Changeset 6759
- Timestamp:
- 02/26/2018 07:06:12 AM (7 years ago)
- Location:
- sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/providers/class-wporg-two-factor-backup-codes.php
r6735 r6759 18 18 } 19 19 20 public function validate_authentication( $user, $code = '' ) { 21 return $this->validate_code( $user, $code ); 22 } 23 20 24 } -
sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/providers/class-wporg-two-factor-email.php
r6735 r6759 16 16 } 17 17 return $instance; 18 } 19 20 public function validate_authentication( $user, $code = '' ) { 21 if ( ! isset( $user->ID ) || ! $code ) { 22 return false; 23 } 24 25 return $this->validate_token( $user->ID, $code ); 18 26 } 19 27 -
sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/providers/class-wporg-two-factor-primary.php
r6753 r6759 24 24 return _x( 'Time Based One-Time Password (Google Authenticator, Authy, etc)', 'Provider Label', 'wporg' ); 25 25 } 26 27 public function validate_authentication( $user, $code = '' ) { 28 $key = get_user_meta( $user->ID, self::SECRET_META_KEY, true ); 29 30 if ( ! $code ) { 31 $code = $_REQUEST['authcode']; 32 } 33 34 return $this->is_valid_authcode( $key, $code ); 35 } 26 36 } -
sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/providers/class-wporg-two-factor-secondary.php
r6753 r6759 1 1 <?php 2 2 3 require_once __DIR__ . '/class-wporg-two-factor-backup-codes.php'; 4 5 class WPORG_Two_Factor_Secondary extends WPORG_Two_Factor_Backup_Codes { // Temporarily 6 // class WPORG_Two_Factor_Secondary extends Two_Factor_Provider { // When it's a proper wrapper. 3 class WPORG_Two_Factor_Secondary extends Two_Factor_Provider { // When it's a proper wrapper. 7 4 8 5 /** … … 24 21 } 25 22 26 // protected $providers = []; 23 public function authentication_page( $user ) { 24 if ( ! $user ) { 25 return; 26 } 27 28 $this->send_codes_to_user( $user ); 29 30 require_once( ABSPATH . '/wp-admin/includes/template.php' ); 31 32 $email_enabled = isset( $this->providers['WPORG_Two_Factor_Email'] ) && $this->providers['WPORG_Two_Factor_Email']->is_available_for_user( $user ); 33 $slack_enabled = isset( $this->providers['WPORG_Two_Factor_Slack'] ) && $this->providers['WPORG_Two_Factor_Slack']->is_available_for_user( $user ); 34 35 if ( $email_enabled && $slack_enabled ) { 36 echo '<p>' . __( 'Enter the verification code sent to your Email, Slack, or a printed backup code.', 'wporg' ) . '</p>'; 37 } elseif ( $email_enabled ) { 38 echo '<p>' . __( 'Enter the verification code sent to your Email, or a printed backup code.', 'wporg' ) . '</p>'; 39 } else { 40 echo '<p>' . __( 'Enter a printed backup code.', 'wporg' ) . '</p>'; 41 } 42 ?> 43 44 <p> 45 <label for="authcode"><?php esc_html_e( 'Verification Code:', 'wporg' ); ?></label> 46 <input type="tel" name="two-factor-backup-code" id="authcode" class="input" value="" size="20" pattern="[0-9]*" /> 47 <?php submit_button( __( 'Authenticate', 'wporg' ) ); ?> 48 </p> 49 50 <?php if ( $email_enabled || $slack_enabled ) { ?> 51 <p class="two-factor-email-resend"> 52 <input type="submit" class="button" name="two-factor-backup-resend" value="<?php esc_attr_e( 'Resend Code', 'wporg' ); ?>" /> 53 </p> 54 <?php } ?> 55 56 <script type="text/javascript"> 57 setTimeout( function(){ 58 var d; 59 try{ 60 d = document.getElementById('authcode'); 61 d.value = ''; 62 d.focus(); 63 } catch(e){} 64 }, 200); 65 </script> 66 <?php 67 } 68 69 function is_available_for_user( $user ) { return true; } 70 71 protected $providers = []; 27 72 28 73 protected function __construct() { 29 /*30 74 $providers = [ 31 75 'WPORG_Two_Factor_Email' => __DIR__ . '/class-wporg-two-factor-email.php', 32 76 'WPORG_Two_Factor_Backup_Codes' => __DIR__ . '/class-wporg-two-factor-backup-codes.php', 33 77 'WPORG_Two_Factor_Slack' => __DIR__ . '/class-wporg-two-factor-slack.php' 78 ]; 79 $providers = apply_filters( 'wporg_two_factor_secondary_providers', $providers ); 34 80 35 ]; 36 */ 81 // Add some CSS for this clss. 82 add_action( 'login_head', [ $this, 'add_styles' ] ); 83 84 foreach ( $providers as $class => $path ) { 85 include_once( $path ); 86 87 if ( class_exists( $class ) ) { 88 try { 89 $this->providers[ $class ] = call_user_func( array( $class, 'get_instance' ) ); 90 } catch ( Exception $e ) { 91 unset( $this->providers[ $class ] ); 92 } 93 } 94 } 95 37 96 return parent::__construct(); 38 97 } 98 99 // Add some specific styles for this class. 100 public function add_styles() { 101 if ( isset( $_GET['provider'] ) && $_GET['provider'] === __CLASS__ ) { 102 echo '<style> 103 body.login-action-backup_2fa .backup-methods-wrap { 104 display: none; 105 } 106 body.login-action-backup_2fa input[name="two-factor-backup-resend"] { 107 108 } 109 </style>'; 110 } 111 } 112 113 public function pre_process_authentication( $user ) { 114 if ( isset( $_REQUEST['two-factor-backup-resend'] ) ) { 115 return $this->send_codes_to_user( $user, true ); 116 } 117 118 return false; 119 } 120 121 // Send codes to the user based on the providers available. 122 // 123 protected function send_codes_to_user( $user, $resend = false ) { 124 $result = false; 125 126 if ( 127 isset( $this->providers['WPORG_Two_Factor_Email'] ) && 128 $this->providers['WPORG_Two_Factor_Email']->is_available_for_user( $user ) 129 ) { 130 if ( 131 $resend | 132 ! $this->providers['WPORG_Two_Factor_Email']->user_has_token( $user->ID ) 133 ) { 134 $result = true; 135 $this->providers['WPORG_Two_Factor_Email']->generate_and_email_token( $user ); 136 } 137 } 138 139 if ( 140 isset( $this->providers['WPORG_Two_Factor_Slack'] ) && 141 $this->providers['WPORG_Two_Factor_Slack']->is_available_for_user( $user ) 142 ) { 143 if ( 144 $resend || 145 ! $this->providers['WPORG_Two_Factor_Slack']->user_has_token( $user->ID ) 146 ) { 147 $result = true; 148 $this->providers['WPORG_Two_Factor_Slack']->generate_and_slack_token( $user ); 149 } 150 } 151 152 return $result; 153 } 154 155 function validate_authentication( $user ) { 156 if ( empty( $_POST['two-factor-backup-code'] ) ) { 157 return false; 158 } 159 160 $backup_code = $_POST['two-factor-backup-code']; 161 162 $authenticated = false; 163 164 foreach ( $this->providers as $provider ) { 165 if ( 166 $provider->is_available_for_user( $user ) && 167 $provider->validate_authentication( $user, $backup_code ) 168 ) { 169 $authenticated = true; 170 break; 171 } 172 } 173 174 // Also check the Primary method for the user just in case. 175 $primary_provider = WPORG_Two_Factor_Primary::get_instance(); 176 if ( 177 ! $authenticated && 178 $primary_provider->is_available_for_user( $user ) && 179 $primary_provider->validate_authentication( $user, $backup_code ) 180 ) { 181 $authenticated = true; 182 } 183 184 if ( $authenticated ) { 185 foreach ( $this->providers as $provider ) { 186 if ( is_callable( [ $provider, 'delete_token' ] ) ) { 187 $provider->delete_token( $user->ID ); 188 } 189 } 190 } 191 192 return $authenticated; 193 } 39 194 } -
sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/providers/class-wporg-two-factor-slack.php
