Last active
May 20, 2024 12:48
-
-
Save paulgoodchild/61e2fdd8aefd46792d055d13502109de to your computer and use it in GitHub Desktop.
Intercept and prevent Shield's 2FA email sending process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php declare( strict_types=1 ); | |
| /** | |
| * Perform any secondary checks before Shield verifies the 2FA nonce. | |
| * If any of your checks fail, throw a new \Exception() with the error message you'd like to display to user. | |
| */ | |
| add_action( 'shield/2fa/email/pre_send_email/pre_nonce_verify', function ( \WP_User $user, string $plainNonce ) { | |
| // e.g. this is a trivial example and not an actual check that is required. | |
| // The message 'User ID is invalid.' will be displayed to the user. | |
| if ( $user->ID < 1 ) { | |
| throw new \Exception( 'User ID is invalid.' ); | |
| } | |
| if ( \strlen( $plainNonce ) > 100 ) { | |
| throw new \Exception( 'Nonce value is too long.' ); | |
| } | |
| }, 10, 2 ); | |
| /** | |
| * Alternatively, you can perform any further checks after Shield has verified the 2FA nonce. | |
| */ | |
| add_action( 'shield/2fa/email/pre_send_email/nonce_verified', function ( \WP_User $user, string $plainNonce ) { | |
| // e.g. this is a trivial example and not an actual check that is required. | |
| // The message 'User ID is invalid.' will be displayed to the user. | |
| if ( $user->ID < 1 ) { | |
| throw new \Exception( 'User ID is invalid.' ); | |
| } | |
| if ( \strlen( $plainNonce ) > 100 ) { | |
| throw new \Exception( 'Nonce value is too long.' ); | |
| } | |
| }, 10, 2 ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment