Migrate U2F keys to WebAuthn

[mcguffin]

This is a proof of concept and a follow-up for #427.

The transformation is happening in includes/WebAuthn/class-webauthn-key-migrator.php. The PHP is mainly gathered together from sjinks/wp-two-factor-provider-webauthn and madwizard-org/webauthn-server.

Apart from reviewing, here's what I think should be the next steps:

• Key migration is currently triggered by the user in the U2F keys admin table. However we could do it automatically, eg. when the user is visiting his/her profile page, like sjinks/wp-two-factor-provider-webauthn does. I'm feeling indecisive about it and I'm looking forward for your feedback and opinions.
• Add an admin message after a key has been migrated.
• Real life testing with actual U2F / YubiKeys
• Unit tests

[bkabbott]

@dd32 Can you please merge this pull request for me? I would really like to be able to use my U2F Keys again.

[dd32]

dd32 Can you please merge this pull request for me?

This isn't my call. I would suggest using a plugin that adds a WebAuthN provider in the meantime: https://wordpress.org/plugins/two-factor-provider-webauthn/
(edit: Worth mentioning; I haven't reviewed that plugin, I know others who use it, I don't know if the future built-in Two Factor WebAuthN support will support it or migrate those registered keys)

[adampl]

are you serious? waiting 2.5+ years for review? :|

[georgestephanis]

I'm closing this out as U2F was just removed from the plugin in #439.

We are evaluating adding webauthn -- and I'm personally eager to see it as well -- in #427 so for anyone interested in this, give that a follow.

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Unlinked Accounts

The following contributors have not linked their GitHub and WordPress.org accounts: @mcguffin, @bkabbott, @adampl.

Contributors, please read how to link your accounts to ensure your work is properly credited in WordPress releases.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Unlinked contributors: mcguffin, bkabbott, adampl.

Co-authored-by: dd32 <dd32@git.wordpress.org>
Co-authored-by: georgestephanis <georgestephanis@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.