hidden when validating * Optimize icon svgs * Improve text centering * Change actions to filters (#41914) * Protect: Add Account Protection feature to pricing table (#41929) * Add Account Protection to pricing table * changelog * Brute Force Protection: Do not log failed attempt logging on password validation failure (#41941) * Do not log failed attempts of validation failure * changelog * Minor adjustments to PHPdoc comments --------- Co-authored-by: Nate Weller <[email protected]> * Account Protection: Update support links (#41950) * Update to support links * Fix link concat * Fix typo * Ensure all links open new window * Fix typo * Protect: Disable Account Protection when unsupported Jetpack version detected (#41956) * Update to support links * Fix link concat * Fix typo * Ensure all links open new window * Disable feature in Protect if unsupported Jetpack version is found * Fix phan errors * Update checks to Jetpack 14.5 * Merge custom errors with core error on form submission (#41938) * Account Protection: Update auth code email handling (#41801) * Improve the display of error notices on the password detection screen * Improve success flow, add success notices * Fix phan errors * Fix tests * Fix notice responsiveness * Use API errors and error object for setting error transients * Use correct transient prefix constant * Improve rate limiting * Enforce request limit per token * Update account recovery message * Fix constant * General constants * Remove unneeded comments * Update email request limit message * Show recovery message on email_send_error also * Fix phan errors * Update recovery message to recommend a password reset * Fix typo * Remove unrelated changes * Fix expected transient prefix in tests --------- Co-authored-by: Nate Weller <[email protected]> * Account Protection: disable on WordPress.com Simple sites (#42009) * Add additional E2E tests for account protection (#41882) * Account Protection: Strength Meter reorg and optimization (#42077) * Optimize icon rendering * Fix passwordInput border flicker after empty state * Add todos * Reorg * Improve styling * Remove unused assets --------- Co-authored-by: Nate Weller <[email protected]> * Account Protection: Fix Brute Force Protection recovery bypass (#42010) * Set and validate transient to avoid bypass * Use user ID in validation * Update pnpm-lock.yaml * Update composer.lock * Fix import order * Add post-connection redirect to the start for free setup path (#42192) * Update lock files * Fix test class naming mismatch * Account Protection: Improve test coverage (#42031) * Add account protection package * Initialize project branch * Update lock files * Fix versions * Update phan baseline * Jetpack: Add Account Protection security settings (#40938) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Update changelog * Make account protection class init static * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update @package * Enable module by default * Protect: Add Account Protection settings (#40942) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Update @package * Enable module by default * Enable module by default * Update projects/plugins/protect/src/js/data/account-protection/use-account-protection-mutation.ts Co-authored-by: Kolja Zuelsdorf <[email protected]> * Update lock files --------- Co-authored-by: Kolja Zuelsdorf <[email protected]> * Account Protection: Add password detection flow (#41105) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Update projects/plugins/protect/src/js/data/account-protection/use-account-protection-mutation.ts Co-authored-by: Kolja Zuelsdorf <[email protected]> * Update lock files --------- Co-authored-by: Kolja Zuelsdorf <[email protected]> * Account Protection: Remove strict mode (#41316) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Account Protection: Update password detection flow (#41365) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Fix phan errors * Revert prior change * Send auth code via wpcom only * Update method name * Account Protection: Add tests for newly added code (#41463) * Created new branch with cherrypicked changes from tests because something to screwed up with the base branch. * Added tests for email service. * Added tests for account protection module class. * Added tests for password detection class. * Added changelog entry. * Fix PHP 8 consistency issue in test. * Fixed phan issues. * Jetpack: Update Account Protection copy (#41404) * Update description copy * Update copy * Protect: Update Account Protection copy (#41402) * Update copy as per design input * Fix typo * Remove learn more copy to maintain consistency with Jetpack * Update copy * Optimize css * Add wordbless dep, update consumer lock files * Allow core installer * Update lock files * Account Protection: Fix invalid auth early return (#41652) * Remove early return after auth code validation to render error * Fix tests * Improve tests * Reapply return type and type hints * Fix spacing * Reset to base (#41691) * Account Protection: Restore JetpackTestEnvironment (#41736) * Restore JetpackTestEnvironment * Update lock files * Account Protection: Add password validation (#41401) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Fix tests * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Protect: Fix Account Protection initial toggle state on activation (#41699) * Invalidate account protection query on connection * Ensure account protection query exists before invalidating * Fix BFP recovery process conflict (#41739) * Account Protection: Add custom password strength meter (#41485) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Add foundation for the custom password strength meter * Fix tests * Add ajax request for password validation * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Updates and improvements * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Add password validation status handling and hook up ajax callback * Update variables names * Add loading state * Remove todos * Add nonce to ajax request * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Improve logic * Improvements and reorg * Add info popovers * Add core req to initial validation state * Generalize core info popover message * Fix core strength meter status * Remove testing code * Ensure save enabled when appropriate * Update todos * Center validation items * Fix tests * Save alt