r6735 r6759 1 1 <?php 2 2 3 require_once TWO_FACTOR_DIR . 'providers/class.two-factor-email.php';3 require_once __DIR__ . '/class-wporg-two-factor-email.php'; 4 4 5 class WPORG_Two_Factor_Slack extends Two_Factor_Email {5 class WPORG_Two_Factor_Slack extends WPORG_Two_Factor_Email { 6 6 7 7 /** … … 11 11 */ 12 12 const TOKEN_META_KEY = '_two_factor_slack_token'; 13 14 /**15 * Name of the input field used for code resend.16 *17 * @var string18 */19 const INPUT_NAME_RESEND_CODE = 'two-factor-slack-code-resend';20 13 21 14 /** … … 34 27 35 28 public function get_label() { 36 return _x( 'Slack', 'Provider Label', 'wporg' );29 return 'Slack'; // Not marked for translation as this shouldn't be called/displayed. 37 30 } 38 31 39 /** 40 * Whether this Two Factor provider is configured and available for the user specified. 41 * 42 * @since 0.1-dev 43 * 44 * @param WP_User $user WP_User object of the logged-in user. 45 * @return boolean 46 */ 32 protected function get_slack_details( $user_id ) { 33 global $wpdb; 34 35 static $cached_details = []; 36 if ( isset( $cached_details[ $user_id ] ) ) { 37 return $cached_details[ $user_id ]; 38 } 39 40 // TODO abstract this? memcache it? 41 $user_details = $wpdb->get_var( $wpdb->prepare( "SELECT profiledata FROM slack_users WHERE user_id = %d LIMIT 1", $user_id ) ); 42 $user_details = $user_details ? json_decode( $user_details ) : false; 43 44 $cached_details[ $user_id ] = $user_details; 45 46 return $user_details; 47 } 48 47 49 public function is_available_for_user( $user ) { 48 // TODO Check if the user has a 2FA slack account. 50 $user_details = $this->get_slack_details( $user->ID ); 51 52 // Require the Slack account to exist, and for the user to have 2FA enabled on Slack. 53 return $user_detauls && empty( $user_details->deleted ) && ! empty( $user_details->has_2fa ); 54 } 55 56 public function generate_and_email_token( $user ) { 57 return $this->generate_and_slack_token( $user ); 58 } 59 60 public function generate_and_slack_token( $user ) { 61 $token = $this->generate_token( $user->ID ); 62 63 $message = "Please enter the following verification code on WordPress.org to complete your login:\n{$token}"; 64 65 $slack_details = $this->get_slack_details( $user->ID ); 66 67 if ( $slack_details->id ) { 68 // TODO: Replace this with a named Slack Bot. 69 return slack_dm( $message, $slack_details->id ); 70 } 71 49 72 return false; 50 73 } 51 74 52 /**53 * Generate and email the user token.54 *55 * @since 0.1-dev56 *57 * @param WP_User $user WP_User object of the logged-in user.58 */59 public function generate_and_email_token( $user ) {60 $token = $this->generate_token( $user->ID );61 62 /* translators: %s: site name */63 $subject = wp_strip_all_tags( sprintf( __( 'Your login confirmation code for %s', 'wporg' ), get_bloginfo( 'name' ) ) );64 /* translators: %s: token */65 $message = wp_strip_all_tags( sprintf( __( 'Enter %s to log in.', 'wporg' ), $token ) );66 67 $who = '@dd32';68 69 return slack_dm( $subject . "\n" . $message, $who );70 }71 72 75 } -
sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/wporg-two-factor.php
r6758 r6759 199 199 */ 200 200 public static function enable_two_factor( $user_id ) { 201 // True if at least one provider method was set.202 201 return ( 203 202 update_user_meta( $user_id, self::PROVIDER_USER_META_KEY, 'WPORG_Two_Factor_Primary' ) && … … 223 222 public static function user_two_factor_options( $user ) { 224 223 wp_enqueue_script( 'two-factor-edit', plugins_url( 'js/profile-edit.js' , __FILE__ ), [ 'jquery' ], 1, true ); 225 wp_localize_script( 'two-factor-edit', 'two_factor_edit', array( 224 wp_localize_script( 'two-factor-edit', 'two_factor_edit', array( 226 225 'ajaxurl' => admin_url( 'admin-ajax.php' ), 227 226 ) );
Note: See TracChangeset
for help on using the changeset viewer.