From 1c11c756ad94a7759761352204c9663ac3763791 Mon Sep 17 00:00:00 2001
From: HoppMorgan <morgan.byrne@hoppstudio.com>
Date: Wed, 4 Sep 2024 11:24:26 +0100
Subject: [PATCH 1/6] feat: make protected construct public

this is so we can validate a 2FA code using the plugins functions
---
 providers/class-two-factor-totp.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php
index 4b075495..3f166bf4 100644
--- a/providers/class-two-factor-totp.php
+++ b/providers/class-two-factor-totp.php
@@ -42,7 +42,7 @@ class Two_Factor_Totp extends Two_Factor_Provider {
 	 *
 	 * @codeCoverageIgnore
 	 */
-	protected function __construct() {
+	public function __construct() {
 		add_action( 'rest_api_init', array( $this, 'register_rest_routes' ) );
 		add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_assets' ) );
 		add_action( 'wp_enqueue_scripts', array( $this, 'enqueue_assets' ) );

From 71353b51322cad37f4ed1fed20447f701d45bd7f Mon Sep 17 00:00:00 2001
From: HoppMorgan <morgan.byrne@hoppstudio.com>
Date: Wed, 4 Sep 2024 11:25:01 +0100
Subject: [PATCH 2/6] feat: prevented auto redirecting of request to login
 screen

so we stop getting the login screen HTML returned in the request
---
 class-two-factor-core.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index c5864340..9618947f 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -94,7 +94,10 @@ class Two_Factor_Core {
 	 */
 	public static function add_hooks( $compat ) {
 		add_action( 'init', array( __CLASS__, 'get_providers' ) );
-		add_action( 'wp_login', array( __CLASS__, 'wp_login' ), 10, 2 );
+		$is_headless = true; // TODO: Change this programatically
+		if (!$is_headless) {
+			add_action( 'wp_login', array( __CLASS__, 'wp_login' ), 10, 2 );
+		}
 		add_filter( 'wp_login_errors', array( __CLASS__, 'maybe_show_reset_password_notice' ) );
 		add_action( 'after_password_reset', array( __CLASS__, 'clear_password_reset_notice' ) );
 		add_action( 'login_form_validate_2fa', array( __CLASS__, 'login_form_validate_2fa' ) );

From d67694eee667da0bc6e5b85658dd1687afdbd437 Mon Sep 17 00:00:00 2001
From: HoppMorgan <morgan.byrne@hoppstudio.com>
Date: Mon, 9 Sep 2024 09:04:13 +0100
Subject: [PATCH 3/6] feat: make protected construct public

allows us to verify 2FA with email
---
 providers/class-two-factor-email.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/class-two-factor-email.php b/providers/class-two-factor-email.php
index ac3955ce..b5a22066 100644
--- a/providers/class-two-factor-email.php
+++ b/providers/class-two-factor-email.php
@@ -40,7 +40,7 @@ class Two_Factor_Email extends Two_Factor_Provider {
 	 *
 	 * @since 0.1-dev
 	 */
-	protected function __construct() {
+	public function __construct() {
 		add_action( 'two_factor_user_options_' . __CLASS__, array( $this, 'user_options' ) );
 		return parent::__construct();
 	}

From d9cacfb2500c4af1fbb3cbafe98dc049ad20d51b Mon Sep 17 00:00:00 2001
From: Saajan Patel <saajan.patel@hoppstudio.com>
Date: Thu, 20 Feb 2025 09:27:41 +0000
Subject: [PATCH 4/6] feat: adding wp admin 2fa catch

---
 class-two-factor-core.php | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index e3be3374..974b49f7 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -661,16 +661,33 @@ public static function is_user_using_two_factor( $user = null ) {
 	 * @param WP_User $user WP_User object of the logged-in user.
 	 */
 	public static function wp_login( $user_login, $user ) {
-		if ( ! self::is_user_using_two_factor( $user->ID ) ) {
+		// get request 
+		$current_origin = get_http_origin();
+	
+		if ( empty( $current_origin ) ) {
+			$current_origin = ! empty( $_SERVER['HTTP_REFERER'] ) ? sanitize_text_field( $_SERVER['HTTP_REFERER'] ) : null;
+		}
+	
+		// get frontend url
+		$frontend_settings = get_option('frontend_settings');
+	
+		$frontend_url = $frontend_settings['frontend_uri'];
+	
+		// this is returning "https:\/\/localhost:3000"
+		// we need it in the format https://localhost:3000
+		$frontend_url = str_replace('\\', '', $frontend_url);
+		$frontend_url = str_replace('"', '', $frontend_url);
+	
+		if ( ! self::is_user_using_two_factor( $user->ID ) || $current_origin === $frontend_url ) {
 			return;
 		}
-
+	
 		// Invalidate the current login session to prevent from being re-used.
 		self::destroy_current_session_for_user( $user );
-
+	
 		// Also clear the cookies which are no longer valid.
 		wp_clear_auth_cookie();
-
+	
 		self::show_two_factor_login( $user );
 		exit;
 	}

