Skip to content

Instantly share code, notes, and snippets.

@WPprodigy
Last active July 29, 2020 13:16
Show Gist options
  • Save WPprodigy/d431255dc5c52404e2d45026a55502e5 to your computer and use it in GitHub Desktop.
Save WPprodigy/d431255dc5c52404e2d45026a55502e5 to your computer and use it in GitHub Desktop.
Avoid 2FA during JSON API OAuth flow
<?php
/*
* Jetpack's JSON API Authorization flow needs to run free of the 2FA checks.
* JP already does additional validation on top of the normal login, so we can rely on that as the 2fa here.
*
* First we hook into wp_login right before the VIP Two_Factor_Core plugin does.
* Then if the situation is right, remove the additional 2FA login step.
*/
add_action( 'wp_login', function( $user_login, $user ) {
// Optional: Limit to specific users.
if ( ! in_array( $user_login, [ 'example_username' ], true ) ) {
return;
}
if ( ! isset( $_REQUEST['action'] ) || 'jetpack_json_api_authorization' !== $_REQUEST['action'] ) {
// Not the login flow we're looking for.
return;
}
// Ensure Jetpack has already run it's additional authorization checks.
if ( class_exists( 'Jetpack' ) && false !== has_action( 'login_form_jetpack_json_api_authorization', [ Jetpack::init(), 'login_form_json_api_authorization' ] ) && did_action( 'login_form_jetpack_json_api_authorization' ) ) {
if ( class_exists( 'Two_Factor_Core' ) ) {
// Avoid the additional provider login form step.
remove_action( 'wp_login', [ Two_Factor_Core, 'wp_login' ], 10 );
}
}
}, 5, 2 );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment