Last active
July 29, 2020 13:16
-
-
Save WPprodigy/d431255dc5c52404e2d45026a55502e5 to your computer and use it in GitHub Desktop.
Avoid 2FA during JSON API OAuth flow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * Jetpack's JSON API Authorization flow needs to run free of the 2FA checks. | |
| * JP already does additional validation on top of the normal login, so we can rely on that as the 2fa here. | |
| * | |
| * First we hook into wp_login right before the VIP Two_Factor_Core plugin does. | |
| * Then if the situation is right, remove the additional 2FA login step. | |
| */ | |
| add_action( 'wp_login', function( $user_login, $user ) { | |
| // Optional: Limit to specific users. | |
| if ( ! in_array( $user_login, [ 'example_username' ], true ) ) { | |
| return; | |
| } | |
| if ( ! isset( $_REQUEST['action'] ) || 'jetpack_json_api_authorization' !== $_REQUEST['action'] ) { | |
| // Not the login flow we're looking for. | |
| return; | |
| } | |
| // Ensure Jetpack has already run it's additional authorization checks. | |
| if ( class_exists( 'Jetpack' ) && false !== has_action( 'login_form_jetpack_json_api_authorization', [ Jetpack::init(), 'login_form_json_api_authorization' ] ) && did_action( 'login_form_jetpack_json_api_authorization' ) ) { | |
| if ( class_exists( 'Two_Factor_Core' ) ) { | |
| // Avoid the additional provider login form step. | |
| remove_action( 'wp_login', [ Two_Factor_Core, 'wp_login' ], 10 ); | |
| } | |
| } | |
| }, 5, 2 ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment