PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.9.1
WP 2FA – Two-factor authentication for WordPress v2.9.1
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / Controllers / class-endpoints.php
wp-2fa / includes / classes / Admin / Controllers Last commit date
class-api-login.php 11 months ago class-endpoints.php 11 months ago class-methods.php 11 months ago class-settings.php 11 months ago index.php 11 months ago
class-endpoints.php
187 lines
1 <?php
2 /**
3 * Responsible for the API endpoints
4 *
5 * @package wp-2fa
6 * @since 3.0.0
7 * @copyright 2025 Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 declare(strict_types=1);
13
14 namespace WP2FA\Admin\Controllers;
15
16 use WP2FA\Admin\Helpers\Classes_Helper;
17 use WP2FA\Admin\Controllers\API\API_Login;
18
19 defined( 'ABSPATH' ) || exit; // Exit if accessed directly.
20
21 /**
22 * Endpoints registering
23 */
24 if ( ! class_exists( '\WP2FA\Admin\Controllers\Endpoints' ) ) {
25
26 /**
27 * Creates and registers all the API endpoints for the plugin
28 *
29 * @since 3.0.0
30 */
31 class Endpoints {
32
33 /**
34 * All of the endpoints supported by the plugin.
35 *
36 * @var array
37 *
38 * @since 3.0.0
39 */
40 public static $endpoints = array(
41 self::class => array(
42 'login' => array(
43 'class' => API_Login::class,
44 'namespace' => 'wp-2fa-methods/v1',
45
46 'endpoints' => array(
47 array(
48 '(?P<user_id>\d+)(?:/(?P<token>\w+))(?:/(?P<provider>\w+))(?:/(?P<remember_device>\w+))?' => array(
49 'methods' => array(
50 'method' => \WP_REST_Server::READABLE,
51 'callback' => 'validate_provider',
52 ),
53 'args' => array(
54 'user_id' => array(
55 'required' => true,
56 'type' => 'integer',
57 'description' => 'User ID',
58 'minimum' => 1,
59 'sanitize_callback' => 'absint',
60 ),
61 'token' => array(
62 'required' => false,
63 'type' => 'string',
64 'description' => 'Provider token',
65 'minimum' => 3,
66 ),
67 'provider' => array(
68 'required' => false,
69 'type' => 'string',
70 'description' => 'Provider name',
71 'minimum' => 3,
72 ),
73 'remember_device' => array(
74 'required' => false,
75 'type' => 'boolean',
76 'description' => 'Remember device',
77 ),
78 ),
79 'checkPermissions' => '__return_true',
80 'showInIndex' => false,
81 ),
82 ),
83 ),
84 ),
85 ),
86 );
87
88 /**
89 * Inits the class
90 *
91 * @return void
92 *
93 * @since 3.0.0
94 */
95 public static function init() {
96
97 \add_action( 'rest_api_init', array( __CLASS__, 'init_endpoints' ) );
98 \add_action( 'login_enqueue_scripts', array( __CLASS__, 'dequeue_style' ), PHP_INT_MAX );
99
100 $api_classes = Classes_Helper::get_classes_by_namespace( 'WP2FA\Admin\Controllers\API' );
101
102 if ( \is_array( $api_classes ) && ! empty( $api_classes ) ) {
103 foreach ( $api_classes as $class ) {
104 if ( \method_exists( $class, 'init' ) ) {
105 $class::init();
106 }
107 }
108 }
109 }
110
111 /**
112 * Inits all the endpoints from given structure
113 *
114 * @return void
115 *
116 * @since 3.0.0
117 */
118 public static function init_endpoints() {
119 self::$endpoints = \apply_filters( WP_2FA_PREFIX . 'api_endpoints', self::$endpoints );
120
121 foreach ( self::$endpoints as $endpoint_provider ) {
122 foreach ( $endpoint_provider as $root_endpoint => $settings ) {
123 $class = $settings['class'];
124 $namespace = $settings['namespace'];
125
126 foreach ( $settings['endpoints'] as $routes ) {
127 foreach ( $routes as $route => $endpoint ) {
128 $args = array();
129 if ( isset( $endpoint['args'] ) ) {
130 $args = $endpoint['args'];
131 }
132 $check_permissions = array();
133 if ( isset( $endpoint['checkPermissions'] ) ) {
134 $check_permissions = $endpoint['checkPermissions'];
135 }
136 $show_in_index = $endpoint['showInIndex'];
137 \register_rest_route(
138 $namespace,
139 '/' . $root_endpoint . '/' . $route,
140 array(
141 array(
142 'methods' => $endpoint['methods']['method'],
143 'callback' => array( $class, $endpoint['methods']['callback'] ),
144 'args' => $args,
145 'permission_callback' => $check_permissions,
146 'show_in_index' => $show_in_index,
147 ),
148 ),
149 false
150 );
151 }
152 }
153 }
154 }
155 }
156
157 /**
158 * Global method to check permissions for API endpoints - this one checks if the user has read capability.
159 *
160 * @return bool
161 *
162 * @since 3.0.0
163 */
164 public static function check_permissions() {
165 return \current_user_can( 'read' );
166 }
167
168 /**
169 * Removes GoDaddy style which causing the form elements to be shown
170 *
171 * @return void
172 *
173 * @since 2.9.0
174 */
175 public static function dequeue_style() {
176
177 \wp_register_script(
178 'wp_2fa_user_login_scripts',
179 WP_2FA_URL . 'includes/classes/Authenticator/assets/user-login.js',
180 array( 'wp-api-fetch', 'wp-dom-ready' ),
181 WP_2FA_VERSION,
182 array( 'in_footer' => true )
183 );
184 }
185 }
186 }
187