protect_call() public method

Calls over to the api using wp_remote_post
public protect_call ( string $action = 'check_ip', array $request = [] ) : array
$action string 'check_ip', 'check_key', or 'failed_attempt'
$request array Any custom data to post to the api
return array
Jetpack_Protect_Module Class Documentation
Esempio n. 1
0
 /**
  * Sends a "check_key" API call once a day.  This call allows us to track IP-related
  * headers for this server via the Protect API, in order to better identify the source
  * IP for login attempts
  */
 public function maybe_update_headers($force = false)
 {
     $updated_recently = $this->get_transient('jpp_headers_updated_recently');
     if (!$force) {
         if (isset($_GET['protect_update_headers'])) {
             $force = true;
         }
     }
     // check that current user is admin so we prevent a lower level user from adding
     // a trusted header, allowing them to brute force an admin account
     if ($updated_recently && !$force || !current_user_can('update_plugins')) {
         return;
     }
     $response = Jetpack_Protect_Module::protect_call('check_key');
     $this->set_transient('jpp_headers_updated_recently', 1, DAY_IN_SECONDS);
     if (isset($response['msg']) && $response['msg']) {
         update_site_option('trusted_ip_header', json_decode($response['msg']));
     }
 }
Esempio n. 2
0
 /**
  * Sends a "check_key" API call once a day.  This call allows us to track IP-related
  * headers for this server via the Protect API, in order to better identify the source
  * IP for login attempts
  */
 public function maybe_update_headers()
 {
     $updated_recently = $this->get_transient('jpp_headers_updated_recently');
     // check that current user is admin so we prevent a lower level user from adding
     // a trusted header, allowing them to brute force an admin account
     if (!$updated_recently && current_user_can('update_plugins')) {
         Jetpack_Protect_Module::protect_call('check_key');
         $this->set_transient('jpp_headers_updated_recently', 1, DAY_IN_SECONDS);
         $headers = $this->get_headers();
         $trusted_header = 'REMOTE_ADDR';
         if (count($headers) == 1) {
             $trusted_header = key($headers);
         } elseif (count($headers) > 1) {
             foreach ($headers as $header => $ip) {
                 $ips = explode(', ', $ip);
                 $ip_list_has_nonprivate_ip = false;
                 foreach ($ips as $ip) {
                     $ip = jetpack_clean_ip($ip);
                     // If the IP is in a private or reserved range, return REMOTE_ADDR to help prevent spoofing
                     if ($ip == '127.0.0.1' || $ip == '::1' || jetpack_protect_ip_is_private($ip)) {
                         continue;
                     } else {
                         $ip_list_has_nonprivate_ip = true;
                         break;
                     }
                 }
                 if (!$ip_list_has_nonprivate_ip) {
                     continue;
                 }
                 // IP is not local, we'll trust this header
                 $trusted_header = $header;
                 break;
             }
         }
         update_site_option('trusted_ip_header', $trusted_header);
     }
 }
Esempio n. 3
0
 /**
  * On module activation, try to get an api key
  */
 public function on_activation()
 {
     update_site_option('jetpack_protect_activating', 'activating');
     // Get BruteProtect's counter number
     Jetpack_Protect_Module::protect_call('check_key');
 }