Providers
2 weeks ago
CallbackHandler.php
2 weeks ago
MfaApiClient.php
2 weeks ago
MfaFlowSendCode.php
2 weeks ago
MfaProviderRegistry.php
2 weeks ago
MfaRestApi.php
2 weeks ago
SessionStore.php
2 weeks ago
MfaFlowSendCode.php
89 lines
| 1 | <?php |
| 2 | |
| 3 | namespace LLAR\Core\MfaFlow; |
| 4 | |
| 5 | if ( ! defined( 'ABSPATH' ) ) { |
| 6 | exit; |
| 7 | } |
| 8 | |
| 9 | /** |
| 10 | * MFA flow: shared logic for sending verification code via the session's provider. |
| 11 | * Used by both AJAX (admin-ajax.php) and REST API endpoints. |
| 12 | * Endpoints accept POST with token, secret (send_email_secret), code in request body. |
| 13 | * The same secret can be used to send the code multiple times (resend) until the session expires. |
| 14 | * Actual delivery (email, SMS, etc.) is delegated to the provider registered for the session. |
| 15 | * |
| 16 | * @return array { 'success' => bool, 'http_status' => int, 'message' => string|null } |
| 17 | */ |
| 18 | class MfaFlowSendCode { |
| 19 | |
| 20 | /** |
| 21 | * Execute send-code: validate secret, resolve provider from session, send via provider, save OTP. |
| 22 | * |
| 23 | * @param string $token Session token. |
| 24 | * @param string $secret Send_code secret (from request body). |
| 25 | * @param string $code Verification code to send and store. |
| 26 | * @param array $context Optional. Keys: ip, browser, location (from request body). |
| 27 | * @return array { 'success' => bool, 'http_status' => int, 'message' => string|null } |
| 28 | */ |
| 29 | public static function execute( $token, $secret, $code, $context = array() ) { |
| 30 | $store = new SessionStore(); |
| 31 | |
| 32 | $stored_secret = $store->get_send_email_secret( $token ); |
| 33 | if ( null === $stored_secret || ! hash_equals( (string) $stored_secret, (string) $secret ) ) { |
| 34 | return array( |
| 35 | 'success' => false, |
| 36 | 'http_status' => 403, |
| 37 | 'message' => 'Forbidden', |
| 38 | ); |
| 39 | } |
| 40 | |
| 41 | $session = $store->get_session( $token ); |
| 42 | if ( ! $session ) { |
| 43 | return array( |
| 44 | 'success' => false, |
| 45 | 'http_status' => 403, |
| 46 | 'message' => 'Forbidden', |
| 47 | ); |
| 48 | } |
| 49 | |
| 50 | $user_id = ! empty( $session['user_id'] ) ? (int) $session['user_id'] : 0; |
| 51 | $user = $user_id ? get_user_by( 'id', $user_id ) : get_user_by( 'login', isset( $session['username'] ) ? $session['username'] : '' ); |
| 52 | if ( ! $user || ! is_a( $user, 'WP_User' ) ) { |
| 53 | return array( |
| 54 | 'success' => true, |
| 55 | 'http_status' => 200, |
| 56 | 'message' => null, |
| 57 | ); |
| 58 | } |
| 59 | |
| 60 | $provider_id = isset( $session['provider_id'] ) ? $session['provider_id'] : 'llar'; |
| 61 | $provider = MfaProviderRegistry::get( $provider_id ); |
| 62 | if ( ! $provider ) { |
| 63 | return array( |
| 64 | 'success' => false, |
| 65 | 'http_status' => 500, |
| 66 | 'message' => 'Provider not available', |
| 67 | ); |
| 68 | } |
| 69 | |
| 70 | $context = is_array( $context ) ? $context : array(); |
| 71 | $result = $provider->send_code( $user, $code, $context ); |
| 72 | if ( ! empty( $result['success'] ) ) { |
| 73 | $store->save_otp( $token, $code ); |
| 74 | return array( |
| 75 | 'success' => true, |
| 76 | 'http_status' => 200, |
| 77 | 'message' => null, |
| 78 | ); |
| 79 | } |
| 80 | |
| 81 | $message = isset( $result['message'] ) && is_string( $result['message'] ) ? $result['message'] : 'Failed to send code'; |
| 82 | return array( |
| 83 | 'success' => false, |
| 84 | 'http_status' => 500, |
| 85 | 'message' => $message, |
| 86 | ); |
| 87 | } |
| 88 | } |
| 89 |