updated plugin WP-WebAuthn version 1.3.1
This commit is contained in:
Gitium
@ -29,8 +29,20 @@ if(!wwa_check_ssl() && (parse_url(site_url(), PHP_URL_HOST) !== 'localhost' && p
|
||||
$wwa_not_allowed = true;
|
||||
}
|
||||
// Only admin can change settings
|
||||
// if((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true') && check_admin_referer('wwa_options_update') && wwa_validate_privileges() && ($_POST['first_choice'] === 'true' || $_POST['first_choice'] === 'false' || $_POST['first_choice'] === 'webauthn') && ($_POST['remember_me'] === 'true' || $_POST['remember_me'] === 'false') && ($_POST['user_verification'] === 'true' || $_POST['user_verification'] === 'false') && ($_POST['usernameless_login'] === 'true' || $_POST['usernameless_login'] === 'false') && ($_POST['allow_authenticator_type'] === 'none' || $_POST['allow_authenticator_type'] === 'platform' || $_POST['allow_authenticator_type'] === 'cross-platform') && ($_POST['after_user_registration'] === 'none' || $_POST['after_user_registration'] === 'login' || $_POST['after_user_registration'] === 'guide') && ($_POST['logging'] === 'true' || $_POST['logging'] === 'false')){
|
||||
if((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true') && check_admin_referer('wwa_options_update') && wwa_validate_privileges() && ($_POST['first_choice'] === 'true' || $_POST['first_choice'] === 'false' || $_POST['first_choice'] === 'webauthn') && ($_POST['remember_me'] === 'true' || $_POST['remember_me'] === 'false') && ($_POST['user_verification'] === 'true' || $_POST['user_verification'] === 'false') && ($_POST['usernameless_login'] === 'true' || $_POST['usernameless_login'] === 'false') && ($_POST['allow_authenticator_type'] === 'none' || $_POST['allow_authenticator_type'] === 'platform' || $_POST['allow_authenticator_type'] === 'cross-platform') && ($_POST['logging'] === 'true' || $_POST['logging'] === 'false')){
|
||||
if(
|
||||
(isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true')
|
||||
&& check_admin_referer('wwa_options_update')
|
||||
&& wwa_validate_privileges()
|
||||
&& ($_POST['first_choice'] === 'true' || $_POST['first_choice'] === 'false' || $_POST['first_choice'] === 'webauthn')
|
||||
&& ($_POST['remember_me'] === 'true' || $_POST['remember_me'] === 'false')
|
||||
&& ($_POST['email_login'] === 'true' || $_POST['email_login'] === 'false')
|
||||
&& ($_POST['user_verification'] === 'true' || $_POST['user_verification'] === 'false')
|
||||
&& ($_POST['usernameless_login'] === 'true' || $_POST['usernameless_login'] === 'false')
|
||||
&& ($_POST['allow_authenticator_type'] === 'none' || $_POST['allow_authenticator_type'] === 'platform' || $_POST['allow_authenticator_type'] === 'cross-platform')
|
||||
&& ($_POST['password_reset'] === 'off' || $_POST['password_reset'] === 'admin' || $_POST['password_reset'] === 'all')
|
||||
&& ($_POST['after_user_registration'] === 'none' || $_POST['after_user_registration'] === 'login')
|
||||
&& ($_POST['logging'] === 'true' || $_POST['logging'] === 'false')
|
||||
){
|
||||
$res_id = wwa_generate_random_string(5);
|
||||
if(sanitize_text_field($_POST['logging']) === 'true' && wwa_get_option('logging') === 'false'){
|
||||
// Initialize log
|
||||
@ -47,8 +59,7 @@ if((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true') && check_admin_ref
|
||||
wwa_add_log($res_id, 'Warning: Not in security context', true);
|
||||
}
|
||||
wwa_add_log($res_id, 'PHP Version => '.phpversion().', WordPress Version => '.get_bloginfo('version').', WP-WebAuthn Version => '.get_option('wwa_version')['version'], true);
|
||||
// wwa_add_log($res_id, 'Current config: first_choice => "'.wwa_get_option('first_choice').'", website_name => "'.wwa_get_option('website_name').'", website_domain => "'.wwa_get_option('website_domain').'", remember_me => "'.wwa_get_option('remember_me').'", user_verification => "'.wwa_get_option('user_verification').'", allow_authenticator_type => "'.wwa_get_option('allow_authenticator_type').'", usernameless_login => "'.wwa_get_option('usernameless_login').'", after_user_registration => "'.wwa_get_option('after_user_registration').'"', true);
|
||||
wwa_add_log($res_id, 'Current config: first_choice => "'.wwa_get_option('first_choice').'", website_name => "'.wwa_get_option('website_name').'", website_domain => "'.wwa_get_option('website_domain').'", remember_me => "'.wwa_get_option('remember_me').'", user_verification => "'.wwa_get_option('user_verification').'", allow_authenticator_type => "'.wwa_get_option('allow_authenticator_type').'", usernameless_login => "'.wwa_get_option('usernameless_login').'"', true);
|
||||
wwa_add_log($res_id, 'Current config: first_choice => "'.wwa_get_option('first_choice').'", website_name => "'.wwa_get_option('website_name').'", website_domain => "'.wwa_get_option('website_domain').'", remember_me => "'.wwa_get_option('remember_me').'", email_login => "'.wwa_get_option('email_login').'", user_verification => "'.wwa_get_option('user_verification').'", allow_authenticator_type => "'.wwa_get_option('allow_authenticator_type').'", usernameless_login => "'.wwa_get_option('usernameless_login').'", password_reset => "'.wwa_get_option('password_reset').'", after_user_registration => "'.wwa_get_option('after_user_registration').'"', true);
|
||||
wwa_add_log($res_id, 'Logger initialized', true);
|
||||
}
|
||||
wwa_update_option('logging', sanitize_text_field($_POST['logging']));
|
||||
@ -77,6 +88,12 @@ if((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true') && check_admin_ref
|
||||
}
|
||||
wwa_update_option('remember_me', $post_remember_me);
|
||||
|
||||
$post_email_login = sanitize_text_field($_POST['email_login']);
|
||||
if($post_email_login !== wwa_get_option('email_login')){
|
||||
wwa_add_log($res_id, 'email_login: "'.wwa_get_option('email_login').'"->"'.$post_email_login.'"');
|
||||
}
|
||||
wwa_update_option('email_login', $post_email_login);
|
||||
|
||||
$post_user_verification = sanitize_text_field($_POST['user_verification']);
|
||||
if($post_user_verification !== wwa_get_option('user_verification')){
|
||||
wwa_add_log($res_id, 'user_verification: "'.wwa_get_option('user_verification').'"->"'.$post_user_verification.'"');
|
||||
@ -95,11 +112,17 @@ if((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true') && check_admin_ref
|
||||
}
|
||||
wwa_update_option('usernameless_login', $post_usernameless_login);
|
||||
|
||||
// $post_after_user_registration = sanitize_text_field($_POST['after_user_registration']);
|
||||
// if($post_after_user_registration !== wwa_get_option('after_user_registration')){
|
||||
// wwa_add_log($res_id, 'after_user_registration: "'.wwa_get_option('after_user_registration').'"->"'.$post_after_user_registration.'"');
|
||||
// }
|
||||
// wwa_update_option('after_user_registration', $post_after_user_registration);
|
||||
$post_password_reset = sanitize_text_field($_POST['password_reset']);
|
||||
if($post_password_reset !== wwa_get_option('password_reset')){
|
||||
wwa_add_log($res_id, 'password_reset: "'.wwa_get_option('password_reset').'"->"'.$post_password_reset.'"');
|
||||
}
|
||||
wwa_update_option('password_reset', $post_password_reset);
|
||||
|
||||
$post_after_user_registration = sanitize_text_field($_POST['after_user_registration']);
|
||||
if($post_after_user_registration !== wwa_get_option('after_user_registration')){
|
||||
wwa_add_log($res_id, 'after_user_registration: "'.wwa_get_option('after_user_registration').'"->"'.$post_after_user_registration.'"');
|
||||
}
|
||||
wwa_update_option('after_user_registration', $post_after_user_registration);
|
||||
|
||||
add_settings_error('wwa_settings', 'save_success', __('Settings saved.', 'wp-webauthn'), 'success');
|
||||
}elseif((isset($_POST['wwa_ref']) && $_POST['wwa_ref'] === 'true')){
|
||||
@ -163,6 +186,22 @@ if($wwa_v_rm === false){
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><label for="email_login"><?php _e('Allow to login with email addresses', 'wp-webauthn');?></label></th>
|
||||
<td>
|
||||
<?php $wwa_v_el=wwa_get_option('email_login');
|
||||
if($wwa_v_el === false){
|
||||
wwa_update_option('email_login', 'false');
|
||||
$wwa_v_el = 'false';
|
||||
}
|
||||
?>
|
||||
<fieldset>
|
||||
<label><input type="radio" name="email_login" value="true" <?php if($wwa_v_el === 'true'){?>checked="checked"<?php }?>> <?php _e("Enable", "wp-webauthn");?></label><br>
|
||||
<label><input type="radio" name="email_login" value="false" <?php if($wwa_v_el === 'false'){?>checked="checked"<?php }?>> <?php _e("Disable", "wp-webauthn");?></label><br>
|
||||
<p class="description"><?php _e('Allow to find users via email addresses when logging in.<br><strong>Note that if enabled attackers may be able to brute force the correspondences between email addresses and users.</strong>', 'wp-webauthn');?></p>
|
||||
</fieldset>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><label for="user_verification"><?php _e('Require user verification', 'wp-webauthn');?></label></th>
|
||||
<td>
|
||||
<?php $wwa_v_uv=wwa_get_option('user_verification');?>
|
||||
@ -200,35 +239,54 @@ if($wwa_v_at === false){
|
||||
?>
|
||||
<select name="allow_authenticator_type" id="allow_authenticator_type">
|
||||
<option value="none"<?php if($wwa_v_at === 'none'){?> selected<?php }?>><?php _e('Any', 'wp-webauthn');?></option>
|
||||
<option value="platform"<?php if($wwa_v_at === 'platform'){?> selected<?php }?>><?php _e('Platform (e.g. built-in fingerprint sensors)', 'wp-webauthn');?></option>
|
||||
<option value="platform"<?php if($wwa_v_at === 'platform'){?> selected<?php }?>><?php _e('Platform (e.g. Passkey or built-in sensors)', 'wp-webauthn');?></option>
|
||||
<option value="cross-platform"<?php if($wwa_v_at === 'cross-platform'){?> selected<?php }?>><?php _e('Roaming (e.g. USB security keys)', 'wp-webauthn');?></option>
|
||||
</select>
|
||||
<p class="description"><?php _e('If a type is selected, the browser will only prompt for authenticators of selected type when authenticating and user can only register authenticators of selected type.', 'wp-webauthn');?></p>
|
||||
</td>
|
||||
</tr>
|
||||
<!-- <tr>
|
||||
<tr>
|
||||
<th scope="row"></th>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><label for="password_reset"><?php _e('Disable password reset for', 'wp-webauthn');?></label></th>
|
||||
<td>
|
||||
<?php $wwa_v_pr=wwa_get_option('password_reset');
|
||||
if($wwa_v_pr === false){
|
||||
wwa_update_option('password_reset', 'off');
|
||||
$wwa_v_pr = 'off';
|
||||
}
|
||||
?>
|
||||
<select name="password_reset" id="password_reset">
|
||||
<option value="off"<?php if($wwa_v_pr === 'off'){?> selected<?php }?>><?php _e('Off', 'wp-webauthn');?></option>
|
||||
<option value="admin"<?php if($wwa_v_pr === 'admin'){?> selected<?php }?>><?php _e('Everyone except administrators', 'wp-webauthn');?></option>
|
||||
<option value="all"<?php if($wwa_v_pr === 'all'){?> selected<?php }?>><?php _e('Everyone', 'wp-webauthn');?></option>
|
||||
</select>
|
||||
<p class="description"><?php _e('Disable the "Set new password" and "Forgot password" features, and remove the "Forgot password" link on the login page. This may be useful when enabling "WebAuthn Only".<br>If "Everyone except administrators" is selected, only administrators with the "Edit user" permission will be able to update passwords (for all users).', 'wp-webauthn');?></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"></th>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><label for="after_user_registration"><?php _e('After User Registration', 'wp-webauthn');?></label></th>
|
||||
<td> -->
|
||||
<td>
|
||||
<?php $wwa_v_aur=wwa_get_option('after_user_registration');
|
||||
if($wwa_v_aur === false){
|
||||
wwa_update_option('after_user_registration', 'none');
|
||||
$wwa_v_aur = 'none';
|
||||
}
|
||||
?>
|
||||
<!-- <select name="after_user_registration" id="after_user_registration">
|
||||
<select name="after_user_registration" id="after_user_registration">
|
||||
<option value="none"<?php if($wwa_v_aur === 'none'){?> selected<?php }?>><?php _e('No action', 'wp-webauthn');?></option>
|
||||
<option value="login"<?php if($wwa_v_aur === 'login'){?> selected<?php }?>><?php _e('Log user in immediately', 'wp-webauthn');?></option>
|
||||
<option value="guide"<?php if($wwa_v_aur === 'guide'){?> selected<?php }?>><?php _e('Redirect to WP-WebAuthn guide page', 'wp-webauthn');?></option>
|
||||
<option value="login"<?php if($wwa_v_aur === 'login'){?> selected<?php }?>><?php _e('Log user in and redirect to user\'s profile', 'wp-webauthn');?></option>
|
||||
</select>
|
||||
<p class="description"><?php _e('What to do when a new user registered. Useful when "WebAuthn Only" is enabled.', 'wp-webauthn');?></p>
|
||||
<p class="description"><?php _e('What to do when a new user registered.<br>By default, new users have to login manually after registration. If "WebAuthn Only" is enabled, they will not be able to login.<br>When using "Log user in", new users will be logged in automatically and redirected to their profile settings so that they can set up WebAuthn authenticators.', 'wp-webauthn');?></p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"></th>
|
||||
</tr> -->
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><label for="logging"><?php _e('Logging', 'wp-webauthn');?></label></th>
|
||||
<td>
|
||||
@ -260,4 +318,4 @@ if($wwa_v_log === false){
|
||||
</div>
|
||||
<?php }}?>
|
||||
<p class="description"><?php printf(__('To register a new authenticator or edit your authenticators, please go to <a href="%s#wwa-webauthn-start">your profile</a>.', 'wp-webauthn'), admin_url('profile.php'));?></p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user