From 266793150ee290689aeccf9a715de3bb2915008c Mon Sep 17 00:00:00 2001
From: Dion Hulse <dion@wordpress.org>
Date: Tue, 1 Oct 2024 16:38:43 +1000
Subject: [PATCH 1/2] Plugin & Theme authors are now required to have 2FA
 enabled.

See https://make.wordpress.org/plugins/2024/09/04/upcoming-security-changes-for-plugin-and-theme-authors-on-wordpress-org/
---
 wporg-two-factor.php | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/wporg-two-factor.php b/wporg-two-factor.php
index d6079557..afaf6cdd 100644
--- a/wporg-two-factor.php
+++ b/wporg-two-factor.php
@@ -226,16 +226,6 @@ function user_requires_2fa( $user ) : bool {
 		return false;
 	}
 
-	// @codeCoverageIgnoreStart
-	if ( ! array_key_exists( 'phpunit_version', $GLOBALS ) ) {
-		// 2FA is opt-in during beta testing.
-		// todo Remove this once we open it to all users.
-		if ( ! is_2fa_beta_tester( $user ) ) {
-			return false;
-		}
-	}
-	// @codeCoverageIgnoreEnd
-
 	$required = false;
 
 	if ( is_special_user( $user->ID ) ) {
@@ -246,6 +236,18 @@ function user_requires_2fa( $user ) : bool {
 		$required = true;
 	}
 
+	// If a user ... they have to have 2FA enabled.
+	if (
+		// Is (or was) a plugin committer
+		$user->has_plugins ||
+		// Has (or had) a live theme
+		$user->has_themes /* ||
+		// Has (or had) an elevated role on a site (WordPress.org, BuddyPress.org, bbPress.org, WordCamp.org)
+		$user->has_elevated_role */
+	) {
+		return true;
+	}
+	
 	return $required;
 }
 

From 0ee524865bed6b7be453080e1b3539156305d7b2 Mon Sep 17 00:00:00 2001
From: Dion Hulse <dion@wordpress.org>
Date: Wed, 2 Oct 2024 11:58:30 +1000
Subject: [PATCH 2/2] Remove the elevated_role meta check.

---
 wporg-two-factor.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/wporg-two-factor.php b/wporg-two-factor.php
index afaf6cdd..2eec5920 100644
--- a/wporg-two-factor.php
+++ b/wporg-two-factor.php
@@ -241,9 +241,7 @@ function user_requires_2fa( $user ) : bool {
 		// Is (or was) a plugin committer
 		$user->has_plugins ||
 		// Has (or had) a live theme
-		$user->has_themes /* ||
-		// Has (or had) an elevated role on a site (WordPress.org, BuddyPress.org, bbPress.org, WordCamp.org)
-		$user->has_elevated_role */
+		$user->has_themes
 	) {
 		return true;
 	}