-
Notifications
You must be signed in to change notification settings - Fork 16
/
authy-api.php
224 lines (184 loc) · 6.04 KB
/
authy-api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
<?php
/**
* AUTHY API CLASS
*
* Handles Authy API requests in a WordPress way.
*
* @package Authy
* @since 1.0.0
*/
class Authy_API {
/**
* Class variables
*/
// Oh look, a singleton
private static $__instance = null;
// Authy API
protected $api_key = null;
protected $api_endpoint = null;
/**
* Singleton implementation
*
* @uses this::setup
* @return object
*/
public static function instance( $api_key, $api_endpoint ) {
if ( ! is_a( self::$__instance, 'Authy_API' ) ) {
if ( is_null( $api_key ) || is_null( $api_endpoint ) )
return null;
self::$__instance = new Authy_API;
self::$__instance->api_key = $api_key;
self::$__instance->api_endpoint = $api_endpoint;
self::$__instance->setup();
}
return self::$__instance;
}
/**
* Silence is golden.
*/
private function __construct() {}
/**
* Really, silence is golden.
*/
private function setup() {}
/**
* Attempt to retrieve an Authy ID for a given request
*
* @param string $email
* @param string $phone
* @param string $country_code
* @uses sanitize_email, add_query_arg, wp_remote_post, wp_remote_retrieve_response_code, wp_remote_retrieve_body
* @return mixed
*/
public function register_user( $email, $phone, $country_code ) {
// Sanitize arguments
$email = sanitize_email( $email );
$phone = preg_replace( '#[^\d]#', '', $phone );
$country_code = preg_replace( '#[^\d\+]#', '', $country_code );
// Build API endpoint
$endpoint = sprintf( '%s/protected/json/users/new', $this->api_endpoint );
$endpoint = add_query_arg( array(
'api_key' => $this->api_key,
'user[email]' => $email,
'user[cellphone]' => $phone,
'user[country_code]' => $country_code
), $endpoint );
// Make API request and parse response
$response = wp_remote_post( $endpoint );
$status_code = wp_remote_retrieve_response_code( $response );
$body = wp_remote_retrieve_body( $response );
if ( ! empty( $body ) ) {
$body = json_decode( $body );
return $body;
}
return false;
}
/**
* Validate a given token and Authy ID
*
* @param int $id
* @param string $token
* @uses add_query_arg, wp_remote_head, wp_remote_retrieve_response_code
* @return mixed
*/
public function check_token( $id, $token ) {
// Build API endpoint
// Token must be a string because it can have leading zeros
$endpoint = sprintf( '%s/protected/json/verify/%s/%d', $this->api_endpoint, $token, $id );
$endpoint = add_query_arg( array(
'api_key' => $this->api_key,
'force' => 'true'
), $endpoint );
// Make API request up to three times and check responding status code
for ($i = 1; $i <= 3; $i++) {
$response = wp_remote_get($endpoint);
$status_code = wp_remote_retrieve_response_code( $response );
$body = wp_remote_retrieve_body($response);
$body = json_decode($body);
if ( $status_code == 200 && strtolower($body->token) == 'is valid') {
return true;
} elseif ( $status_code == 401) {
return __( 'Invalid Authy Token.', 'authy' );
}
}
return false;
}
/**
* Request a valid token via SMS
* @param string $id
* @return mixed
*/
public function request_sms($id, $force) {
$endpoint = sprintf( '%s/protected/json/sms/%d', $this->api_endpoint, $id );
$arguments = array('api_key' => $this->api_key);
if ($force == true) {
$arguments['force'] = 'true';
}
$endpoint = add_query_arg( $arguments, $endpoint);
$response = wp_remote_get($endpoint);
$status_code = wp_remote_retrieve_response_code($response);
$body = wp_remote_retrieve_body($response);
$body = json_decode($body);
if ( $status_code == 200 ) {
return __( 'SMS token was sent. Please allow at least 1 minute for the text to arrive.', 'authy' );
}
return __( $body->message, 'authy' );
}
/**
* Get application details
* @return array
*/
public function application_details() {
$endpoint = sprintf( '%s/protected/json/app/details', $this->api_endpoint );
$endpoint = add_query_arg( array('api_key' => $this->api_key), $endpoint);
$response = wp_remote_get($endpoint);
$status_code = wp_remote_retrieve_response_code($response);
$body = wp_remote_retrieve_body($response);
$body = get_object_vars(json_decode($body));
if ( $status_code == 200) {
return $body;
}
return array();
}
/**
* Verify if the given signature is valid.
* @return boolean
*/
public function verify_signature($user_data, $signature) {
if(!isset($user_data['authy_signature']) || !isset($user_data['signed_at']) ) {
return false;
}
if((time() - $user_data['signed_at']) <= 300 && $user_data['authy_signature'] === $signature ) {
return true;
}
return false;
}
/**
* Generates a signature
* @return string
*/
public function generate_signature() {
return wp_generate_password(64, false, false);
}
/**
* Verify SSL certificates
*
* @return mixed
*/
public function curl_ca_certificates() {
$response = wp_remote_get('https://api.authy.com');
$pattern = '/SSL certificate problem/';
if ( isset($response->errors['http_request_failed']) ) {
if ( preg_match($pattern, $response->errors['http_request_failed'][0]) ) {
$message = "We can't verify the Authy SSL certificate with your current SSL certificates.";
$message .= "<br> To fix the problem, please do the following:<br> 1. Download the file cacert.pem from <a href='http://curl.haxx.se/docs/caextract.html'>http://curl.haxx.se/docs/caextract.html</a>.";
$message .= "<br> 2. Configure curl.cainfo in <strong>php.ini</strong> with the full path to the file downloaded in step 1, something like this: <strong>curl.cainfo=c:\php\cacert.pem</strong>";
$message .= "<br> 3. Restart your web server.";
return __($message, "authy");
} else {
return __($response->errors['http_request_failed'][0], 'authy');
}
}
return true;
}
}