Verified Commit 68358cd7 authored by noplanman's avatar noplanman
Browse files

Upgrade to PHP 7.1 including dependencies, fix obsolete OTPHP code.

parent 7dbab415
......@@ -8,8 +8,8 @@ before_script:
- curl -sS https://getcomposer.org/installer | php
- php composer.phar install
test:5.6:
image: php:5.6-cli-alpine
test:7.1:
image: php:7.1-cli-alpine
script:
- php composer.phar check-code
......
......@@ -27,7 +27,7 @@ class Wp_Otp_Admin {
*
* @param string $hook Page on which this hook is called.
*/
public function enqueue_styles( $hook ) {
public function enqueue_styles( $hook ): void {
if ( 'profile.php' === $hook ) {
wp_enqueue_style( WP_OTP_SLUG . '-admin', plugin_dir_url( __FILE__ ) . 'css/wp-otp-admin.css' );
}
......@@ -40,7 +40,7 @@ class Wp_Otp_Admin {
*
* @param string $hook Page on which this hook is called.
*/
public function enqueue_scripts( $hook ) {
public function enqueue_scripts( $hook ): void {
if ( 'profile.php' === $hook ) {
$handle = WP_OTP_SLUG . '-admin';
......@@ -62,8 +62,9 @@ class Wp_Otp_Admin {
* @param int $user_id
*
* @return void
* @throws \Exception
*/
public function user_profile_updated( $user_id ) {
public function user_profile_updated( $user_id ): void {
if ( ! current_user_can( 'edit_user', $user_id ) ) {
return;
}
......@@ -75,9 +76,10 @@ class Wp_Otp_Admin {
// Get the secret.
$secret = $user_meta_data->get( 'secret', $this->get_random_secret() );
$otp = new TOTP( $user->user_login, $secret );
$otp = TOTP::create( $secret );
$otp->setLabel( $user->user_login );
$otp_code = isset( $_POST['wp_otp_code'] ) ? $_POST['wp_otp_code'] : '';
$otp_code = $_POST['wp_otp_code'] ?? '';
if ( $otp_code && ! $user_meta_data->get( 'enabled', false ) ) {
/** Filter documented in class-wp-otp-public.php */
$otp_window = (int) apply_filters( 'wp_otp_code_expiration_window', 2 );
......@@ -119,7 +121,7 @@ class Wp_Otp_Admin {
*
* @since 0.1.0
*/
public function admin_init() {
public function admin_init(): void {
if ( isset( $_GET['wp-otp-reconfigure'] ) && 'yes' === $_GET['wp-otp-reconfigure'] ) {
Wp_Otp_User_Meta::clear();
wp_redirect( get_edit_profile_url() . '#wp_otp' );
......@@ -157,8 +159,9 @@ class Wp_Otp_Admin {
* @param null|int $codes_length_override Override the filter and default for the codes length.
*
* @return array
* @throws \Exception
*/
public function get_random_recovery_codes( $codes_count_override = null, $codes_length_override = null ) {
public function get_random_recovery_codes( $codes_count_override = null, $codes_length_override = null ): array {
/**
* Filter for the number of random recovery codes to generate (between 1 and 20).
*
......@@ -198,8 +201,9 @@ class Wp_Otp_Admin {
* @param null|int $secret_length_override Override the filter and default for the codes count.
*
* @return string
* @throws \Exception
*/
public function get_random_secret( $secret_length_override = null ) {
public function get_random_secret( $secret_length_override = null ): string {
/**
* Filter for the length of the secret to be generated (between 8 and 64).
*
......@@ -219,15 +223,18 @@ class Wp_Otp_Admin {
* @since 0.1.0
*
* @param WP_User $user
*
* @throws \Exception
*/
public function user_profile_render( $user ) {
public function user_profile_render( $user ): void {
$user_meta_data = Wp_Otp_User_Meta::get_instance();
// Get and save the secret.
$secret = $user_meta_data->get( 'secret', $this->get_random_secret() );
$user_meta_data->set( 'secret', $secret, true );
$otp = new TOTP( $user->user_login, $secret );
$otp = TOTP::create( $secret );
$otp->setLabel( $user->user_login );
// Issuer isn't allowed to have any colon.
