Filter for QR code

  • Resolved karlemilnikka

    (@karlemilnikka)


    1 year, 9 months ago

    Now that Wordfence supports enabling 2FA from the frontend, it would be great if we could filter the otpauth data in the generated QR code. Many sites would e.g., prefer if the website name was shown as issuer instead of “Wordfence” (since their visitors would have no idea of what Wordfence is). Some sites would prefer if the email address was included instead of the username.

    This can easily be accomplished by just adding a filter to the private function generate_otp_url in /modules/login-security/classes/model/2fainitializationdata.php, passing the base32 encoded secret as an argument. Even better would be if the settings for issuer and included user identifier (user_email or user_login) were available from the admin pages or included as parameters for the shortcode.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @karlemilnikka

    I have passed your valuable feedback and feature request to the team for you.

    All feature requests are discussed by the team and given careful consideration so you may see this in a future version of Wordfence.

    Thread Starter karlemilnikka

    (@karlemilnikka)

    Thanks, both for passing the feedback on and for providing such an excellent plugin/service.

    Thread Starter karlemilnikka

    (@karlemilnikka)

    @wfphil Here’s an example of how I would suggest the filter to be implemented. Please consider accepting this as a pull request.

    https://office.nikkasystems.com/s/fxYH3BrHGZzFHCS

    This is the updated method in 2fainitializationdata.php.

    private function generate_otp_url() {
		
		$otp_url = "otpauth://totp/" . rawurlencode( preg_replace( '~^https?://~i', '', home_url() ) . ' (' . $this->user->user_login . ')' ) . '?secret=' . $this->get_base32_secret() . '&algorithm=SHA1&digits=6&period=30&issuer=Wordfence';
		
		/**
		 * Filters the OTP URL.
		 *
		 * @since 2.10.1
		 *
		 * @param string 	$otp_url	The OTP URL.
		 * @param int 		$user_id 	The user’s ID.
		 * @param string	$secret		The user’s base32 encoded secret.
		 */

		$otp_url = apply_filters( 'wfls_otp_url', $otp_url, $this->user->ID, $this->get_base32_secret() );
		return $otp_url;
	}

    Here’s an example of how it can be used. 

    function opal_otp_url( $otp_url, $user_id, $secret ) {
	$user_data = get_userdata( $user_id );
    $user_email = rawurlencode( $user_data->user_email );
    $site_name = rawurlencode( get_bloginfo('name') );
    $site_hostname = parse_url( get_site_url(), PHP_URL_HOST );

    $otp_url = 'otpauth://totp/'. $site_name . ':' . $user_email . '?secret=' . $secret . '&algorithm=SHA1&digits=6&period=30&issuer=' . $site_hostname;
    return $otp_url;
}

add_filter( 'wfls_otp_url', 'opal_otp_url', 10, 3 );
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Filter for QR code’ is closed to new replies.