Delete user meta on plugin uninstall

[kasparsd]

What?

Fixes #630.

Why?

Delete all used user meta keys and options during plugin uninstall as expected.

How?

1. Register an uninstall hook for the plugin.

2. During uninstall, collect all meta keys and options used by two-factor providers through a known class helper. Delete them by looping through each user (a performance concern on larger sites).

Consider using a direct database query to purge the user meta by keys to avoid looping through every user on larger sites.

Testing Instructions

1. Setup the plugin with a few users and two-factor methods enabled for several users.
2. Uninstall the plugin (in addition to deactivating).
3. Activate the plugin again and confirm that no settings for providers have been preserved.

Screenshots or screencast

Changelog Entry

Added: register an uninstall hook for the plugin to delete all user meta data when the plugin is completely uninstalled.

[kasparsd]

Introducing dedicated methods for retrieving:

1. all registered two-factor providers and their files.
2. all registered two-factor providers and their classes without instantiating them (re-used by uninstall logic).
3. all enabled providers (a subset of registered) and their classes instantiated (used as before).

[kasparsd]

This is now much shorter as it can now get the class names for all enabled providers from the helpers.

[kasparsd]

These are the two methods that providers can report their user meta key usage.

[dd32]

General direction WFM.

See comment on the related ticket about deleting meta values by mid instead for performance.

[kasparsd]

WP core uses this for deleting all post meta delete_post_meta_by_key() by key so we can re-use it as well.

[kasparsd]

It is fun to test this locally -- it purges the whole plugin directory along with all git history. I even tried to create another symlinked plugin instances hoping that WP would only delete the symlink but it still took everything 😅

[vbondzio]

Hi Folks,

What would be considered sufficient DB cleanup in previous releases, just:

DELETE FROM wp_whatever_usermeta WHERE meta_key LIKE "_two_factor%";

?

This is also applicable for re-installations of the plugin (<0.10.0), for example in the completely hypothetical situation in which you accidentally reset your auth device without backing up the secrets and realize that your rarely opened 2FA recovery password manager DB had a racy sync at some point in the past. So if the only way in is deleting the plugin dir manually, then removing and re-installing, it would leave you in a spot in which you couldn't re-create a new secret (or even reuse the same) as you couldn't revalidate for the existing users. Completely hypothetical of course.

Cheers,

Valentin

[ocean90]

@kasparsd Using the same existing filter seems wrong here. Shouldn't this be a new filter so you only get the additional providers?
Right now the filter is called twice in get_providers(), see

two-factor/class-two-factor-core.php

Lines 264 to 275 in 6a95e7f

	$providers = self::get_providers_registered();
	/**
	* Filter the supplied providers.
	*
	* This lets third-parties either remove providers (such as Email), or
	* add their own providers (such as text message or Clef).
	*
	* @param array $providers A key-value array where the key is the class name, and
	* the value is the path to the file containing the class.
	*/
	$providers = apply_filters( 'two_factor_providers', $providers );

.

[ocean90]

@kasparsd This still seems wrong to me and is now released. Why running the filter twice?

[kasparsd]

@ocean90 Sorry for missing your comment here. I'll create a patch to address this.

[kasparsd]

Here is a pull request that removes the duplicate #651.