class-login-attempts.php
1 day ago
class-methods-wizards-trait.php
1 day ago
class-provider-trait.php
1 day ago
class-settings-trait.php
1 day ago
class-validation-trait.php
1 day ago
class-white-label-trait.php
1 day ago
index.php
1 day ago
class-validation-trait.php
83 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Responsible for the plugin validation |
| 4 | * |
| 5 | * @package wp2fa |
| 6 | * @subpackage traits |
| 7 | * @copyright 2026 Melapress |
| 8 | * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| 9 | * @link https://wordpress.org/plugins/wp-2fa/ |
| 10 | */ |
| 11 | |
| 12 | namespace WP2FA\Admin\Methods\Traits; |
| 13 | |
| 14 | use WP2FA\Admin\Helpers\User_Helper; |
| 15 | use WP2FA\Admin\Controllers\Settings; |
| 16 | |
| 17 | defined( 'ABSPATH' ) || exit; // Exit if accessed directly. |
| 18 | |
| 19 | if ( ! class_exists( '\WP2FA\Admin\Methods\Traits\Validation' ) ) { |
| 20 | /** |
| 21 | * Responsible for the validation |
| 22 | * |
| 23 | * @since 2.9.2 |
| 24 | */ |
| 25 | trait Validation { |
| 26 | |
| 27 | /** |
| 28 | * Validates the login via API. |
| 29 | * |
| 30 | * @param array $valid - The validation array. |
| 31 | * @param int $user_id - The user ID. |
| 32 | * @param string|null $token - The token to validate. |
| 33 | * |
| 34 | * @return array |
| 35 | */ |
| 36 | public static function api_login_validate( array $valid, int $user_id, ?string $token ): array { |
| 37 | if ( ! Settings::is_provider_enabled_for_role( User_Helper::get_user_role( $user_id ), static::METHOD_NAME ) ) { |
| 38 | return $valid; |
| 39 | } |
| 40 | |
| 41 | if ( static::METHOD_NAME !== User_Helper::get_enabled_method_for_user( $user_id ) ) { |
| 42 | return $valid; |
| 43 | } |
| 44 | |
| 45 | if ( ! is_array( $valid ) || ! isset( $valid['valid'] ) ) { |
| 46 | $valid['valid'] = false; |
| 47 | } |
| 48 | |
| 49 | // If the login is valid, return it as it is. |
| 50 | if ( true === $valid['valid'] ) { |
| 51 | return $valid; |
| 52 | } |
| 53 | |
| 54 | if ( ! isset( $token ) || empty( $token ) ) { |
| 55 | return $valid; |
| 56 | } |
| 57 | |
| 58 | // Sanitize the token to ensure it is safe to use. |
| 59 | $sanitized_token = \sanitize_text_field( $token ); |
| 60 | |
| 61 | $is_valid = static::validate_token( User_Helper::get_user( $user_id ), $sanitized_token ); |
| 62 | |
| 63 | if ( ! $is_valid ) { |
| 64 | $valid[ static::METHOD_NAME ]['error'] = \esc_html__( 'ERROR: Invalid verification code.', 'wp-2fa' ); |
| 65 | } |
| 66 | |
| 67 | $valid['valid'] = $is_valid; |
| 68 | |
| 69 | return $valid; |
| 70 | } |
| 71 | |
| 72 | /** |
| 73 | * Validates the token for the method. |
| 74 | * |
| 75 | * @param \WP_User $user - The user. |
| 76 | * @param string $token - The token. |
| 77 | * |
| 78 | * @return bool |
| 79 | */ |
| 80 | abstract protected static function validate_token( \WP_User $user, string $token ): bool; |
| 81 | } |
| 82 | } |
| 83 |