approach * Fix styling, centralize core references * Reorg * Use global pagenow for context, restrict user specific check to profile updates * Compartmentalize generating and appending validation meter and status initial states * Optimization and reorg improvements * Remove todos * Remove unneeded comments * Ensure info popover fits in all form views * Fix test * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Fix bindEvents * Correct colors * Add aria-live attr to strength-meter * Remove core input mods and use custom selectors to apply strength meter margins * Update core validation item message, and display only on failure * Add clarifying comment * Remove unnecessary user->ID check, and redundant method * Improve the display of error notices on the password detection screen (#41692) * Account Protection: Improve auth success flow (#41727) * Account Protection: clean up changelogs (#41833) * Update projects/plugins/jetpack/modules/account-protection.php Co-authored-by: Nate Weller <[email protected]> * Update projects/packages/account-protection/src/class-password-manager.php Co-authored-by: Nate Weller <[email protected]> * Update projects/plugins/jetpack/modules/account-protection.php * Account Protection: Add Settings Class (#41829) * Protect: use object for account protection settings, add isEnabled and isSupported * Add test for Settings class * Minor clean up * Account Protection: Disable setting in Protect in unsupported environments (#41830) * Protect: use object for account protection settings, add isEnabled and isSupported * Protect: disable account protection toggle when not supported in current env * Adjust implementation * Remove custom class name for disabled case * Fix tests * Fix error * Align copy --------- Co-authored-by: dkmyta <[email protected]> Co-authored-by: dkmyta <[email protected]> * Account Protection: Disable setting in Jetpack in unsupported environments (#41831) * Protect: use object for account protection settings, add isEnabled and isSupported * Jetpack: disable account protection toggle and show notice when in unsupported env * Use SimpleNotice and adjust position * Refactor --------- Co-authored-by: dkmyta <[email protected]> * Adjust account protection settings UI in Jetpack (#41832) * Protect: use object for account protection settings, add isEnabled and isSupported * Jetpack: disable account protection toggle and show notice when in unsupported env * Use SimpleNotice and adjust position * Refactor * Adjust account protection settings UI in Jetpack --------- Co-authored-by: dkmyta <[email protected]> * Protect: Fix unsupported environment notice display while toggling (#41875) * Add optimistic update revert, remove async from sync function (#41878) * Jetpack E2E: add account protection tests (#41835) * Account Protection: Fix interim-login handling (#41924) * Close modal after auth success * Simplify * Improve render_content logic * Fix phan errors * Simplify body class logic and remove ABSPATH check * Account Protection: Improve strength meter implementation (#41802) * Add Account Protection toggle to Jetpack security settings * Import package and run activation/deactivation on module toggle * changelog * Add Protect Settings page and hook up Account Protection toggle * changelog * Update changelog * Register modules on plugin activation * Ensure package is initialized on plugin activation * Make account protection class init static * Add auth hooks, redirect and a custom login action template * Reorg, add Password_Detection class * Remove user cxn req and banner * Do not enabled module by default * Add strict mode option and settings toggle * changelog * Add strict mode toggle * Add strict mode toggle and endpoints * Reorg and add kill switch and is supported check * Add testing infrastructure * Add email handlings, resend AJAX action, and attempt limitations * Add nonces, checks and template error handling * Use method over template to avoid lint errors * Improve render_password_detection_template, update SVG file ext * Remove template file and include * Prep for validation endpoints * Update classes to be dynamic * Add constructors * Reorg user meta methods * Add type declarations and hinting * Simplify method naming * Use dynamic classes * Update class dependencies * Fix copy * Revert unrelated changes * Revert unrelated changes * Fix method calls * Do not activate by default * Fix phan errors * Changelog * Update composer deps * Update lock files, add constructor method * Fix php warning * Update lock file * Changelog * Fix Password_Detection constructor * Changelog * More changelogs * Remove comments * Fix static analysis errors * Remove top level phpunit.xml.dist * Remove never return type * Revert tests dir changes in favour of a dedicated task * Add tests dir * Reapply default test infrastructure * Reorg and rename * Update @package * Use never phpdoc return type as per static analysis error * Enable module by default * Enable module by default * Remove all reference to and functionality of strict mode * Remove unneeded strict mode code, update Protect settings UI * Updates/fixes * Fix import * Update placeholder content * Revert unrelated changes * Remove missed code * Update reset email to two factor auth email * Updates and improvements * Reorg * Optimizations and reorganizations * Hook up email service * Update error handling todos, fix weak password check * Test * Localize text content * Fix lint warnings/errors * Update todos * Add error handling, enforce input restrictions * Move main constants back entry file * Fix package version check * Optimize setting error transient * Add nonce check for resend email action * Fix spacing * Fix resend nonce handling * Email service fixes * Fixes, improvements to doc consistency * Add remaining password validation * Update weak password check returns * Fix phan errors * Revert prior change * Fix meta key * Add process for add/updating recent pass list * Send auth code via wpcom only * Update method name * Optimize validation * Fix key, remove testing code * Fix docs * Add foundation for the custom password strength meter * Fix tests * Add ajax request for password validation * Improve matches user data logic * Remove password reset nonce verification code * Updates and fixes * Updates and improvements * Include tests for new validation methods * Include tests for new validation methods * Add