Making WordPress.org

Changeset 6799


Ignore:
Timestamp:
02/28/2018 12:04:48 AM (7 years ago)
Author:
dd32
Message:

2FA: Re-set the 2FA cookie when authentication cookies are re-set while logged in (ie. Password Change).

See #77.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/wporg-two-factor/wporg-two-factor.php

    r6796 r6799  
    2121        add_action( 'clear_auth_cookie',      [ $this, 'clear_2fa_cookies' ] );
    2222        add_filter( 'salt',                   [ $this, 'add_2fa_salt' ], 10, 2 );
     23        add_action( 'set_auth_cookie',        [ $this, 'set_auth_cookie_maybe_set_2fa_cookie' ], 10, 6 );
    2324
    2425        remove_action( 'edit_user_profile', [ 'Two_Factor_Core', 'user_two_factor_options' ] );
     
    9697    }
    9798
     99    function set_auth_cookie_maybe_set_2fa_cookie( $auth_cookie, $expire, $expiration, $user_id, $scheme, $token = '' ) {
     100        // Check if they're the current user and 2FA
     101        if ( ! is_user_logged_in() || get_current_user_id() !== $user_id ) {
     102            return;
     103        }
     104
     105        if ( ! self::is_user_using_two_factor( $user_id ) ) {
     106            return;
     107        }
     108
     109        if ( empty( $_COOKIE[ self::WPORG_2FA_COOKIE ] ) ) {
     110            return;
     111        }
     112
     113        // At this point we know they have a 2FA account, were already logged in, and had a 2FA cookie
     114        $this->set_2fa_cookies( get_userdata( $user_id ), $expire );
     115    }
     116
     117
    98118    function clear_2fa_cookies() {
    99119        setcookie( self::WPORG_2FA_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH,   COOKIE_DOMAIN );
     
    101121    }
    102122
    103     function set_2fa_cookies( $user ) {
    104         // Set the Expiration based on the main Authentication cookie
    105         $auth_cookie_parts = wp_parse_auth_cookie( '', 'secure_auth' );
    106         if ( ! $auth_cookie_parts  ) {
    107             wp_logout();
    108             return;
    109         }
    110 
    111         $expiration = $auth_cookie_parts['expiration'];
     123    function set_2fa_cookies( $user, $expiration = false ) {
     124        if ( ! $expiration ) {
     125            // Set the Expiration based on the main Authentication cookie
     126            $auth_cookie_parts = wp_parse_auth_cookie( '', 'secure_auth' );
     127            if ( ! $auth_cookie_parts  ) {
     128                wp_logout();
     129                return;
     130            }
     131            $expiration = $auth_cookie_parts['expiration'];
     132        }
    112133
    113134        $cookie_value = wp_generate_auth_cookie( $user->ID, $expiration, '2fa', '' /* WordPress.org doesn't use Session Tokens yet */ );
     
    256277
    257278        $backup_classname = key( $backup_providers );
    258         $backup_provider  = $backup_providers[ $backup_classname ];
    259279
    260280        if ( ! function_exists( 'login_header' ) ) {
     
    287307        </div><!-- Opened in login_header() -->
    288308
    289         <?php if ( 'WPORG_Two_Factor_Primary' === $provider_class ) : ?>
     309        <?php if ( 'WPORG_Two_Factor_Primary' === $provider_class && $backup_classname ) : ?>
    290310        <div class="backup-methods-wrap">
    291311            <a href="<?php echo esc_url( add_query_arg( urlencode_deep( array(
Note: See TracChangeset for help on using the changeset viewer.