$otp->setIssuer( str_replace( [ ':', '%3a', '%3A' ], '', get_bloginfo( 'name' ) ) );
......@@ -306,7 +313,7 @@ class Wp_Otp_Admin {
*
* @return void
*/
public function show_user_notification( array $messages, $type = 'notice' ) {
public function show_user_notification( array $messages, $type = 'notice' ): void {
if ( empty( $messages ) ) {
return;
}
......@@ -331,7 +338,7 @@ class Wp_Otp_Admin {
*
* @since 0.1.0
*/
public function admin_notices() {
public function admin_notices(): void {
$user_meta_data = Wp_Otp_User_Meta::get_instance();
/*if ( ! $user_meta_data->get( 'enabled' ) ) {
......
......@@ -2,7 +2,12 @@
"name": "noplanman/wp-otp",
"type": "wordpress-plugin",
"description": "OTP for WordPress",
"keywords": ["otp", "totp", "plugin", "wordpress"],
"keywords": [
"otp",
"totp",
"plugin",
"wordpress"
],
"license": "GPL-2.0",
"homepage": "https://git.feneas.org/noplanman/wp-otp",
"support": {
......@@ -17,27 +22,12 @@
"role": "Developer"
}
],
"repositories": [
{
"type": "package",
"package": {
"type": "metapackage",
"name": "wp/dummy",
"description": "Replace any required packages with a dummy.",
"version": "dev-master",
"replace": {
"paragonie/random_compat": "*"
}
}
}
],
"require": {
"php": "^5.5|^7.0",
"wp/dummy": "@dev",
"spomky-labs/otphp": "8.3.3"
"php": "^7.1",
"spomky-labs/otphp": "^9.1"
},
"require-dev": {
"wp-coding-standards/wpcs": "^2.1",
"wp-coding-standards/wpcs": "^2.2",
"dealerdirect/phpcodesniffer-composer-installer": "^0.5.0"
},
"scripts": {
......
......@@ -56,7 +56,7 @@ class Wp_Otp_Loader {
* @param int $priority The priority at which the function should be fired. Default is 10.
* @param int $accepted_args The number of arguments that should be passed to the $callback. Default is 1.
*/
public function add_action( $hook, $component, $callback = null, $priority = 10, $accepted_args = 1 ) {
public function add_action( $hook, $component, $callback = null, $priority = 10, $accepted_args = 1 ): void {
$this->actions = $this->add( $this->actions, $hook, $component, $callback ?: $hook, $priority, $accepted_args );
}
......@@ -71,7 +71,7 @@ class Wp_Otp_Loader {
* @param int $priority The priority at which the function should be fired. Default is 10.
* @param int $accepted_args The number of arguments that should be passed to the $callback. Default is 1.
*/
public function add_filter( $hook, $component, $callback = null, $priority = 10, $accepted_args = 1 ) {
public function add_filter( $hook, $component, $callback = null, $priority = 10, $accepted_args = 1 ): void {
$this->filters = $this->add( $this->filters, $hook, $component, $callback ?: $hook, $priority, $accepted_args );
}
......@@ -91,7 +91,7 @@ class Wp_Otp_Loader {
*
* @return array The collection of actions and filters registered with WordPress.
*/
private function add( $hooks, $hook, $component, $callback, $priority, $accepted_args ) {
private function add( $hooks, $hook, $component, $callback, $priority, $accepted_args ): array {
$hooks[] = [
'hook' => $hook,
'component' => $component,
......@@ -108,7 +108,7 @@ class Wp_Otp_Loader {
*
* @since 0.1.0
*/
public function run() {
public function run(): void {
foreach ( $this->filters as $hook ) {
add_filter(
$hook['hook'],
......
......@@ -23,7 +23,7 @@ class Wp_Otp_Setup {
* @param bool $network_wide TRUE if multisite/network and superadmin uses the "Network Activate" action.
* FALSE is no multisite install or plugin gets activated on a single blog.
*/
public static function activate( $network_wide ) {
public static function activate( $network_wide ): void {
if ( $network_wide && is_multisite() ) {
foreach ( get_sites() as $site ) {
switch_to_blog( $site->blog_id );
......@@ -44,7 +44,7 @@ class Wp_Otp_Setup {
* @param bool $network_wide TRUE if multisite/network and superadmin uses the "Network Deactivate" action.
* FALSE is no multisite install or plugin gets deactivated on a single blog.
*/
public static function deactivate( $network_wide ) {
public static function deactivate( $network_wide ): void {
if ( $network_wide && is_multisite() ) {
foreach ( get_sites() as $site ) {
switch_to_blog( $site->blog_id );
......@@ -61,17 +61,17 @@ class Wp_Otp_Setup {
* The actual tasks performed during activation of a plugin.
