Currently we have some license issues. We are working on it.

Verified Commit 68358cd7 authored by noplanman's avatar noplanman
Browse files

Upgrade to PHP 7.1 including dependencies, fix obsolete OTPHP code.

parent 7dbab415
......@@ -8,8 +8,8 @@ before_script:
- curl -sS https://getcomposer.org/installer | php
- php composer.phar install
test:5.6:
image: php:5.6-cli-alpine
test:7.1:
image: php:7.1-cli-alpine
script:
- php composer.phar check-code
......
......@@ -27,7 +27,7 @@ class Wp_Otp_Admin {
*
* @param string $hook Page on which this hook is called.
*/
public function enqueue_styles( $hook ) {
public function enqueue_styles( $hook ): void {
if ( 'profile.php' === $hook ) {
wp_enqueue_style( WP_OTP_SLUG . '-admin', plugin_dir_url( __FILE__ ) . 'css/wp-otp-admin.css' );
}
......@@ -40,7 +40,7 @@ class Wp_Otp_Admin {
*
* @param string $hook Page on which this hook is called.
*/
public function enqueue_scripts( $hook ) {
public function enqueue_scripts( $hook ): void {
if ( 'profile.php' === $hook ) {
$handle = WP_OTP_SLUG . '-admin';
......@@ -62,8 +62,9 @@ class Wp_Otp_Admin {
* @param int $user_id
*
* @return void
* @throws \Exception
*/
public function user_profile_updated( $user_id ) {
public function user_profile_updated( $user_id ): void {
if ( ! current_user_can( 'edit_user', $user_id ) ) {
return;
}
......@@ -75,9 +76,10 @@ class Wp_Otp_Admin {
// Get the secret.
$secret = $user_meta_data->get( 'secret', $this->get_random_secret() );
$otp = new TOTP( $user->user_login, $secret );
$otp = TOTP::create( $secret );
$otp->setLabel( $user->user_login );
$otp_code = isset( $_POST['wp_otp_code'] ) ? $_POST['wp_otp_code'] : '';
$otp_code = $_POST['wp_otp_code'] ?? '';
if ( $otp_code && ! $user_meta_data->get( 'enabled', false ) ) {
/** Filter documented in class-wp-otp-public.php */
$otp_window = (int) apply_filters( 'wp_otp_code_expiration_window', 2 );
......@@ -119,7 +121,7 @@ class Wp_Otp_Admin {
*
* @since 0.1.0
*/
public function admin_init() {
public function admin_init(): void {
if ( isset( $_GET['wp-otp-reconfigure'] ) && 'yes' === $_GET['wp-otp-reconfigure'] ) {
Wp_Otp_User_Meta::clear();
wp_redirect( get_edit_profile_url() . '#wp_otp' );
......@@ -157,8 +159,9 @@ class Wp_Otp_Admin {
* @param null|int $codes_length_override Override the filter and default for the codes length.
*
* @return array
* @throws \Exception
*/
public function get_random_recovery_codes( $codes_count_override = null, $codes_length_override = null ) {
public function get_random_recovery_codes( $codes_count_override = null, $codes_length_override = null ): array {
/**
* Filter for the number of random recovery codes to generate (between 1 and 20).
*
......@@ -198,8 +201,9 @@ class Wp_Otp_Admin {
* @param null|int $secret_length_override Override the filter and default for the codes count.
*
* @return string
* @throws \Exception
*/
public function get_random_secret( $secret_length_override = null ) {
public function get_random_secret( $secret_length_override = null ): string {
/**
* Filter for the length of the secret to be generated (between 8 and 64).
*
......@@ -219,15 +223,18 @@ class Wp_Otp_Admin {
* @since 0.1.0
*
* @param WP_User $user
*
* @throws \Exception
*/
public function user_profile_render( $user ) {
public function user_profile_render( $user ): void {
$user_meta_data = Wp_Otp_User_Meta::get_instance();
// Get and save the secret.
$secret = $user_meta_data->get( 'secret', $this->get_random_secret() );
$user_meta_data->set( 'secret', $secret, true );
$otp = new TOTP( $user->user_login, $secret );
$otp = TOTP::create( $secret );
$otp->setLabel( $user->user_login );
// Issuer isn't allowed to have any colon.
$otp->setIssuer( str_replace( [ ':', '%3a', '%3A' ], '', get_bloginfo( 'name' ) ) );
......@@ -306,7 +313,7 @@ class Wp_Otp_Admin {
*
* @return void
*/
public function show_user_notification( array $messages, $type = 'notice' ) {
public function show_user_notification( array $messages, $type = 'notice' ): void {
if ( empty( $messages ) ) {
return;
}
......@@ -331,7 +338,7 @@ class Wp_Otp_Admin {
*
* @since 0.1.0
*/
public function admin_notices() {
public function admin_notices(): void {
$user_meta_data = Wp_Otp_User_Meta::get_instance();
/*if ( ! $user_meta_data->get( 'enabled' ) ) {
......
......@@ -2,7 +2,12 @@
"name": "noplanman/wp-otp",
"type": "wordpress-plugin",
"description": "OTP for WordPress",
"keywords": ["otp", "totp", "plugin", "wordpress"],
"keywords": [
"otp",
"totp",
"plugin",
"wordpress"
],
"license": "GPL-2.0",
"homepage": "https://git.feneas.org/noplanman/wp-otp",
"support": {
......@@ -17,27 +22,12 @@
"role": "Developer"
}
],
"repositories": [
{
"type": "package",
"package": {
"type": "metapackage",
"name": "wp/dummy",
"description": "Replace any required packages with a dummy.",
"version": "dev-master",
"replace": {
"paragonie/random_compat": "*"
}
}
}
],
"require": {
"php": "^5.5|^7.0",
"wp/dummy": "@dev",
"spomky-labs/otphp": "8.3.3"
"php": "^7.1",
"spomky-labs/otphp": "^9.1"
},
"require-dev": {
"wp-coding-standards/wpcs": "^2.1",
"wp-coding-standards/wpcs": "^2.2",
"dealerdirect/phpcodesniffer-composer-installer": "^0.5.0"
},
"scripts": {
......
......@@ -56,7 +56,7 @@ class Wp_Otp_Loader {
* @param int $priority The priority at which the function should be fired. Default is 10.
* @param int $accepted_args The number of arguments that should be passed to the $callback. Default is 1.
*/
public function add_action( $hook, $component, $callback = null, $priority = 10, $accepted_args = 1 ) {
public function add_action( $hook, $component, $callback = null, $priority = 10, $accepted_args = 1 ): void {
$this->actions = $this->add( $this->actions, $hook, $component, $callback ?: $hook, $priority, $accepted_args );
}
......@@ -71,7 +71,7 @@ class Wp_Otp_Loader {
* @param int $priority The priority at which the function should be fired. Default is 10.
* @param int $accepted_args The number of arguments that should be passed to the $callback. Default is 1.
*/
public function add_filter( $hook, $component, $callback = null, $priority = 10, $accepted_args = 1 ) {
public function add_filter( $hook, $component, $callback = null, $priority = 10, $accepted_args = 1 ): void {
$this->filters = $this->add( $this->filters, $hook, $component, $callback ?: $hook, $priority, $accepted_args );
}
......@@ -91,7 +91,7 @@ class Wp_Otp_Loader {
*
* @return array The collection of actions and filters registered with WordPress.
*/
private function add( $hooks, $hook, $component, $callback, $priority, $accepted_args ) {
private function add( $hooks, $hook, $component, $callback, $priority, $accepted_args ): array {
$hooks[] = [
'hook' => $hook,
'component' => $component,
......@@ -108,7 +108,7 @@ class Wp_Otp_Loader {
*
* @since 0.1.0
*/
public function run() {
public function run(): void {
foreach ( $this->filters as $hook ) {
add_filter(
$hook['hook'],
......
......@@ -12,7 +12,7 @@ namespace Wp_Otp;
/**
* Handle all activation, deactivation and uninstallation tasks.
*
* @since 0.1.0
* @since 0.1.0
*/
class Wp_Otp_Setup {
/**
......@@ -23,7 +23,7 @@ class Wp_Otp_Setup {
* @param bool $network_wide TRUE if multisite/network and superadmin uses the "Network Activate" action.
* FALSE is no multisite install or plugin gets activated on a single blog.
*/
public static function activate( $network_wide ) {
public static function activate( $network_wide ): void {
if ( $network_wide && is_multisite() ) {
foreach ( get_sites() as $site ) {
switch_to_blog( $site->blog_id );
......@@ -44,7 +44,7 @@ class Wp_Otp_Setup {
* @param bool $network_wide TRUE if multisite/network and superadmin uses the "Network Deactivate" action.
* FALSE is no multisite install or plugin gets deactivated on a single blog.
*/
public static function deactivate( $network_wide ) {
public static function deactivate( $network_wide ): void {
if ( $network_wide && is_multisite() ) {
foreach ( get_sites() as $site ) {
switch_to_blog( $site->blog_id );
......@@ -61,17 +61,17 @@ class Wp_Otp_Setup {
* The actual tasks performed during activation of a plugin.
