WordPress.org

Making WordPress.org

Changeset 6761


Ignore:
Timestamp:
02/26/2018 12:26:40 PM (3 years ago)
Author:
dd32
Message:

2FA: Have WPORG_Two_Factor_Email be it's own provider in it's own right.

By extending WPORG_Two_Factor_Email for WPORG_Two_Factor_Slack it was found that Two_Factor_Email uses self:: a bunch causing the usermeta token override not to take effect.

See #77.

Location:
sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/providers
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/providers/class-wporg-two-factor-email.php

    r6759 r6761  
    11<?php
    22
    3 require_once TWO_FACTOR_DIR . 'providers/class.two-factor-email.php';
     3class WPORG_Two_Factor_Email extends Two_Factor_Provider {
    44
    5 class WPORG_Two_Factor_Email extends Two_Factor_Email {
    6     /**
    7      * Ensures only one instance of this class exists in memory at any one time.
    8      *
    9      * @since 0.1-dev
    10      */
    11     static function get_instance() {
     5    const TOKEN_META_KEY = '_two_factor_email_token';
     6
     7    public static function get_instance() {
    128        static $instance;
    13         $class = __CLASS__;
    14         if ( ! is_a( $instance, $class ) ) {
     9        if ( ! $instance ) {
     10            $class = __CLASS__;
    1511            $instance = new $class;
    1612        }
     
    1814    }
    1915
     16    public function get_label() {
     17        return 'Email'; // Not marked for translation as this shouldn't be called/displayed.
     18    }
     19
     20    public function generate_token( $user_id ) {
     21        $token = $this->get_code();
     22        update_user_meta( $user_id, static::TOKEN_META_KEY, wp_hash( $token ) );
     23        return $token;
     24    }
     25
     26    public function user_has_token( $user_id ) {
     27        return (bool) $this->get_user_token( $user_id );
     28    }
     29
     30    public function get_user_token( $user_id ) {
     31        $hashed_token = get_user_meta( $user_id, static::TOKEN_META_KEY, true );
     32
     33        if ( ! empty( $hashed_token ) && is_string( $hashed_token ) ) {
     34            return $hashed_token;
     35        }
     36
     37        return false;
     38    }
     39
     40    public function validate_token( $user_id, $token ) {
     41        $hashed_token = $this->get_user_token( $user_id );
     42
     43        // Bail if token is empty or it doesn't match.
     44        if ( empty( $hashed_token ) || ( wp_hash( $token ) !== $hashed_token ) ) {
     45            return false;
     46        }
     47
     48        // Ensure that the token can't be re-used.
     49        $this->delete_token( $user_id );
     50
     51        return true;
     52    }
     53
     54    public function delete_token( $user_id ) {
     55        delete_user_meta( $user_id, static::TOKEN_META_KEY );
     56    }
     57
    2058    public function validate_authentication( $user, $code = '' ) {
    21         if ( ! isset( $user->ID ) || ! $code ) {
     59        if ( empty( $user->ID ) || ! $code ) {
    2260            return false;
    2361        }
     
    3775
    3876        /* translators: %s: site name */
    39         $subject = wp_strip_all_tags( sprintf( __( 'Your login confirmation code for %s', 'wporg' ), get_bloginfo( 'name' ) ) );
     77        $subject = __( 'Your login confirmation code for WordPress.org', 'wporg' );
    4078        /* translators: %s: token */
    41         $message = wp_strip_all_tags( sprintf( __( 'Enter %s to log in.', 'wporg' ), $token ) );
     79        $message = __( 'Please enter the following verification code on WordPress.org to complete your login:', 'wporg' );
     80        $message .= "\n" . $token;
    4281
    4382        return wp_mail( $user->user_email, $subject, $message );
    4483    }
    4584
     85    public function authentication_page( $user ) {
     86        // N/A
     87    }
     88
     89    public function pre_process_authentication( $user ) {
     90        // N/A
     91        return false;
     92    }
     93
     94    public function is_available_for_user( $user ) {
     95        return true;
     96    }
    4697}
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/providers/class-wporg-two-factor-slack.php

    r6760 r6761  
    55class WPORG_Two_Factor_Slack extends WPORG_Two_Factor_Email {
    66
    7     /**
    8      * The user meta token key.
    9      *
    10      * @type string
    11      */
    127    const TOKEN_META_KEY = '_two_factor_slack_token';
    138
    14     /**
    15      * Ensures only one instance of this class exists in memory at any one time.
    16      *
    17      * @since 0.1-dev
    18      */
    19     static function get_instance() {
     9    public static function get_instance() {
    2010        static $instance;
    21         $class = __CLASS__;
    22         if ( ! is_a( $instance, $class ) ) {
     11        if ( ! $instance ) {
     12            $class = __CLASS__;
    2313            $instance = new $class;
    2414        }
Note: See TracChangeset for help on using the changeset viewer.