-
Notifications
You must be signed in to change notification settings - Fork 176
Expand file tree
/
Copy pathtwo-factor.php
More file actions
183 lines (152 loc) · 5.12 KB
/
two-factor.php
File metadata and controls
183 lines (152 loc) · 5.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
<?php
/**
* Two Factor
*
* @package Two_Factor
* @author WordPress.org Contributors
* @copyright 2020 Plugin Contributors
* @license GPL-2.0-or-later
*
* @wordpress-plugin
* Plugin Name: Two Factor
* Plugin URI: https://wordpress.org/plugins/two-factor/
* Description: Enable Two-Factor Authentication using time-based one-time passwords, email, and backup verification codes.
* Requires at least: 6.8
* Version: 0.15.0
* Requires PHP: 7.2
* Author: WordPress.org Contributors
* Author URI: https://github.com/wordpress/two-factor/graphs/contributors
* License: GPL-2.0-or-later
* License URI: https://spdx.org/licenses/GPL-2.0-or-later.html
* Text Domain: two-factor
* Network: True
*/
if ( ! defined( 'ABSPATH' ) ) {
exit; // Exit if accessed directly.
}
/**
* Shortcut constant to the path of this file.
*/
define( 'TWO_FACTOR_DIR', plugin_dir_path( __FILE__ ) );
/**
* Version of the plugin.
*/
define( 'TWO_FACTOR_VERSION', '0.15.0' );
/**
* Include the base class here, so that other plugins can also extend it.
*/
require_once TWO_FACTOR_DIR . 'providers/class-two-factor-provider.php';
/**
* Include the core that handles the common bits.
*/
require_once TWO_FACTOR_DIR . 'class-two-factor-core.php';
/**
* A compatibility layer for some of the most-used plugins out there.
*/
require_once TWO_FACTOR_DIR . 'class-two-factor-compat.php';
// Load settings UI class so the settings page can be rendered.
require_once TWO_FACTOR_DIR . 'settings/class-two-factor-settings.php';
$two_factor_compat = new Two_Factor_Compat();
Two_Factor_Core::add_hooks( $two_factor_compat );
// Delete our options and user meta during uninstall.
register_uninstall_hook( __FILE__, array( Two_Factor_Core::class, 'uninstall' ) );
/**
* Register admin menu and plugin action links.
*
* @since 0.16
*/
function two_factor_register_admin_hooks() {
if ( is_admin() ) {
add_action( 'admin_menu', 'two_factor_add_settings_page' );
}
// Load settings page assets when in admin.
// Settings assets handled inline via standard markup; no extra CSS enqueued.
/* Enforcement filters: restrict providers based on saved enabled-providers option. */
add_filter( 'two_factor_providers', 'two_factor_filter_enabled_providers' );
add_filter( 'two_factor_enabled_providers_for_user', 'two_factor_filter_enabled_providers_for_user', 10, 2 );
}
add_action( 'init', 'two_factor_register_admin_hooks' );
/**
* Add the Two Factor settings page under Settings.
*
* @since 0.16
*/
function two_factor_add_settings_page() {
add_options_page(
__( 'Two-Factor Settings', 'two-factor' ),
__( 'Two-Factor', 'two-factor' ),
'manage_options',
'two-factor-settings',
'two_factor_render_settings_page'
);
}
/**
* Render the settings page via the settings class if available.
*
* @since 0.16
*/
function two_factor_render_settings_page() {
if ( ! current_user_can( 'manage_options' ) ) {
return;
}
// Prefer new settings class (keeps main file small).
if ( class_exists( 'Two_Factor_Settings' ) && is_callable( array( 'Two_Factor_Settings', 'render_settings_page' ) ) ) {
Two_Factor_Settings::render_settings_page();
return;
}
// Fallback: no UI available.
echo '<div class="wrap"><h1>' . esc_html__( 'Two-Factor Settings', 'two-factor' ) . '</h1>';
echo '<p>' . esc_html__( 'Settings not available.', 'two-factor' ) . '</p></div>';
}
/**
* Helper: retrieve the site-enabled providers option.
* Returns null when the option has never been saved (meaning all providers are allowed).
* Returns an array (possibly empty) when the admin has explicitly saved a selection.
*
* @since 0.16
*
* @return array|null
*/
function two_factor_get_enabled_providers_option() {
$enabled = get_option( 'two_factor_enabled_providers', null );
if ( null === $enabled ) {
return null; // Never saved — allow everything.
}
return is_array( $enabled ) ? $enabled : array();
}
/**
* Filter the registered providers to only those in the site-enabled list.
* This filter receives providers in core format: classname => path.
*
* @since 0.16
*/
function two_factor_filter_enabled_providers( $providers ) {
$site_enabled = two_factor_get_enabled_providers_option();
// null means the option was never saved — allow all providers.
if ( null === $site_enabled ) {
return $providers;
}
// On the settings page itself, show all providers so admins can change the selection.
if ( is_admin() && isset( $_GET['page'] ) && 'two-factor-settings' === $_GET['page'] ) {
return $providers;
}
foreach ( $providers as $key => $path ) {
if ( ! in_array( $key, $site_enabled, true ) ) {
unset( $providers[ $key ] );
}
}
return $providers;
}
/**
* Filter enabled providers for a user (classnames array) to enforce the site-enabled list.
*
* @since 0.16
*/
function two_factor_filter_enabled_providers_for_user( $enabled, $user_id ) {
$site_enabled = two_factor_get_enabled_providers_option();
// null means the option was never saved — allow all.
if ( null === $site_enabled ) {
return $enabled;
}
return array_values( array_intersect( (array) $enabled, $site_enabled ) );
}