Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 4.4.3

Version Description

  • Google Authenticator (2FA) : Fixed the login flow for third party Apps that supports XML-RPC.
Download this release

Release Info

Developer cyberlord92
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 4.4.3
Comparing to
See all releases

Code changes from version 4.4.2 to 4.4.3

Files changed (3) hide show
  1. class-miniorange-2-factor-pass2fa-login.php +59 -51
  2. miniorange_2_factor_settings.php +1 -1
  3. readme.txt +7 -1
class-miniorange-2-factor-pass2fa-login.php CHANGED
@@ -497,70 +497,78 @@ class Miniorange_Password_2Factor_Login{
497
  }
498
 
499
  function mo2f_check_username_password($user, $username, $password, $redirect_to=null){
500
- $currentuser = wp_authenticate_username_password($user, $username, $password);
501
- if (is_wp_error($currentuser)) {
502
- return $currentuser;
 
 
 
 
 
503
  }else{
504
-
505
- $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
506
- $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
507
- $this->miniorange_initiate_2nd_factor($currentuser, $attributes, $redirect_to);
 
 
 
 
 
508
  }
509
  }
510
 
511
  function miniorange_initiate_2nd_factor($currentuser, $attributes=null, $redirect_to=null){
512
 
513
- if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
514
- return $currentuser;
515
- } else {
516
- $this->miniorange_pass2login_start_session();
517
- $_SESSION[ 'mo2f_current_user' ] = serialize( $currentuser );
518
- $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
519
-
520
- $current_roles = miniorange_get_user_role($currentuser);
521
- $enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
522
-
523
- if($enabled){
524
- $email = get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true);
525
- if( $email && get_user_meta($currentuser->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ //checking if user has configured any 2nd factor method
526
- try{
527
- $mo2f_rba_status = mo2f_collect_attributes($email,stripslashes($attributes)); // Rba flow
528
- $_SESSION[ 'mo2f_rba_status' ] = $mo2f_rba_status;
529
- }catch(Exception $e){
530
- echo $e->getMessage();
531
- }
532
-
533
- if($mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag']){
534
- $this->mo2fa_pass2login($redirect_to);
 
535
  }else{
536
- if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($currentuser->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
537
- $this->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
 
 
 
 
 
 
 
538
  }else{
539
- $mo2f_second_factor = mo2f_get_user_2ndfactor($currentuser);
540
- if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
541
- $this->mo2f_pass2login_mobile_verification($currentuser, $redirect_to);
542
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
543
- $this->mo2f_pass2login_push_oobemail_verification($currentuser,$mo2f_second_factor, $redirect_to);
544
- }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ){
545
- $this->mo2f_pass2login_otp_verification($currentuser,$mo2f_second_factor, $redirect_to);
546
- }else if($mo2f_second_factor == 'KBA'){
547
- $this->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
548
- }else{
549
- $this->remove_current_activity();
550
- $error = new WP_Error();
551
- $error->add('empty_username', __('<strong>ERROR</strong>: Please try again or contact your admin.'));
552
- return $error;
553
- }
554
  }
555
  }
556
- } else {
557
- $this->mo2fa_pass2login($redirect_to);
558
  }
559
-
560
- }else{ //plugin is not activated for current role then logged him in without asking 2 factor
561
  $this->mo2fa_pass2login($redirect_to);
562
  }
563
- }
 
 
 
 
564
  }
565
 
566
 
497
  }
498
 
499
  function mo2f_check_username_password($user, $username, $password, $redirect_to=null){
500
+ if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST && get_option('mo2f_enable_xmlrpc')){
501
+ $currentuser = wp_authenticate_username_password($user, $username, $password);
502
+ if (is_wp_error($currentuser)) {
503
+ $this->error = new IXR_Error(403, __('Bad login/pass combination.'));
504
+ return false;
505
+ }else{
506
+ return $currentuser;
507
+ }
508
  }else{
509
+ $currentuser = wp_authenticate_username_password($user, $username, $password);
510
+ if (is_wp_error($currentuser)) {
511
+ return $currentuser;
512
+ }else{
513
+
514
+ $attributes = isset($_POST[ 'miniorange_rba_attribures' ]) ? $_POST[ 'miniorange_rba_attribures' ] : null;
515
+ $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : null;
516
+ $this->miniorange_initiate_2nd_factor($currentuser, $attributes, $redirect_to);
517
+ }
518
  }
519
  }
520
 
521
  function miniorange_initiate_2nd_factor($currentuser, $attributes=null, $redirect_to=null){
522
 