From 66a612fe5c676625c5ef6bebd1997a1ef7606de3 Mon Sep 17 00:00:00 2001
From: Saajan Patel <saajan.patel@hoppstudio.com>
Date: Thu, 20 Feb 2025 09:54:59 +0000
Subject: [PATCH 5/6] feat: removing checking for headless

---
 class-two-factor-core.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index 974b49f7..80e16b49 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -94,10 +94,10 @@ class Two_Factor_Core {
 	 */
 	public static function add_hooks( $compat ) {
 		add_action( 'init', array( __CLASS__, 'get_providers' ) ); // @phpstan-ignore return.void
-		$is_headless = true; // TODO: Change this programatically
-		if (!$is_headless) {
-			add_action( 'wp_login', array( __CLASS__, 'wp_login' ), 10, 2 );
-		}
+		
+		// Check to see if its a headless login
+		add_action( 'wp_login', array( __CLASS__, 'wp_login' ), 10, 2 );
+
 		add_filter( 'wp_login_errors', array( __CLASS__, 'maybe_show_reset_password_notice' ) );
 		add_action( 'after_password_reset', array( __CLASS__, 'clear_password_reset_notice' ) );
 		add_action( 'login_form_validate_2fa', array( __CLASS__, 'login_form_validate_2fa' ) );
@@ -662,7 +662,12 @@ public static function is_user_using_two_factor( $user = null ) {
 	 */
 	public static function wp_login( $user_login, $user ) {
 		// get request 
+
+		wp_mail('me@me.com', 'wp_login', 'wp_login');
+
 		$current_origin = get_http_origin();
+
+		wp_mail('me@me.com', 'current_origin', $current_origin);
 	
 		if ( empty( $current_origin ) ) {
 			$current_origin = ! empty( $_SERVER['HTTP_REFERER'] ) ? sanitize_text_field( $_SERVER['HTTP_REFERER'] ) : null;
@@ -672,6 +677,8 @@ public static function wp_login( $user_login, $user ) {
 		$frontend_settings = get_option('frontend_settings');
 	
 		$frontend_url = $frontend_settings['frontend_uri'];
+
+		wp_mail('me@me.com', 'frontend_url', $frontend_url);
 	
 		// this is returning "https:\/\/localhost:3000"
 		// we need it in the format https://localhost:3000
@@ -679,6 +686,7 @@ public static function wp_login( $user_login, $user ) {
 		$frontend_url = str_replace('"', '', $frontend_url);
 	
 		if ( ! self::is_user_using_two_factor( $user->ID ) || $current_origin === $frontend_url ) {
+			wp_mail('me@me.com', 'no 2fa', 'no 2fa');
 			return;
 		}
 	

From dbf097babaccec6ea8443df2c487df9d7969ec80 Mon Sep 17 00:00:00 2001
From: Saajan Patel <saajan.patel@hoppstudio.com>
Date: Thu, 20 Feb 2025 10:18:46 +0000
Subject: [PATCH 6/6] refactor: frontend_uri fix ;  removing wp_mail tests

---
 class-two-factor-core.php | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index 80e16b49..856439f4 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -663,30 +663,23 @@ public static function is_user_using_two_factor( $user = null ) {
 	public static function wp_login( $user_login, $user ) {
 		// get request 
 
-		wp_mail('me@me.com', 'wp_login', 'wp_login');
-
 		$current_origin = get_http_origin();
-
-		wp_mail('me@me.com', 'current_origin', $current_origin);
 	
 		if ( empty( $current_origin ) ) {
 			$current_origin = ! empty( $_SERVER['HTTP_REFERER'] ) ? sanitize_text_field( $_SERVER['HTTP_REFERER'] ) : null;
 		}
-	
+
 		// get frontend url
-		$frontend_settings = get_option('frontend_settings');
-	
-		$frontend_url = $frontend_settings['frontend_uri'];
+		$faustwp_settings = get_option('faustwp_settings');
 
-		wp_mail('me@me.com', 'frontend_url', $frontend_url);
+		$frontend_uri = ($faustwp_settings['frontend_uri']);
 	
 		// this is returning "https:\/\/localhost:3000"
 		// we need it in the format https://localhost:3000
-		$frontend_url = str_replace('\\', '', $frontend_url);
-		$frontend_url = str_replace('"', '', $frontend_url);
+		$frontend_uri = str_replace('\\', '', $frontend_uri);
+		$frontend_uri = str_replace('"', '', $frontend_uri);
 	
-		if ( ! self::is_user_using_two_factor( $user->ID ) || $current_origin === $frontend_url ) {
-			wp_mail('me@me.com', 'no 2fa', 'no 2fa');
+		if ( ! self::is_user_using_two_factor( $user->ID ) || $current_origin === $frontend_uri ) {
 			return;
 		}