Disable U2F Interface unless already configured.

class-two-factor-core.php

@@ -1716,6 +1716,13 @@ public static function user_two_factor_options( $user ) {
 			$show_2fa_options ? '' : 'disabled="disabled"',
 		);
 
+		$providers = self::get_providers();
+
+		// Disable U2F unless already configured.
+		if ( isset( $providers['Two_Factor_FIDO_U2F'] ) && ! $providers['Two_Factor_FIDO_U2F']->is_available_for_user( $user ) && apply_filters( 'two_factor_u2f_disabled', true ) ) {
+			unset( $providers['Two_Factor_FIDO_U2F'] );
+		}
+
 		wp_nonce_field( 'user_two_factor_options', '_nonce_user_two_factor_options', false );
 		?>
 		<input type="hidden" name="<?php echo esc_attr( self::ENABLED_PROVIDERS_USER_META_KEY ); ?>[]" value="<?php /* Dummy input so $_POST value is passed when no providers are enabled. */ ?>" />
@@ -1734,7 +1741,7 @@ public static function user_two_factor_options( $user ) {
 							</tr>
 						</thead>
 						<tbody>
-						<?php foreach ( self::get_providers() as $provider_key => $object ) : ?>
+						<?php foreach ( $providers as $provider_key => $object ) : ?>
 							<tr>
 								<th scope="row"><input id="enabled-<?php echo esc_attr( $provider_key ); ?>" type="checkbox" name="<?php echo esc_attr( self::ENABLED_PROVIDERS_USER_META_KEY ); ?>[]" value="<?php echo esc_attr( $provider_key ); ?>" <?php checked( in_array( $provider_key, $enabled_providers, true ) ); ?> /></th>
 								<th scope="row"><input type="radio" name="<?php echo esc_attr( self::PROVIDER_USER_META_KEY ); ?>" value="<?php echo esc_attr( $provider_key ); ?>" <?php checked( $provider_key, $primary_provider_key ); ?> /></th>

providers/class-two-factor-fido-u2f-admin.php

@@ -61,6 +61,11 @@ public static function enqueue_assets( $hook ) {
 
 		$security_keys = Two_Factor_FIDO_U2F::get_security_keys( $user_id );
 
+		// Disabled interface if there's no keys.
+		if ( ! $security_keys && apply_filters( 'two_factor_u2f_disabled', true ) ) {
+			return;
+		}
+
 		// @todo Ensure that scripts don't fail because of missing u2fL10n.
 		try {
 			$data              = Two_Factor_FIDO_U2F::$u2f->getRegisterData( $security_keys );
@@ -164,6 +169,11 @@ protected static function asset_version() {
 	 * @param WP_User $user WP_User object of the logged-in user.
 	 */
 	public static function show_user_profile( $user ) {
+		// Don't display if the user cannot configure it.
+		if ( ! Two_Factor_FIDO_U2F::get_instance()->is_available_for_user( $user ) && apply_filters( 'two_factor_u2f_disabled', true ) ) {
+			return;
+		}
+
 		wp_nonce_field( "user_security_keys-{$user->ID}", '_nonce_user_security_keys' );
 		$new_key = false;
 

readme.txt

@@ -1,20 +1,19 @@
 === Two-Factor ===
 Contributors:      georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd, alihusnainarshad, passoniate
-Tags:              two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey
+Tags:              two factor, two step, authentication, login, totp email, backup codes, 2fa, yubikey
 Requires at least: 4.3
 Tested up to:      6.2
 Requires PHP:      5.6
 Stable tag:        0.8.1
 
-Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.
+Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), email and backup verification codes.
 
 == Description ==
 
 Use the "Two-Factor Options" section under "Users" → "Your Profile" to enable and configure one or multiple two-factor authentication providers for your account:
 
 - Email codes
 - Time Based One-Time Passwords (TOTP)
-- FIDO Universal 2nd Factor (U2F)
 - Backup Codes
 - Dummy Method (only for testing purposes)