Last active
July 29, 2020 11:07
-
-
Save WPprodigy/05f3f32867f15d7ce5c26446464361b4 to your computer and use it in GitHub Desktop.
Prevent 2FA from being enforced for JP JSON API requests.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Prevent 2FA from being enforced for JP JSON API requests. | |
| add_filter( 'wpcom_vip_is_two_factor_forced', function( $forced ) { | |
| $current_user = wp_get_current_user(); | |
| if ( vip_is_jetpack_xml_rpc_json_api_request() && isset( $current_user->user_login ) && 'example_username' === $current_user->user_login ) { | |
| $forced = false; | |
| } | |
| return $forced; | |
| } ); | |
| function vip_is_jetpack_xml_rpc_json_api_request() { | |
| // Bail early if not a JP XMLRPC request. | |
| if ( ! defined( 'XMLRPC_REQUEST' ) || ! XMLRPC_REQUEST || ! isset( $_GET['for'] ) || 'jetpack' !== $_GET['for'] ) { | |
| return false; | |
| } | |
| // Check that the anticipated xmlrpc method is being called. | |
| global $wp_xmlrpc_server; | |
| if ( isset( $wp_xmlrpc_server, $wp_xmlrpc_server->message , $wp_xmlrpc_server->message->methodName, $wp_xmlrpc_server->message->params ) ) { | |
| // Standard call. | |
| if ( 'jetpack.jsonAPI' === $method_call['methodName'] ) { | |
| // Could potentially go deeper and only allow certain rest endpoints if desired. Dig into message->params for this. | |
| return true; | |
| } | |
| // Multicall (appears to be the default for json api calls). | |
| if ( 'system.multicall' === $wp_xmlrpc_server->message->methodName ) { | |
| foreach ( $wp_xmlrpc_server->message->params[0] as $method_call ) { | |
| if ( 'jetpack.jsonAPI' === $method_call['methodName'] ) { | |
| return true; | |
| } | |
| } | |
| } | |
| } | |
| return false; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment