Server IP : 172.67.158.161 / Your IP : 18.118.141.201 Web Server : LiteSpeed System : Linux business53.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64 User : giankuin ( 1871) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/giankuin/dietcontrungnhanh.com/wp-content/plugins/ithemes-security-pro/pro/webauthn/REST/ |
Upload File : |
<?php namespace iThemesSecurity\WebAuthn\REST; use iThemesSecurity\Lib\Result; use iThemesSecurity\WebAuthn\AuthenticationCeremony; use iThemesSecurity\WebAuthn\DTO\PublicKeyCredential; use iThemesSecurity\WebAuthn\PublicKeyCredentialRequestOptions_Factory; use iThemesSecurity\WebAuthn\PublicKeyCredentialUserEntity_Factory; use iThemesSecurity\WebAuthn\Session_Storage; use iThemesSecurity\WebAuthn\Verified_Credential_Tokens; final class VerifyCredential extends \WP_REST_Controller { /** @var AuthenticationCeremony */ private $ceremony; /** @var PublicKeyCredentialRequestOptions_Factory */ private $options_factory; /** @var PublicKeyCredentialUserEntity_Factory */ private $user_factory; /** @var Session_Storage */ private $session_storage; /** @var Verified_Credential_Tokens */ private $tokens; public function __construct( AuthenticationCeremony $ceremony, PublicKeyCredentialRequestOptions_Factory $options_factory, PublicKeyCredentialUserEntity_Factory $user_factory, Session_Storage $session_storage, Verified_Credential_Tokens $tokens ) { $this->namespace = 'ithemes-security/rpc'; $this->rest_base = 'webauthn/verify-credential'; $this->ceremony = $ceremony; $this->options_factory = $options_factory; $this->user_factory = $user_factory; $this->session_storage = $session_storage; $this->tokens = $tokens; } public function register_routes() { register_rest_route( $this->namespace, sprintf( '/%s', $this->rest_base ), [ 'methods' => 'POST', 'callback' => [ $this, 'start_callback' ], 'permission_callback' => '__return_true', 'args' => [ 'user' => [ 'type' => 'string', ], ], ] ); register_rest_route( $this->namespace, sprintf( '/%s/(?P<token>[\w\-]+)/verify', $this->rest_base ), [ 'methods' => 'POST', 'callback' => [ $this, 'verify_callback' ], 'permission_callback' => '__return_true', 'args' => [ 'token' => [ 'type' => 'string', 'minLength' => 1, ], 'user' => [ 'type' => 'string', ], 'credential' => [ 'required' => true, 'type' => 'object', 'properties' => [ 'id' => [ 'type' => 'string', 'required' => true, ], 'type' => [ 'type' => 'string', 'required' => true, ], 'response' => [ 'type' => 'object', 'required' => true, ], ], ], ], ] ); } public function start_callback( \WP_REST_Request $request ): \WP_REST_Response { $user = $this->get_user( $request ); if ( ! $user->is_success() ) { return $user->as_rest_response(); } $request_options = $this->options_factory->make( $user->get_data() ); if ( ! $request_options->is_success() ) { return $request_options->as_rest_response(); } $persisted = $this->session_storage->persist_request_options( $request_options->get_data() ); if ( ! $persisted->is_success() ) { return $persisted->as_rest_response(); } $response = $request_options->as_rest_response(); $response->add_link( \ITSEC_Lib_REST::get_link_relation( 'webauthn-verify-credential' ), rest_url( sprintf( '%s/%s/%s/verify', $this->namespace, $this->rest_base, \ITSEC_Lib::url_safe_b64_encode( $persisted->get_data() ) ) ) ); return $response; } public function verify_callback( \WP_REST_Request $request ): \WP_REST_Response { $found_wp_user = $this->get_user( $request ); if ( ! $found_wp_user->is_success() ) { return $found_wp_user->as_rest_response(); } $user_entity = null; $wp_user = $found_wp_user->get_data(); if ( $wp_user ) { $get_user_entity = $this->user_factory->make( $wp_user ); if ( ! $get_user_entity->is_success() ) { return $get_user_entity->as_rest_response(); } $user_entity = $get_user_entity->get_data(); } $token = \ITSEC_Lib::url_safe_b64_decode( $request['token'] ); $request_options = $this->session_storage->get_request_options( $token ); if ( ! $request_options->is_success() ) { return $request_options->as_rest_response(); } try { $credential = PublicKeyCredential::hydrateAssertion( $request['credential'] ); } catch ( \Exception $e ) { return rest_convert_error_to_response( new \WP_Error( 'itsec.webauthn.rest.verify-credential.invalid-credential', __( 'The credential format is invalid.', 'it-l10n-ithemes-security-pro' ), [ 'status' => \WP_Http::BAD_REQUEST ] ) ); } $verified = $this->ceremony->perform( $request_options->get_data(), $credential, $user_entity ); if ( ! $verified->is_success() ) { return $verified->as_rest_response(); } $verified_token = $this->tokens->create_token( $verified->get_data() ); if ( ! $verified_token->is_success() ) { return $verified_token->as_rest_response(); } if ( ! $wp_user ) { $found_wp_user_by_credential = $this->user_factory->find_user_by_id( $verified->get_data()->get_user() ); if ( ! $found_wp_user_by_credential->is_success() ) { return $found_wp_user_by_credential->as_rest_response(); } $wp_user = $found_wp_user_by_credential->get_data(); } return new \WP_REST_Response( [ 'token' => $verified_token->get_data(), 'user' => \ITSEC_Lib_Login::get_identifier_for_user( $wp_user ), ] ); } /** * Gets the requested user object. * * @param \WP_REST_Request $request * * @return Result<\WP_User|null> */ private function get_user( \WP_REST_Request $request ): Result { if ( ! $request['user'] ) { return Result::success(); } $user = \ITSEC_Lib_Login::get_user( $request['user'] ); if ( $user ) { return Result::success( $user ); } return Result::error( new \WP_Error( 'itsec.webauthn.rest.verify-credential.user-not-found', \ITSEC_Lib_Login::get_not_found_error_message(), [ 'status' => \WP_Http::BAD_REQUEST ] ) ); } }