function user_switching_duo_set_cookie($user_id) { if (function_exists('duo_set_cookie')) { duo_unset_cookie(); duo_set_cookie(new WP_User($user_id)); } }
function duo_authenticate_user($user = "", $username = "", $password = "") { // play nicely with other plugins if they have higher priority than us if (is_a($user, 'WP_User')) { return $user; } if (!duo_auth_enabled()) { duo_debug_log('Duo not enabled, skipping 2FA.'); return; } if (isset($_POST['sig_response'])) { // secondary auth remove_action('authenticate', 'wp_authenticate_username_password', 20); $akey = duo_get_akey(); $duo_time = duo_get_time(); $username = Duo::verifyResponse(duo_get_option('duo_ikey'), duo_get_option('duo_skey'), $akey, $_POST['sig_response'], $duo_time); if ($username) { // Don't use get_user_by(). It doesn't return a WP_User object if wordpress version < 3.3 $user = new WP_User(0, $username); duo_set_cookie($user); duo_debug_log("Second factor successful for user: {$username}"); return $user; } else { $user = new WP_Error('Duo authentication_failed', __('<strong>ERROR</strong>: Failed or expired two factor authentication')); return $user; } } if (strlen($username) > 0) { // primary auth // Don't use get_user_by(). It doesn't return a WP_User object if wordpress version < 3.3 $user = new WP_User(0, $username); if (!$user) { error_log("Failed to retrieve WP user {$username}"); return; } if (!duo_role_require_mfa($user)) { duo_debug_log("Skipping 2FA for user: {$username} with roles: " . print_r($user->roles, true)); return; } remove_action('authenticate', 'wp_authenticate_username_password', 20); $user = wp_authenticate_username_password(NULL, $username, $password); if (!is_a($user, 'WP_User')) { // on error, return said error (and skip the remaining plugin chain) return $user; } else { duo_debug_log("Primary auth succeeded, starting second factor for {$username}"); duo_start_second_factor($user); } } duo_debug_log('Starting primary authentication'); }