*
* Should handle only stuff that happens during a single site activation,
* as the process will repeated for each site on a multisite/network installation
* as the process is repeated for each site on a multisite/network installation
* if the plugin is activated network wide.
*
* @since 0.1.0
*/
private static function do_activation() {
private static function do_activation(): void {
if ( ! current_user_can( 'activate_plugins' ) ) {
return;
}
$plugin = isset( $_REQUEST['plugin'] ) ? $_REQUEST['plugin'] : '';
$plugin = $_REQUEST['plugin'] ?? '';
check_admin_referer( "activate-plugin_{$plugin}" );
}
......@@ -79,17 +79,17 @@ class Wp_Otp_Setup {
* The actual tasks performed during deactivation of a plugin.
*
* Should handle only stuff that happens during a single site deactivation,
* as the process will repeated for each site on a multisite/network installation
* as the process is repeated for each site on a multisite/network installation
* if the plugin is deactivated network wide.
*
* @since 0.1.0
*/
private static function do_deactivation() {
private static function do_deactivation(): void {
if ( ! current_user_can( 'activate_plugins' ) ) {
return;
}
$plugin = isset( $_REQUEST['plugin'] ) ? $_REQUEST['plugin'] : '';
$plugin = $_REQUEST['plugin'] ?? '';
check_admin_referer( "deactivate-plugin_{$plugin}" );
}
......@@ -100,7 +100,7 @@ class Wp_Otp_Setup {
*
* @param string $file Path of uninstall.php.
*/
public static function uninstall( $file ) {
public static function uninstall( $file ): void {
if ( ! current_user_can( 'activate_plugins' ) ) {
return;
}
......
......@@ -54,7 +54,7 @@ class Wp_Otp_User_Meta {
* @since 0.1.0
* @var array
*/
private static $user_meta = array();
private static $user_meta = [];
/**
* User ID of the user whose meta data is managed.
......@@ -84,7 +84,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public static function get_instance( $user_id = 0 ) {
public static function get_instance( $user_id = 0 ): Wp_Otp_User_Meta {
if ( null === self::$instance ) {
self::$user_id = $user_id ?: get_current_user_id();
self::$instance = new self;
......@@ -100,7 +100,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
private function fetch() {
private function fetch(): Wp_Otp_User_Meta {
if ( 0 === count( self::$user_meta ) ) {
self::$user_meta = wp_parse_args(
get_user_meta( self::$user_id, self::$user_meta_key, true ),
......@@ -145,7 +145,7 @@ class Wp_Otp_User_Meta {
*
* @return array All the user meta.
*/
public function get_all() {
public function get_all(): array {
return self::$user_meta;
}
......@@ -160,7 +160,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public function set( $key, $value, $save = false ) {
public function set( $key, $value, $save = false ): Wp_Otp_User_Meta {
if ( null !== $key ) {
if ( null !== $value ) {
self::$user_meta[ $key ] = $value;
......@@ -184,7 +184,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public function set_all( $metas, $save = false ) {
public function set_all( $metas, $save = false ): Wp_Otp_User_Meta {
foreach ( $metas as $key => $value ) {
$this->set( $key, $value );
}
......@@ -201,7 +201,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public function save() {
public function save(): Wp_Otp_User_Meta {
update_user_meta( self::$user_id, self::$user_meta_key, self::$user_meta );
return $this;
......@@ -214,7 +214,7 @@ class Wp_Otp_User_Meta {
*
* @return Wp_Otp_User_Meta Instance of this class.
*/
public static function clear() {
public static function clear(): Wp_Otp_User_Meta {
$user_id = self::$user_id ?: get_current_user_id();
if ( delete_user_meta( $user_id, self::$user_meta_key ) ) {
// Reset instance.
......
......@@ -45,7 +45,7 @@ class Wp_Otp {
* @since 0.1.0
* @access private
*/
private function load_dependencies() {
private function load_dependencies(): void {
/**
* The class responsible for activation, deactivation and deletion of the plugin.
