From aa09fcf68507da50b94ff8a4ee141b285675252b Mon Sep 17 00:00:00 2001 From: Kaspars Dambis Date: Thu, 14 Dec 2017 16:25:57 +0200 Subject: [PATCH 1/6] Add method description --- class.two-factor-core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class.two-factor-core.php b/class.two-factor-core.php index 7c116c91..8fac5a5d 100644 --- a/class.two-factor-core.php +++ b/class.two-factor-core.php @@ -258,7 +258,7 @@ public static function show_two_factor_login( $user ) { } /** - * Add short description. @todo + * Render the two-factor login form for another backup provider. * * @since 0.1-dev */ From 0d2b2c771804ebdf19df3dc81376568995c9dc86 Mon Sep 17 00:00:00 2001 From: Kaspars Dambis Date: Thu, 14 Dec 2017 16:26:33 +0200 Subject: [PATCH 2/6] Introduce a helper to fetch the current login nonce key --- class.two-factor-core.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/class.two-factor-core.php b/class.two-factor-core.php index 8fac5a5d..13e6f36f 100644 --- a/class.two-factor-core.php +++ b/class.two-factor-core.php @@ -435,6 +435,27 @@ public static function create_login_nonce( $user_id ) { return $login_nonce; } + /** + * Get the current login nonce for the user or create a new one. + * + * @param int $user_id User ID. + * + * @return string + */ + public static function get_login_nonce_key( $user_id ) { + $login_nonce = get_user_meta( $user_id, self::USER_META_NONCE_KEY, true ); + + if ( ! empty( $login_nonce['key'] ) ) { + return $login_nonce['key']; + } else { + // Create a new nounce for the user. + $login_nonce = self::create_login_nonce( $user_id ); + return $login_nonce['key']; + } + + return ''; + } + /** * Delete the login nonce. * From 7a25105c8bdb869c43ac272a1d10689e3e0818a0 Mon Sep 17 00:00:00 2001 From: Kaspars Dambis Date: Thu, 14 Dec 2017 16:29:23 +0200 Subject: [PATCH 3/6] Use a variable for the email code field name --- providers/class.two-factor-email.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/providers/class.two-factor-email.php b/providers/class.two-factor-email.php index e0543279..d5cc51aa 100644 --- a/providers/class.two-factor-email.php +++ b/providers/class.two-factor-email.php @@ -22,6 +22,13 @@ class Two_Factor_Email extends Two_Factor_Provider { */ const INPUT_NAME_RESEND_CODE = 'two-factor-email-code-resend'; + /** + * Name of the email code input field on the login page. + * + * @var string + */ + const INPUT_NAME_CODE = 'two-factor-email-code'; + /** * Ensures only one instance of this class exists in memory at any one time. * @@ -175,7 +182,7 @@ public function authentication_page( $user ) {

- +

From e5482af725c3b261ce373caabecf9c545b4b1977 Mon Sep 17 00:00:00 2001 From: Kaspars Dambis Date: Thu, 14 Dec 2017 16:30:19 +0200 Subject: [PATCH 4/6] Add a link to the code email body --- providers/class.two-factor-email.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/providers/class.two-factor-email.php b/providers/class.two-factor-email.php index d5cc51aa..7f43f938 100644 --- a/providers/class.two-factor-email.php +++ b/providers/class.two-factor-email.php @@ -151,14 +151,27 @@ public function delete_token( $user_id ) { * @param WP_User $user WP_User object of the logged-in user. */ public function generate_and_email_token( $user ) { + $message = array(); $token = $this->generate_token( $user->ID ); + // Build a link that replicates the form produced by login_html(). + $login_link = add_query_arg( array( + 'provider' => __CLASS__, + 'action' => 'validate_2fa', + self::INPUT_NAME_CODE => $token, + 'wp-auth-id' => $user->ID, + 'wp-auth-nonce' => Two_Factor_Core::get_login_nonce( $user->ID ), + ), wp_login_url() ); + /* translators: %s: site name */ $subject = wp_strip_all_tags( sprintf( __( 'Your login confirmation code for %s', 'two-factor' ), get_bloginfo( 'name' ) ) ); + /* translators: %s: token */ - $message = wp_strip_all_tags( sprintf( __( 'Enter %s to log in.', 'two-factor' ), $token ) ); + $message[] = wp_strip_all_tags( sprintf( __( 'Enter %s to log in or use this link:', 'two-factor' ), $token ) ); + + $message[] = $login_link; - return wp_mail( $user->user_email, $subject, $message ); + return wp_mail( $user->user_email, $subject, implode( "\n", $message ) ); } /** From a5d68a2c0b22626c0b4f0574265e2856d8a98d4e Mon Sep 17 00:00:00 2001 From: Kaspars Dambis Date: Thu, 14 Dec 2017 16:30:42 +0200 Subject: [PATCH 5/6] Describe why clear the core WP login cookie --- class.two-factor-core.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/class.two-factor-core.php b/class.two-factor-core.php index 13e6f36f..b8385997 100644 --- a/class.two-factor-core.php +++ b/class.two-factor-core.php @@ -229,6 +229,8 @@ public static function wp_login( $user_login, $user ) { return; } + // Clear the regular username/password cookie because we need to + // validate the second factor now. wp_clear_auth_cookie(); self::show_two_factor_login( $user ); From 7a127d9d74cea9aed2124dd8a530d3696c465446 Mon Sep 17 00:00:00 2001 From: Kaspars Dambis Date: Thu, 14 Dec 2017 16:30:54 +0200 Subject: [PATCH 6/6] Redirect to the site URL instead --- class.two-factor-core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class.two-factor-core.php b/class.two-factor-core.php index b8385997..74749c6b 100644 --- a/class.two-factor-core.php +++ b/class.two-factor-core.php @@ -276,7 +276,7 @@ public static function backup_2fa() { $nonce = $_GET['wp-auth-nonce']; if ( true !== self::verify_login_nonce( $user->ID, $nonce ) ) { - wp_safe_redirect( get_bloginfo( 'url' ) ); + wp_safe_redirect( site_url() ); exit; }