You must provide the following configuration variables:
WP_XMLRPC_URL = https://www.yourdomain.com/xmlrpc.php (replace with your domain and use http:// if you don't have SSL support)WP_ADMIN_USER = admin (use your own admin username)WP_ADMIN_PASSWORD = somepassword (use your own admin password)| function getByEmail (name, callback) { | |
| var xpath = require('xpath') | |
| , xmldom = require('xmldom') | |
| , xml2js = require('xml2js'); | |
| var dom = xmldom.DOMParser; | |
| var builder = new xml2js.Builder(); | |
| var reqXml = builder.buildObject({'methodCall':{ | |
| 'methodName':'wp.getUsers', | |
| 'params':[ | |
| {'param':{'value':{'i4':0}}}, | |
| {'param':{'value':configuration.WP_ADMIN_USER}}, | |
| {'param':{'value':configuration.WP_ADMIN_PASSWORD}} | |
| ] | |
| }}); | |
| request.post({ | |
| url: configuration.WP_XMLRPC_URL, | |
| body: reqXml, | |
| encoding: 'utf8', | |
| method: 'POST', | |
| headers: { 'Content-Type' : 'application/xml' } | |
| }, function (err, response, body) { | |
| if (err) return callback(err); | |
| var parser = new xml2js.Parser(); | |
| return parser.parseString(body, function(err, doc) { | |
| if(err) return callback(err); | |
| var mr = doc.methodResponse; | |
| if('fault' in mr) { | |
| if(mr.fault[0].value[0].struct[0].member[0].value[0].int[0] === '403') { | |
| return callback(new WrongUsernameOrPasswordError(configuration.WP_ADMIN_USER, mr.fault[0].value[0].struct[0].member[1].value[0].string[0])); | |
| } else { | |
| return callback(new Error(mr.fault[0].value[0].struct[0].member[1].value[0].string[0])); | |
| } | |
| } else { | |
| var userdatas = mr.params[0].param[0].value[0].array[0].data[0].value; | |
| var userlist = userdatas.map(function(userdata) { | |
| var result = { | |
| user_id: null, | |
| username: null, | |
| nickname: null, | |
| email: null, | |
| display_name: null, | |
| nicename: null, | |
| first_name: null, | |
| last_name: null | |
| }; | |
| userdata.struct[0].member.forEach(function(prop) { | |
| if(prop.name[0] in result) { | |
| result[prop.name[0]] = prop.value[0].string[0]; | |
| } | |
| }); | |
| result.given_name = result.first_name; | |
| result.family_name = result.last_name; | |
| return result; | |
| }); | |
| var matches = userlist.filter(function(u) { | |
| return u.email === name || u.username === name; | |
| }); | |
| if(matches.length > 0) { | |
| return callback(null, matches[0]); | |
| } | |
| return callback(new ValidationError("not-found", "No matching user found")); | |
| } | |
| }); | |
| }); | |
| } |
| function login (email, password, callback) { | |
| var xpath = require('xpath') | |
| , xmldom = require('xmldom') | |
| , xml2js = require('xml2js'); | |
| var dom = xmldom.DOMParser; | |
| var builder = new xml2js.Builder(); | |
| var reqXml = builder.buildObject({'methodCall':{ | |
| 'methodName':'wp.getProfile', | |
| 'params':[ | |
| {'param':{'value':{'i4':0}}}, | |
| {'param':{'value':email}}, | |
| {'param':{'value':password}} | |
| ] | |
| }}); | |
| request.post({ | |
| url: configuration.WP_XMLRPC_URL, | |
| body: reqXml, | |
| encoding: 'utf8', | |
| method: 'POST', | |
| headers: { 'Content-Type' : 'application/xml', 'Accept' : 'application/xml' } | |
| }, function (err, response, body) { | |
| if (err) return callback(err); | |
| var parser = new xml2js.Parser(); | |
| return parser.parseString(body, function(err, doc) { | |
| if(err) return callback(err); | |
| var mr = doc.methodResponse; | |
| if(typeof(mr) === 'undefined') { | |
| throw new Error(JSON.stringify(mr)+" <-- "+body); | |
| } | |
| if('fault' in mr) { | |
| if(mr.fault[0].value[0].struct[0].member[0].value[0].int[0] === '403') { | |
| return callback(new WrongUsernameOrPasswordError(email, mr.fault[0].value[0].struct[0].member[1].value[0].string[0])); | |
| } else { | |
| return callback(new Error(mr.fault[0].value[0].struct[0].member[1].value[0].string[0])); | |
| } | |
| } else { | |
| var result = { | |
| user_id: null, | |
| username: null, | |
| nickname: null, | |
| email: null, | |
| email_verified: true | |
| }; | |
| mr.params[0].param[0].value[0].struct[0].member.forEach(function(prop) { | |
| if(prop.name[0] in result) { | |
| result[prop.name[0]] = prop.value[0].string[0]; | |
| } | |
| }); | |
| if(result.user_id === null || | |
| result.username === null || | |
| result.nickname === null || | |
| result.email === null) { | |
| return callback(new Error("Failed to parse login response: "+JSON.stringify(doc))); | |
| } | |
| return callback(null, result); | |
| } | |
| }); | |
| }); | |
| } |
Where does this script go in Auth0? Rules? Apps?
What does the getByEmail script do? Is it required?
If we are blocking Brute Force XMLRPC calls, is this going to work?