Commit 448ce8c6 authored by Erick Hitter's avatar Erick Hitter
Browse files

* Working checks for Authy tokens.

* Working authentication blocking based on token check.
* Basic WordPress integration both in login and admin.
parent 984a3625
......@@ -57,15 +57,16 @@ class Authy_WP_API {
$country_code = preg_replace( '#[^\d\+]#', '', $country_code );
// Build API endpoint
$endpoint = $this->api_endpoint . '/protected/json/users/new?api_key=' . $this->api_key;
$endpoint = sprintf( '%s/protected/json/users/new', $this->api_endpoint );
$endpoint = add_query_arg( array(
'api_key' =>$this->api_key,
'user[email]' => $email,
'user[cellphone]' => $phone,
'user[country_code]' => $country_code
), $endpoint );
// Make API request and parse response
$response = wp_remote_post( $endpoint, array() );
$response = wp_remote_post( $endpoint );
if ( '200' == wp_remote_retrieve_response_code( $response ) ) {
$body = wp_remote_retrieve_body( $response );
......@@ -80,4 +81,26 @@ class Authy_WP_API {
return false;
}
/**
*
*/
public function check_token( $id, $token ) {
$endpoint = sprintf( '%s/protected/json/verify/%s/%d', $this->api_endpoint, $token, $id );
$endpoint = add_query_arg( array(
'api_key' => $this->api_key,
'force' => 'true'
), $endpoint );
// Make API request and check responding status code
$response = wp_remote_head( $endpoint );
$status_code = wp_remote_retrieve_response_code( $response );
if ( 200 == $status_code )
return true;
elseif ( 401 == $status_code )
return __( 'The Authy token provided could not be verified. Please try again.', 'authy_wp' );
return false;
}
}
......@@ -99,6 +99,10 @@ class Authy_WP {
// add_action( 'edit_user_profile', array( $this, 'action_edit_user_profile' ) );
add_action( 'personal_options_update', array( $this, 'action_personal_options_update' ) );
// add_action( 'edit_user_profile_update', array( $this, 'action_edit_user_profile_update' ) );
// Authentication
add_action( 'login_form', array( $this, 'action_login_form' ), 50 );
add_filter( 'authenticate', array( $this, 'action_authenticate' ), 9999, 2 );
}
/**
......@@ -403,6 +407,51 @@ class Authy_WP {
public function action_edit_user_profile() {
// If user has rights, permit them to disable Authy for a given user.
}
/**
*
*/
public function action_login_form() {
?>
<p>
<label for="authy_token">Authy Token<br>
<input type="text" name="authy_token" id="authy_token" class="input" value="" size="20"></label>
</p>
<?php
}
/**
*
*/
public function action_authenticate( $user, $username ) {
// If we don't have a username yet, or the method isn't supported, stop.
if ( empty( $username ) || ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) || ( defined( 'APP_REQUEST' ) && APP_REQUEST ) )
return $user;
// Don't bother if WP can't provide a user object.
if ( ! is_object( $user ) || ! property_exists( $user, 'ID' ) )
return $user;
// User must opt in.
if ( ! $this->user_has_authy_id( $user->ID ) )
return $user;
// If a user has opted in, he/she must provide a token
if ( ! isset( $_POST['authy_token'] ) || empty( $_POST['authy_token'] ) )
return new WP_Error( 'authentication_failed', sprintf( __('<strong>ERROR</strong>: To log in as <strong>%s</strong>, you must provide an Authy token.'), $username ) );
// Check the specified token
$authy_id = $this->get_user_authy_id( $user->ID );
$authy_token = preg_replace( '#[^\d]#', '', $_POST['authy_token'] );
$api_check = $this->api->check_token( $authy_id, $authy_token );
if ( false === $api_check )
return null;
elseif ( is_string( $api_check ) )
return new WP_Error( 'authentication_failed', __('<strong>ERROR</strong>: ' . $api_check ) );
return $user;
}
}
Authy_WP::instance();
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment