Changeset 3354773
- Timestamp:
- 09/02/2025 02:03:30 PM (7 months ago)
- Location:
- two-factor-2fa-via-email
- Files:
-
- 12 added
- 2 edited
-
tags/1.9.8 (added)
-
tags/1.9.8/assets (added)
-
tags/1.9.8/assets/css (added)
-
tags/1.9.8/assets/css/user.css (added)
-
tags/1.9.8/assets/html (added)
-
tags/1.9.8/assets/html/2fa-page.php (added)
-
tags/1.9.8/assets/html/login-email.php (added)
-
tags/1.9.8/assets/html/plugin-deactivated.php (added)
-
tags/1.9.8/assets/js (added)
-
tags/1.9.8/assets/js/admin.js (added)
-
tags/1.9.8/readme.txt (added)
-
tags/1.9.8/ss88-two-factor-via-email.php (added)
-
trunk/readme.txt (modified) (2 diffs)
-
trunk/ss88-two-factor-via-email.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
two-factor-2fa-via-email/trunk/readme.txt
r3342564 r3354773 5 5 Requires at least: 4.6 6 6 Tested up to: 6.8 7 Stable tag: 1.9. 77 Stable tag: 1.9.8 8 8 Requires PHP: 5.6 9 9 License: GPL2 … … 133 133 == Changelog == 134 134 135 = 1.9.8 = 136 * Thank you for 10,000+ active installations! :-) 137 * Fix: REST API authentication 138 135 139 = 1.9.7 = 136 140 * PHP Warning fix on new user -
two-factor-2fa-via-email/trunk/ss88-two-factor-via-email.php
r3342562 r3354773 4 4 Plugin URI: https://ss88.us/plugins/two-factor-2fa-authentication-via-email-plugin-for-wordpress 5 5 Description: A lightweight plugin to allow the use of two-factor authentication (2FA) through email. One-click login with this Two-Factor (2FA) Authentication plugin for WordPress. 6 Version: 1.9. 76 Version: 1.9.8 7 7 Author: SS88 LLC 8 8 Author URI: https://ss88.us … … 12 12 class SS88_2FAVE { 13 13 14 protected $version = '1.9. 7';14 protected $version = '1.9.8'; 15 15 protected $email_tags = []; 16 16 protected $expires = 15; … … 36 36 37 37 add_action('wp_login', [$this, 'wp_login'], 1, 2); 38 add_filter('rest_authentication_errors', [$this, 'rest_authentication_errors'], 10, 1); 38 39 add_action('login_init', [$this, 'processTokenLogin']); 39 40 add_action('deactivated_plugin', [$this, 'deactivated_plugin']); … … 214 215 215 216 public function wp_login($user_login, $U) { 216 217 // Let's check to see if it's an API call218 if(strpos($_SERVER['REQUEST_URI'], '/wp-json/') === 0 || strpos($_SERVER['REQUEST_URI'], '?rest_route=') === 0) {219 220 if(!$this->isEnabled($U->ID, 'API')) return;221 222 wp_send_json_error([223 'message' => __('2FA is enabled on this account. Unable to authenticate.', 'two-factor-2fa-via-email')224 ], 403);225 exit;226 227 }228 217 229 218 if(!isset($_GET['token'])) { … … 259 248 } 260 249 250 } 251 252 public function rest_authentication_errors($result) { 253 254 if (!empty($result)) return $result; 255 256 $AuthorizationHeader = $this->get_basic_auth_header(); 257 258 if($AuthorizationHeader) { 259 260 $user = wp_get_current_user(); 261 if ($user && $user->ID && $this->isEnabled($user->ID, 'API')) { 262 return new WP_Error( 263 'rest_forbidden', 264 __('2FA is enabled on this account. Unable to authenticate.', 'two-factor-2fa-via-email'), 265 ['status' => 403] 266 ); 267 } 268 269 } 270 271 return $result; 272 273 } 274 275 private function get_basic_auth_header() { 276 277 $h = ''; 278 if ( isset( $_SERVER['HTTP_AUTHORIZATION'] ) ) { 279 $h = $_SERVER['HTTP_AUTHORIZATION']; 280 } elseif ( isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ) ) { 281 $h = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; 282 } elseif ( isset( $_SERVER['AUTHORIZATION'] ) ) { 283 $h = $_SERVER['AUTHORIZATION']; 284 } 285 286 287 if ( preg_match('/^(Basic|Bearer|Application)\s+/i', $h) ) { 288 return $h; 289 } 290 291 return false; 261 292 } 262 293
Note: See TracChangeset
for help on using the changeset viewer.