PluginProbe ʕ •ᴥ•ʔ
WP 2FA – Two-factor authentication for WordPress / 4.0.0
WP 2FA – Two-factor authentication for WordPress v4.0.0
4.0.0 1.7.1 2.0.0 2.0.1 2.1.0 2.2.0 2.2.1 2.3.0 2.4.0 2.4.1 2.4.2 2.5.0 2.6.0 2.6.1 2.6.2 2.6.3 2.6.4 2.7.0 2.8.0 2.9.0 2.9.1 2.9.2 2.9.3 3.0.0 3.0.1 3.1.0 3.1.1 3.1.1.2 trunk 1.2.0 1.3.0 1.4.0 1.4.1 1.4.2 1.5.0 1.5.1 1.5.2 1.6.0 1.6.1 1.6.2 1.7.0
wp-2fa / includes / classes / Authenticator / assets / user-login.js
wp-2fa / includes / classes / Authenticator / assets Last commit date
user-login.js 1 day ago
user-login.js
168 lines
1 /**
2 * Authenticate login.
3 */
4 async function authenticate( nonce) {
5
6 let token, remember_device, provider = '';
7
8 const loginForm = document.getElementById('loginform');
9 let wp_2fa_submit = document.getElementById('wp-submit');
10
11 let user_id = document.getElementById('wp-auth-id');
12 if (!user_id) {
13 showError(wp.i18n.__('User ID not found.'));
14 } else {
15 user_id = user_id.value;
16 }
17
18 if ( document.getElementsByName('authcode') && document.getElementsByName('authcode').length > 0) {
19 token = document.getElementsByName('authcode')[0].value;
20 } else if (document.getElementById('authcode')) {
21 token = document.getElementById('authcode').value;
22 } else {
23 showError(wp.i18n.__('Authentication code not found.'));
24 throw new Error('Authentication code not found.');
25 }
26
27 if ( '' === token.trim() ) {
28 showError(wp.i18n.__('Authentication code can not be empty.'));
29 throw new Error('Authentication code can not be empty.');
30 }
31
32 if ( document.getElementsByName('provider') && document.getElementsByName('provider').length > 0) {
33 provider = document.getElementsByName('provider')[0].value;
34 } else if (document.getElementById('provider')) {
35 provider = document.getElementById('provider').value;
36 } else {
37 showError(wp.i18n.__('Provider is not provided.'));
38 throw new Error('Provider is not provided.');
39 }
40
41 if (document.getElementById('remember_device') && document.getElementById('remember_device').checked) {
42 remember_device = true;
43 }
44
45 // POST the 2FA token to the validation endpoint.
46 try {
47
48 let login_nonce = document.getElementById('wp-auth-nonce');
49 if (!login_nonce) {
50 showError(wp.i18n.__('Login nonce not found.'));
51 throw new Error('Login nonce not found.');
52 }
53 login_nonce = login_nonce.value;
54
55 const body = {
56 user_id: parseInt(user_id, 10),
57 token: token,
58 provider: provider,
59 login_nonce: login_nonce,
60 };
61
62 if (remember_device) {
63 body.remember_device = true;
64 }
65
66 const res = await window.fetch(wp2faLogin.restRoot + 'wp-2fa-methods/v1/login/validate', {
67 method: 'POST',
68 headers: { 'Content-Type': 'application/json' },
69 body: JSON.stringify(body),
70 });
71 const response = await res.json();
72
73 if (!res.ok) {
74 showError(response.message || wp.i18n.__('Authentication failed.'));
75 loginForm.classList.add('shake');
76 wp_2fa_submit.removeAttribute("disabled");
77 throw new Error(response.message || 'Authentication failed.');
78 }
79
80 if (true !== response.status) {
81 showError(response.message);
82 if ('' !== response.redirect_to) {
83 window.location.href = response.redirect_to;
84 } else {
85 loginForm.classList.add('shake');
86 wp_2fa_submit.removeAttribute("disabled");
87 throw new Error('2FA authentication failed.');
88 }
89 }
90
91 if ('' !== response.redirect_to) {
92 window.location.href = response.redirect_to;
93 } else {
94
95 let iframe = !(window === window.parent); // interim login ?
96
97 if (iframe) {
98 var someIframe = window.parent.document.getElementById('wp-auth-check-wrap');
99 someIframe.parentNode.removeChild(someIframe);
100 } else {
101
102 let redirect_to = document.getElementsByName('redirect_to');
103
104 if ( ! redirect_to.length ) {
105 wp_2fa_submit.removeAttribute("disabled");
106 // throw new Error('Redirect URL not found.');
107 } else {
108 redirect_to = redirect_to[0].value;
109 window.location.href = redirect_to;
110 }
111 }
112 }
113 } catch (error) {
114 throw error;
115 }
116 }
117
118 /**
119 * Show error message.
120 *
121 * @param {string} message Error message.
122 */
123 function showError(message) {
124 const loginForm = document.getElementById('loginform');
125 loginForm.classList.remove('shake');
126
127 let wp_2fa_submit = document.getElementById('wp-submit');
128 wp_2fa_submit.removeAttribute("disabled");
129
130
131 if ( document.getElementById('login_error') ) {
132 document.getElementById('login_error').textContent = message;
133 } else {
134
135 // Create Error element if not exists.
136 const errorElement = document.createElement('div');
137 errorElement.id = 'login_error';
138 errorElement.className = 'notice notice-error';
139 errorElement.textContent = message;
140 errorElement.style.cssText = 'font-weight: bold;';
141
142 // Add error element before login form.
143 loginForm.parentNode.insertBefore(errorElement, loginForm);
144 }
145
146 loginForm.classList.add('shake');
147 }
148
149 function onClick() {
150 let wp_2fa_submit = document.getElementById('wp-submit');
151 wp_2fa_submit.addEventListener('click', function (event) {
152
153 nonce = wp_2fa_submit.dataset.nonce;
154
155 // Handle the form data
156 event.preventDefault();
157 event.target.setAttribute("disabled", true);
158 authenticate( nonce );
159 });
160 }
161
162 window.wp.domReady(async () => {
163 let wp_2fa_submit = document.getElementById('wp-submit');
164 if (wp_2fa_submit) {
165 onClick();
166 }
167 });
168