523
+
524
+ $this->miniorange_pass2login_start_session();
525
+ $_SESSION[ 'mo2f_current_user' ] = serialize( $currentuser );
526
+ $_SESSION[ 'mo2f_1stfactor_status' ] = 'VALIDATE_SUCCESS';
527
+
528
+ $current_roles = miniorange_get_user_role($currentuser);
529
+ $enabled = miniorange_check_if_2fa_enabled_for_roles($current_roles);
530
+
531
+ if($enabled){
532
+ $email = get_user_meta($currentuser->ID,'mo_2factor_map_id_with_email',true);
533
+ if( $email && get_user_meta($currentuser->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS'){ //checking if user has configured any 2nd factor method
534
+ try{
535
+ $mo2f_rba_status = mo2f_collect_attributes($email,stripslashes($attributes)); // Rba flow
536
+ $_SESSION[ 'mo2f_rba_status' ] = $mo2f_rba_status;
537
+ }catch(Exception $e){
538
+ echo $e->getMessage();
539
+ }
540
+
541
+ if($mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag']){
542
+ $this->mo2fa_pass2login($redirect_to);
543
+ }else{
544
+ if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT']) && get_user_meta($currentuser->ID,'mo2f_kba_registration_status',true) && get_option('mo2f_enable_mobile_support')){
545
+ $this->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
546
  }else{
547
+ $mo2f_second_factor = mo2f_get_user_2ndfactor($currentuser);
548
+ if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
549
+ $this->mo2f_pass2login_mobile_verification($currentuser, $redirect_to);
550
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL'){
551
+ $this->mo2f_pass2login_push_oobemail_verification($currentuser,$mo2f_second_factor, $redirect_to);
552
+ }else if($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ){
553
+ $this->mo2f_pass2login_otp_verification($currentuser,$mo2f_second_factor, $redirect_to);
554
+ }else if($mo2f_second_factor == 'KBA'){
555
+ $this->mo2f_pass2login_kba_verification($currentuser->ID, $redirect_to);
556
  }else{
557
+ $this->remove_current_activity();
558
+ $error = new WP_Error();
559
+ $error->add('empty_username', __('<strong>ERROR</strong>: Please try again or contact your admin.'));
560
+ return $error;
 
 
 
 
 
 
 
 
 
 
 
561
  }
562
  }
 
 
563
  }
564
+ } else {
 
565
  $this->mo2fa_pass2login($redirect_to);
566
  }
567
+
568
+ }else{ //plugin is not activated for current role then logged him in without asking 2 factor
569
+ $this->mo2fa_pass2login($redirect_to);
570
+ }
571
+
572
  }
573
 
574
 
miniorange_2_factor_settings.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: http://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6
- * Version: 4.4.2
7
  * Author: miniOrange
8
  * Author URI: http://miniorange.com
9
  * License: GPL2
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: http://miniorange.com
5
  * Description: This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
6
+ * Version: 4.4.3
7
  * Author: miniOrange
8
  * Author URI: http://miniorange.com
9
  * License: GPL2
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: miniOrange
3
  Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4
  Requires at least: 3.0.1
5
  Tested up to: 4.7.3
6
- Stable tag: 4.4.2
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -240,6 +240,9 @@ miniOrange authentication service has 15+ authentication methods.One time passco
240
 
241
  == Changelog ==
242
 
 
 
 
243
  = 4.4 =
244
  * Google Authenticator (2FA):
245
  * Compatibility with Limit Login Attempts.
@@ -428,6 +431,9 @@ More descriptive setup messages and UI changes.
428
 
429
  == Upgrade Notice ==
430
 
 
 
 
431
  = 4.4 =
432
  * Google Authenticator (2FA):
433
  * Note: This is very important update having altogether new UI and compatibility with Limit Login Attempts. After updating, please do not logout from your admin dashboard. Try to login from another browser and if you face any issue , please contact us at info@miniorange.com
3
  Tags: google authenticator, two factor authentication, two factor, 2FA, 2 factor authentication, two step verification, 1 google authenticator, login, authy, authy two factor, Clef, 2 Factor, yubico, Two-Factor Authentication, Mobile Authentication, otp, strong authentication, 2 step authentication, smartphone authentication, Multifactor authentication, multi factor authentication, multi factor, no password, passwordless login, security, website security, one time passcode, password, soft token, woocommerce, authenticate, two factor auth, two-factor, duo, QR Code, QR Code Authentication, scan QR Code, wordfence, login security, google authenticator, google , email verification, trusted device, device Id , KBA , knowledge based authentication
4
  Requires at least: 3.0.1
5
  Tested up to: 4.7.3
6
+ Stable tag: 4.4.3
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
240
 
241
  == Changelog ==
242
 
243
+ = 4.4.3 =
244
+ * Google Authenticator (2FA) : Fixed the login flow for third party Apps that supports XML-RPC.
245
+
246
  = 4.4 =
247
  * Google Authenticator (2FA):
248
  * Compatibility with Limit Login Attempts.
431
 
432
  == Upgrade Notice ==
433
 
434
+ = 4.4.3 =
435
+ * Google Authenticator (2FA) : Fixed the login flow for third party Apps that supports XML-RPC.
436
+
437
  = 4.4 =
438
  * Google Authenticator (2FA):
439
  * Note: This is very important update having altogether new UI and compatibility with Limit Login Attempts. After updating, please do not logout from your admin dashboard. Try to login from another browser and if you face any issue , please contact us at info@miniorange.com