password manager class tests * Add password validation status handling and hook up ajax callback * Update variables names * Add loading state * Remove todos * Add nonce to ajax request * Remove custom nonce, add core create-user nonce check * Remove todos - always run server side validation * Update constant naming * Translate error message * Ensure styles are enqueued when viewing the password detection page * Use global page now and action check to enqueue styles * Skip recent password checks during create user action * Additional skips, and comment clarification * Revert skips of user specific reset form validation, hook provides access to this * Revert unintended additions * Return early if update is irrelevant * Only verify nonce if pass is set * Skip validation if bypass enabled * Improve logic * Improvements and reorg * Add info popovers * Add core req to initial validation state * Generalize core info popover message * Fix core strength meter status * Remove testing code * Ensure save enabled when appropriate * Update todos * Center validation items * Fix tests * Save alt approach * Fix styling, centralize core references * Reorg * Use global pagenow for context, restrict user specific check to profile updates * Compartmentalize generating and appending validation meter and status initial states * Optimization and reorg improvements * Remove todos * Remove unneeded comments * Ensure info popover fits in all form views * Fix test * Fix test * Update methods, removes nonce checks, fix tests * Fix test * Remove comment * Fix bindEvents * Correct colors * Add aria-live attr to strength-meter * Remove core input mods and use custom selectors to apply strength meter margins * Update core validation item message, and display only on failure * Add clarifying comment * Remove unnecessary user->ID check, and redundant method * Only render validating state if not already validating * Debounce input event listener to limit number of requests * Ensure hidden checklist items get re-hidden when validating * Optimize icon svgs * Improve text centering * Change actions to filters (#41914) * Protect: Add Account Protection feature to pricing table (#41929) * Add Account Protection to pricing table * changelog * Brute Force Protection: Do not log failed attempt logging on password validation failure (#41941) * Do not log failed attempts of validation failure * changelog * Minor adjustments to PHPdoc comments --------- Co-authored-by: Nate Weller <[email protected]> * Account Protection: Update support links (#41950) * Update to support links * Fix link concat * Fix typo * Ensure all links open new window * Fix typo * Protect: Disable Account Protection when unsupported Jetpack version detected (#41956) * Update to support links * Fix link concat * Fix typo * Ensure all links open new window * Disable feature in Protect if unsupported Jetpack version is found * Fix phan errors * Update checks to Jetpack 14.5 * Merge custom errors with core error on form submission (#41938) * Account Protection: Update auth code email handling (#41801) * Improve the display of error notices on the password detection screen * Improve success flow, add success notices * Fix phan errors * Fix tests * Fix notice responsiveness * Use API errors and error object for setting error transients * Use correct transient prefix constant * Improve rate limiting * Enforce request limit per token * Update account recovery message * Fix constant * General constants * Remove unneeded comments * Update email request limit message * Show recovery message on email_send_error also * Fix phan errors * Update recovery message to recommend a password reset * Fix typo * Remove unrelated changes * Fix expected transient prefix in tests --------- Co-authored-by: Nate Weller <[email protected]> * Improve Validation_Service test coverage * Fix phan errors * Add Password_Detection tests * Satisfy PHP code sniffer * Update function access types * Fix method access * Update file names * Update method access for tests * Remove unneeded assets --------- Co-authored-by: Kolja Zuelsdorf <[email protected]> Co-authored-by: Nate Weller <[email protected]> Co-authored-by: Nate Weller <[email protected]> * Account Protection: Minor enhancements (#42559) * Fix messaging and use ExternalLink where appropriate * Fix ExternalLink component import * Use getRedirectUrl * Fix import * Optimizations * Fix PHPUnit error * Update PHPunit 11 config * Fix config * Fix test * Account Protection: Address security review items (#41960) * Improve method naming * Do not sanitize_text_field before password validation * Fix static analysis error * Fix tests * Update module first introduced version * Fix test method name * Account Protection: Improve hook registration organization (#42520) * Improve hook reg organization * Remove unneeded changes * Use config for package init, introduce singleton approach to limit instantiations * changelog * Use constants package * Fix tests, ensure config includes account_protection in Jetpack * Adjust approach * Fix version constants path * Fix docs * Use default class name * Update lock files * changelog * Remaining lock file updates * changelog * Add static flag to only reg hooks if necessary * Fix tests * Changelogs and lock file updates * Improve Config class constant naming * Account Protection: Add user requires protection filter (#42657) * Improve hook reg organization * Remove unneeded changes * Use config for package init, introduce singleton approach to limit instantiations * changelog * Use constants package * Fix tests, ensure config includes account_protection in Jetpack * Adjust approach * Fix version constants path * Fix docs * Use default class name * Update lock files * changelog * Remaining lock file updates * changelog * Add static flag to only reg hooks if necessary * Fix tests * Changelogs and lock file updates * Add user requires protection filter * Changelog * Update constants * Add filter PHPDocs and fix filter string * Account Protection: Use jetpack-logo package (#42553) * Use logo package * Fix logo rendering * Update lock files * Fix PHP compatibility * Remove unrelated changes * Make CSS use specific * Improve readability * Changelogs and lock file updates * Fix lock files * Update projects/packages/account-protection/src/class-password-strength-meter.php Co-authored-by: Nate Weller <nate.weller@automattic…