*/
......@@ -80,7 +80,7 @@ class Wp_Otp {
* @since 0.3.0
* @access private
*/
private function define_constants() {
private function define_constants(): void {
defined( 'WP_OTP_STEALTH' ) || define( 'WP_OTP_STEALTH', false );
}
......@@ -90,7 +90,7 @@ class Wp_Otp {
* @since 0.1.0
* @access private
*/
private function define_admin_hooks() {
private function define_admin_hooks(): void {
$plugin_admin = new Wp_Otp_Admin();
$this->loader->add_action( 'admin_enqueue_scripts', $plugin_admin, 'enqueue_styles' );
......@@ -109,7 +109,7 @@ class Wp_Otp {
* @since 0.1.0
* @access private
*/
private function define_public_hooks() {
private function define_public_hooks(): void {
$plugin_public = new Wp_Otp_Public();
if ( WP_OTP_STEALTH ) {
......@@ -126,7 +126,7 @@ class Wp_Otp {
*
* @since 0.1.0
*/
public function run() {
public function run(): void {
$this->loader->run();
}
}
......@@ -13,7 +13,10 @@
<!-- Exclude Composer vendor directory. -->
<exclude-pattern>*/vendor/*</exclude-pattern>
<rule ref="WordPress-Core"/>
<rule ref="WordPress-Core">
<exclude name="Generic.Arrays.DisallowShortArraySyntax.Found"/>
<exclude name="WordPress.PHP.DisallowShortTernary.Found"/>
</rule>
<rule ref="PEAR.Functions.FunctionCallSignature">
<exclude name="PEAR.Functions.FunctionCallSignature.ContentAfterOpenBracket"/>
......
......@@ -26,7 +26,7 @@ class Wp_Otp_Public {
*
* @since 0.1.0
*/
public function login_form_render() {
public function login_form_render(): void {
/**
* Filter for the OTP login form text.
*
......@@ -77,7 +77,7 @@ class Wp_Otp_Public {
if ( null === $otp ) {
return $user;
}
$otp_code = isset( $_POST['wp_otp_code'] ) ? $_POST['wp_otp_code'] : '';
$otp_code = $_POST['wp_otp_code'] ?? '';
// If this is a valid OTP code, all good!
if ( $this->verify_otp( $otp, $otp_code ) ) {
......@@ -116,7 +116,7 @@ class Wp_Otp_Public {
*
* @return void
*/
public function login_form_stealth_validate( &$username, &$password ) {
public function login_form_stealth_validate( &$username, &$password ): void {
$user = get_user_by( 'login', $username );
if ( ! $user ) {
return;
......@@ -172,9 +172,9 @@ class Wp_Otp_Public {
*
* @return TOTP
*/
private function get_otp_if_enabled( $user_meta_data ) {
private function get_otp_if_enabled( $user_meta_data ): TOTP {
if ( $user_meta_data->get( 'enabled' ) && null !== $user_meta_data->get( 'secret' ) ) {
return new TOTP( '', $user_meta_data->get( 'secret' ) );
return TOTP::create( $user_meta_data->get( 'secret' ) );
}
return null;
......@@ -190,7 +190,7 @@ class Wp_Otp_Public {
*
* @return bool
*/
private function verify_otp( $otp, $otp_code ) {
private function verify_otp( $otp, $otp_code ): bool {
/**
* Filter for the OTP code expiration window.
*
......
=== WP-OTP ===
Contributors: noplanman
Donate link: https://noplanman.ch/donate
Tags: login, 2fa, otp, totp, one time password, security, recovery, freeotp, google authenticator
Tags: login, 2fa, two factor, otp, totp, one time password, security, recovery, google authenticator
Requires at least: 4.6
Tested up to: 5.2.2
Stable tag: Unreleased
Requires PHP: 5.5
Requires PHP: 7.1
Author URI: https://noplanman.ch
Plugin URI: https://git.feneas.org/noplanman/wp-otp
License: GPLv2 or later
......@@ -49,7 +49,7 @@ There are a multitude of filters to be adjusted.
* `wp_otp_secret_length`: Length of the secret key.
= Minimum requirements =
WordPress 4.6, PHP 5.5.
WordPress 4.6, PHP 7.1.
= Donate / Support =
......@@ -95,7 +95,8 @@ This means that you will need to add your OTP (or recovery) code at the end of y
= Unreleased =
* Drop all custom i18n and rely on translate.wordpress.org.
* Minimum requirement now WP 4.6.
* Minimum requirements are now WP 4.6 and PHP 7.1.
* Update OTPHP to 9.1.
= 0.3.0 =
* Update list of OTP mobile apps.
......@@ -127,3 +128,8 @@ This means that you will need to add your OTP (or recovery) code at the end of y
= 0.1.0 =
* First version!
== Upgrade Notice ==
= Unreleased =
Minimum requirements are now WP 4.6 and PHP 7.1!
......@@ -2,9 +2,8 @@
/**
* Uninstall the plugin and clean up.
*
* @since 0.1.0
*
* @package Wp_Otp
* @since 0.1.0
*/
namespace Wp_Otp;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment