PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 2.9.2
WP 2FA – Two-factor authentication for WordPress v2.9.2
1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Admin / Controllers / class-endpoints.php
wp-2fa / includes / classes / Admin / Controllers Last commit date
class-api-login.php 10 months ago class-endpoints.php 10 months ago class-methods.php 10 months ago class-settings.php 10 months ago index.php 10 months ago
class-endpoints.php
196 lines
1 <?php
2 /**
3 * Responsible for the API endpoints
4 *
5 * @package wp-2fa
6 * @since 3.0.0
7 * @copyright 2025 Melapress
8 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
9 * @link https://wordpress.org/plugins/wp-2fa/
10 */
11
12 declare(strict_types=1);
13
14 namespace WP2FA\Admin\Controllers;
15
16 use WP2FA\Utils\Settings_Utils;
17 use WP2FA\Admin\Helpers\Classes_Helper;
18 use WP2FA\Admin\Controllers\API\API_Login;
19 use WP2FA\WP2FA;
20
21 defined( 'ABSPATH' ) || exit; // Exit if accessed directly.
22
23 /**
24 * Endpoints registering
25 */
26 if ( ! class_exists( '\WP2FA\Admin\Controllers\Endpoints' ) ) {
27
28 /**
29 * Creates and registers all the API endpoints for the plugin
30 *
31 * @since 3.0.0
32 */
33 class Endpoints {
34
35 /**
36 * All of the endpoints supported by the plugin.
37 *
38 * @var array
39 *
40 * @since 3.0.0
41 */
42 public static $endpoints = array(
43 self::class => array(
44 'login' => array(
45 'class' => API_Login::class,
46 'namespace' => 'wp-2fa-methods/v1',
47
48 'endpoints' => array(
49 array(
50 '(?P<user_id>\d+)(?:/(?P<token>\w+))(?:/(?P<provider>\w+))(?:/(?P<remember_device>\w+))?' => array(
51 'methods' => array(
52 'method' => \WP_REST_Server::READABLE,
53 'callback' => 'validate_provider',
54 ),
55 'args' => array(
56 'user_id' => array(
57 'required' => true,
58 'type' => 'integer',
59 'description' => 'User ID',
60 'minimum' => 1,
61 'sanitize_callback' => 'absint',
62 ),
63 'token' => array(
64 'required' => false,
65 'type' => 'string',
66 'description' => 'Provider token',
67 'minimum' => 3,
68 ),
69 'provider' => array(
70 'required' => false,
71 'type' => 'string',
72 'description' => 'Provider name',
73 'minimum' => 3,
74 ),
75 'remember_device' => array(
76 'required' => false,
77 'type' => 'boolean',
78 'description' => 'Remember device',
79 ),
80 ),
81 'checkPermissions' => '__return_true',
82 'showInIndex' => false,
83 ),
84 ),
85 ),
86 ),
87 ),
88 );
89
90 /**
91 * Inits the class
92 *
93 * @return void
94 *
95 * @since 3.0.0
96 */
97 public static function init() {
98
99 \add_action( 'rest_api_init', array( __CLASS__, 'init_endpoints' ) );
100 /**
101 * Enables the API endpoints for the plugin.
102 *
103 * @since 2.9.1
104 */
105 if ( Settings_Utils::string_to_bool( WP2FA::get_wp2fa_general_setting( 'enable_rest' ) ) ) {
106 \add_action( 'login_enqueue_scripts', array( __CLASS__, 'dequeue_style' ), PHP_INT_MAX );
107 }
108
109 $api_classes = Classes_Helper::get_classes_by_namespace( 'WP2FA\Admin\Controllers\API' );
110
111 if ( \is_array( $api_classes ) && ! empty( $api_classes ) ) {
112 foreach ( $api_classes as $class ) {
113 if ( \method_exists( $class, 'init' ) ) {
114 $class::init();
115 }
116 }
117 }
118 }
119
120 /**
121 * Inits all the endpoints from given structure
122 *
123 * @return void
124 *
125 * @since 3.0.0
126 */
127 public static function init_endpoints() {
128 self::$endpoints = \apply_filters( WP_2FA_PREFIX . 'api_endpoints', self::$endpoints );
129
130 foreach ( self::$endpoints as $endpoint_provider ) {
131 foreach ( $endpoint_provider as $root_endpoint => $settings ) {
132 $class = $settings['class'];
133 $namespace = $settings['namespace'];
134
135 foreach ( $settings['endpoints'] as $routes ) {
136 foreach ( $routes as $route => $endpoint ) {
137 $args = array();
138 if ( isset( $endpoint['args'] ) ) {
139 $args = $endpoint['args'];
140 }
141 $check_permissions = array();
142 if ( isset( $endpoint['checkPermissions'] ) ) {
143 $check_permissions = $endpoint['checkPermissions'];
144 }
145 $show_in_index = $endpoint['showInIndex'];
146 \register_rest_route(
147 $namespace,
148 '/' . $root_endpoint . '/' . $route,
149 array(
150 array(
151 'methods' => $endpoint['methods']['method'],
152 'callback' => array( $class, $endpoint['methods']['callback'] ),
153 'args' => $args,
154 'permission_callback' => $check_permissions,
155 'show_in_index' => $show_in_index,
156 ),
157 ),
158 false
159 );
160 }
161 }
162 }
163 }
164 }
165
166 /**
167 * Global method to check permissions for API endpoints - this one checks if the user has read capability.
168 *
169 * @return bool
170 *
171 * @since 3.0.0
172 */
173 public static function check_permissions() {
174 return \current_user_can( 'read' );
175 }
176
177 /**
178 * Removes GoDaddy style which causing the form elements to be shown
179 *
180 * @return void
181 *
182 * @since 2.9.0
183 */
184 public static function dequeue_style() {
185
186 \wp_register_script(
187 'wp_2fa_user_login_scripts',
188 WP_2FA_URL . 'includes/classes/Authenticator/assets/user-login.js',
189 array( 'wp-api-fetch', 'wp-dom-ready' ),
190 WP_2FA_VERSION,
191 array( 'in_footer' => true )
192 );
193 }
194 }
195 }
196