dkmyta added 2 commits February 20, 2025 19:36

Do not log failed attempts of validation failure

c4d951b

changelog

2274a49

dkmyta self-assigned this Feb 21, 2025

dkmyta changed the base branch from trunk to add/account-protection February 21, 2025 03:47

dkmyta marked this pull request as ready for review February 21, 2025 03:48

github-actions bot added [Package] WAF [Status] In Progress labels Feb 21, 2025

github-actions bot added the [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. label Feb 21, 2025

nateweller reviewed Feb 22, 2025

View reviewed changes

projects/packages/waf/src/class-brute-force-protection.php Outdated Show resolved Hide resolved

Minor adjustments to PHPdoc comments

89bd875

nateweller approved these changes Feb 22, 2025

View reviewed changes

dkmyta merged commit de39f81 into add/account-protection Feb 24, 2025
58 of 59 checks passed

dkmyta deleted the update/packages/waf-bfp-no-failed-attempt-logging-on-password-validation-failure branch February 24, 2025 18:32

dkmyta mentioned this pull request Feb 24, 2025

Jetpack: Account Protection #40925

Merged

3 tasks

github-actions bot removed [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. [Status] In Progress labels Feb 24, 2025

jeherve added the [Type] Enhancement Changes to an existing feature — removing, adding, or changing parts of it label Mar 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Brute Force Protection: Do not log failed attempt logging on password validation failure #41941

Brute Force Protection: Do not log failed attempt logging on password validation failure #41941

Uh oh!

dkmyta commented Feb 21, 2025

Uh oh!

github-actions bot commented Feb 21, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Feb 21, 2025 •

edited

Loading

Uh oh!

jp-launch-control bot commented Feb 21, 2025 •

edited

Loading

Uh oh!

Uh oh!

nateweller left a comment

Uh oh!

Uh oh!

Uh oh!

Brute Force Protection: Do not log failed attempt logging on password validation failure #41941

Brute Force Protection: Do not log failed attempt logging on password validation failure #41941

Uh oh!

Conversation

dkmyta commented Feb 21, 2025

Other information:

Jetpack product discussion

Does this pull request change what data or activity we track or use?

Testing instructions:

Uh oh!

github-actions bot commented Feb 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Feb 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

jp-launch-control bot commented Feb 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Code Coverage Summary

Uh oh!

Uh oh!

nateweller left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Feb 21, 2025 •

edited

Loading

github-actions bot commented Feb 21, 2025 •

edited

Loading

jp-launch-control bot commented Feb 21, 2025 •

edited

Loading