*
* Should handle only stuff that happens during a single site activation,
* as the process will repeated for each site on a multisite/network installation
* as the process is repeated for each site on a multisite/network installation
* if the plugin is activated network wide.
*
* @since 0.1.0
*/
private static function do_activation() {
private static function do_activation(): void {
if ( ! current_user_can( 'activate_plugins' ) ) {
return;
}
$plugin = isset( $_REQUEST['plugin'] ) ? $_REQUEST['plugin'] : '';
$plugin = $_REQUEST['plugin'] ?? '';
check_admin_referer( "activate-plugin_{$plugin}" );
}
......@@ -79,17 +79,17 @@ class Wp_Otp_Setup {
* The actual tasks performed during deactivation of a plugin.
*
* Should handle only stuff that happens during a single site deactivation,
* as the process will repeated for each site on a multisite/network installation
* as the process is repeated for each site on a multisite/network installation
* if the plugin is deactivated network wide.
*
* @since 0.1.0
*/
private static function do_deactivation() {
private static function do_deactivation(): void {
if ( ! current_user_can( 'activate_plugins' ) ) {
return;
}
$plugin = isset( $_REQUEST['plugin'] ) ? $_REQUEST['plugin'] : '';
$plugin = $_REQUEST['plugin'] ?? '';
check_admin_referer( "deactivate-plugin_{$plugin}" );
}
......@@ -100,7 +100,7 @@ class Wp_Otp_Setup {
*
* @param string $file Path of uninstall.php.
*/
public static function uninstall( $file ) {
public static function uninstall( $file ): void {
if ( ! current_user_can( 'activate_plugins' ) ) {
return;
}
......
......@@ -54,7 +54,7 @@ class Wp_Otp_User_Meta {
* @since 0.1.0
* @var array
*/
private static $user_meta = array();
private static $user_meta = [];
/**
* User ID of the user whose meta data is managed.
......@@ -84,7 +84,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public static function get_instance( $user_id = 0 ) {
public static function get_instance( $user_id = 0 ): Wp_Otp_User_Meta {
if ( null === self::$instance ) {
self::$user_id = $user_id ?: get_current_user_id();
self::$instance = new self;
......@@ -100,7 +100,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
private function fetch() {
private function fetch(): Wp_Otp_User_Meta {
if ( 0 === count( self::$user_meta ) ) {
self::$user_meta = wp_parse_args(
get_user_meta( self::$user_id, self::$user_meta_key, true ),
......@@ -145,7 +145,7 @@ class Wp_Otp_User_Meta {
*
* @return array All the user meta.
*/
public function get_all() {
public function get_all(): array {
return self::$user_meta;
}
......@@ -160,7 +160,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public function set( $key, $value, $save = false ) {
public function set( $key, $value, $save = false ): Wp_Otp_User_Meta {
if ( null !== $key ) {
if ( null !== $value ) {
self::$user_meta[ $key ] = $value;
......@@ -184,7 +184,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public function set_all( $metas, $save = false ) {
public function set_all( $metas, $save = false ): Wp_Otp_User_Meta {
foreach ( $metas as $key => $value ) {
$this->set( $key, $value );
}
......@@ -201,7 +201,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public function save() {
public function save(): Wp_Otp_User_Meta {
update_user_meta( self::$user_id, self::$user_meta_key, self::$user_meta );
return $this;
......@@ -214,7 +214,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public static function clear() {
public static function clear(): Wp_Otp_User_Meta {
$user_id = self::$user_id ?: get_current_user_id();
if ( delete_user_meta( $user_id, self::$user_meta_key ) ) {
// Reset instance.
......
......@@ -45,7 +45,7 @@ class Wp_Otp {
* @since 0.1.0
* @access private
*/
private function load_dependencies() {
private function load_dependencies(): void {
/**
* The class responsible for activation, deactivation and deletion of the plugin.
*/
......@@ -80,7 +80,7 @@ class Wp_Otp {
* @since 0.3.0
* @access private
*/
private function define_constants() {
private function define_constants(): void {
defined( 'WP_OTP_STEALTH' ) || define( 'WP_OTP_STEALTH', false );
}
......@@ -90,7 +90,7 @@ class Wp_Otp {
* @since 0.1.0
* @access private
*/
private function define_admin_hooks() {
private function define_admin_hooks(): void {
$plugin_admin = new Wp_Otp_Admin();
$this->loader->add_action( 'admin_enqueue_scripts', $plugin_admin, 'enqueue_styles' );
......@@ -109,7 +109,7 @@ class Wp_Otp {
* @since 0.1.0
* @access private
*/
private function define_public_hooks() {
private function define_public_hooks(): void {
$plugin_public = new Wp_Otp_Public();
if ( WP_OTP_STEALTH ) {
......@@ -126,7 +126,7 @@ class Wp_Otp {
*
* @since 0.1.0
*/
public function run() {
public function run(): void {
$this->loader->run();
}
}
......@@ -13,7 +13,10 @@
<!-- Exclude Composer vendor directory. -->
<exclude-pattern>*/vendor/*</exclude-pattern>
<rule ref="WordPress-Core"/>
<rule ref="WordPress-Core">
<exclude name="Generic.Arrays.DisallowShortArraySyntax.Found"/>
<exclude name="WordPress.PHP.DisallowShortTernary.Found"/>
</rule>
<rule ref="PEAR.Functions.FunctionCallSignature">
<exclude name="PEAR.Functions.FunctionCallSignature.ContentAfterOpenBracket"/>
......
......@@ -26,7 +26,7 @@ class Wp_Otp_Public {
*
* @since 0.1.0
*/
public function login_form_render() {
public function login_form_render(): void {
/**
* Filter for the OTP login form text.
*
......@@ -77,7 +77,7 @@ class Wp_Otp_Public {
if ( null === $otp ) {
return $user;
}
$otp_code = isset( $_POST['wp_otp_code'] ) ? $_POST['wp_otp_code'] : '';
$otp_code = $_POST['wp_otp_code'] ?? '';
// If this is a valid OTP code, all good!
if ( $this->verify_otp( $otp, $otp_code ) ) {
......@@ -116,7 +116,7 @@ class Wp_Otp_Public {
*
* @return void
*/
public function login_form_stealth_validate( &$username, &$password ) {
public function login_form_stealth_validate( &$username, &$password ): void {
$user = get_user_by( 'login', $username );
if ( ! $user ) {
return;
......@@ -172,9 +172,9 @@ class Wp_Otp_Public {
*
* @return TOTP
*/
private function get_otp_if_enabled( $user_meta_data ) {
private function get_otp_if_enabled( $user_meta_data ): TOTP {
if ( $user_meta_data->get( 'enabled' ) && null !== $user_meta_data->get( 'secret' ) ) {
return new TOTP( '', $user_meta_data->get( 'secret' ) );
return TOTP::create( $user_meta_data->get( 'secret' ) );
}
return null;
......@@ -190,7 +190,7 @@ class Wp_Otp_Public {
*
* @return bool
*/
private function verify_otp( $otp, $otp_code ) {
private function verify_otp( $otp, $otp_code ): bool {
/**
* Filter for the OTP code expiration window.
*
......
=== WP-OTP ===
Contributors: noplanman
Donate link: https://noplanman.ch/donate
Tags: login, 2fa, otp, totp, one time password, security, recovery, freeotp, google authenticator
Tags: login, 2fa, two factor, otp, totp, one time password, security, recovery, google authenticator
Requires at least: 4.6
Tested up to: 5.2.2
Stable tag: Unreleased
Requires PHP: 5.5
Requires PHP: 7.1
Author URI: https://noplanman.ch
Plugin URI: https://git.feneas.org/noplanman/wp-otp
License: GPLv2 or later
......@@ -49,7 +49,7 @@ There are a multitude of filters to be adjusted.
* `wp_otp_secret_length`: Length of the secret key.
= Minimum requirements =
WordPress 4.6, PHP 5.5.
WordPress 4.6, PHP 7.1.
= Donate / Support =
......@@ -95,7 +95,8 @@ This means that you will need to add your OTP (or recovery) code at the end of y
= Unreleased =
* Drop all custom i18n and rely on translate.wordpress.org.
* Minimum requirement now WP 4.6.
* Minimum requirements are now WP 4.6 and PHP 7.1.
* Update OTPHP to 9.1.
= 0.3.0 =
* Update list of OTP mobile apps.
......@@ -127,3 +128,8 @@ This means that you will need to add your OTP (or recovery) code at the end of y
= 0.1.0 =
* First version!
== Upgrade Notice ==
= Unreleased =
Minimum requirements are now WP 4.6 and PHP 7.1!
......@@ -2,9 +2,8 @@
/**
* Uninstall the plugin and clean up.
*
* @since 0.1.0
*
* @package Wp_Otp
* @since 0.1.0
*/
namespace Wp_Otp;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment