<?php
use WordfenceLS\Controller_Settings;
require_once(dirname(__FILE__) . '/wfRESTBaseController.php');
class wfRESTConfigController extends wfRESTBaseController {
const WF_CENTRAL_USER_MARKER = '_wf_central_user_'; //Marker used to indicate that the site was disconnected by a user associated with the site's Central account
const WF_CENTRAL_FAILURE_MARKER = '_wf_central_failure_'; //Marker used to indicate that the site was disconnected due to exceeding the error threshold
public static function disconnectConfig($adminEmail = null) {
global $wpdb;
delete_transient('wordfenceCentralJWT' . wfConfig::get('wordfenceCentralSiteID'));
if (is_null($adminEmail)) {
$user = wp_get_current_user();
if ($user && $user->exists()) {
$adminEmail = $user->user_email;
}
if (is_null($adminEmail)) {
$adminEmail = wfConfig::get('wordfenceCentralConnectEmail');
}
}
$result = $wpdb->query('DELETE FROM ' . wfDB::networkTable('wfConfig') . " WHERE name LIKE 'wordfenceCentral%'");
wfConfig::set('wordfenceCentralDisconnected', true);
wfConfig::set('wordfenceCentralDisconnectTime', time());
wfConfig::set('wordfenceCentralDisconnectEmail', $adminEmail);
wfConfig::set('wordfenceCentralConfigurationIssue', false);
return !!$result;
}
public function registerRoutes() {
register_rest_route('wordfence/v1', '/config', array(
'methods' => WP_REST_Server::READABLE,
'callback' => array($this, 'getConfig'),
'permission_callback' => array($this, 'verifyToken'),
'fields' => array(
'description' => __('Specific config options to return.', 'wordfence'),
'type' => 'array',
'required' => false,
),
));
register_rest_route('wordfence/v1', '/config', array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array($this, 'setConfig'),
'permission_callback' => array($this, 'verifyToken'),
'fields' => array(
'description' => __('Specific config options to set.', 'wordfence'),
'type' => 'array',
'required' => true,
),
));
register_rest_route('wordfence/v1', '/disconnect', array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array($this, 'disconnect'),
'permission_callback' => array($this, 'verifyToken'),
));
register_rest_route('wordfence/v1', '/premium-connect', array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array($this, 'premiumConnect'),
'permission_callback' => array($this, 'verifyTokenPremium'),
));
}
/**
* @param WP_REST_Request $request
* @return mixed|WP_REST_Response
*/
public function getConfig($request) {
$fields = (array) $request['fields'];
$config = array();
$firewall = new wfFirewall();
$wafFields = array(
'autoPrepend' => $firewall->protectionMode() === wfFirewall::PROTECTION_MODE_EXTENDED,
'avoid_php_input' => wfWAF::getInstance()->getStorageEngine()->getConfig('avoid_php_input', false) ? 1 : 0,
'disabledRules' => array_keys((array) wfWAF::getInstance()->getStorageEngine()->getConfig('disabledRules')),
'ruleCount' => count((array) wfWAF::getInstance()->getRules()),
'disableWAFBlacklistBlocking' => wfWAF::getInstance()->getStorageEngine()->getConfig('disableWAFBlacklistBlocking'),
'enabled' => $firewall->wafStatus() !== wfFirewall::FIREWALL_MODE_DISABLED,
'firewallMode' => $firewall->firewallMode(),
'learningModeGracePeriod' => wfWAF::getInstance()->getStorageEngine()->getConfig('learningModeGracePeriod'),
'learningModeGracePeriodEnabled' => wfWAF::getInstance()->getStorageEngine()->getConfig('learningModeGracePeriodEnabled'),
'subdirectoryInstall' => $firewall->isSubDirectoryInstallation(),
'wafStatus' => $firewall->wafStatus(),
);
$lsFields = array(
Controller_Settings::OPTION_XMLRPC_ENABLED => Controller_Settings::shared()->get(Controller_Settings::OPTION_XMLRPC_ENABLED),
Controller_Settings::OPTION_2FA_WHITELISTED => Controller_Settings::shared()->get(Controller_Settings::OPTION_2FA_WHITELISTED),
Controller_Settings::OPTION_IP_SOURCE => Controller_Settings::shared()->get(Controller_Settings::OPTION_IP_SOURCE),
Controller_Settings::OPTION_IP_TRUSTED_PROXIES => Controller_Settings::shared()->get(Controller_Settings::OPTION_IP_TRUSTED_PROXIES),
Controller_Settings::OPTION_REQUIRE_2FA_ADMIN => Controller_Settings::shared()->get(Controller_Settings::OPTION_REQUIRE_2FA_ADMIN),
Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD_ENABLED => Controller_Settings::shared()->get(Controller_Settings::OPTION_REQUIRE_2FA_GRACE_PERIOD_ENABLED),
Controller_Settings::OPTION_GLOBAL_NOTICES => Controller_Settings::shared()->get(Controller_Settings::OPTION_GLOBAL_NOTICES),
Controller_Settings::OPTION_REMEMBER_DEVICE_ENABLED => Controller_Settings::shared()->get(Controller_Settings::OPTION_REMEMBER_DEVICE_ENABLED),
Controller_Settings::OPTION_REMEMBER_DEVICE_DURATION => Controller_Settings::shared()->get(Controller_Settings::OPTION_REMEMBER_DEVICE_DURATION),
Controller_Settings::OPTION_ALLOW_XML_RPC => Controller_Settings::shared()->get(Controller_Settings::OPTION_ALLOW_XML_RPC),
Controller_Settings::OPTION_ENABLE_AUTH_CAPTCHA => Controller_Settings::shared()->get(Controller_Settings::OPTION_ENABLE_AUTH_CAPTCHA),
Controller_Settings::OPTION_RECAPTCHA_THRESHOLD => Controller_Settings::shared()->get(Controller_Settings::OPTION_RECAPTCHA_THRESHOLD),
Controller_Settings::OPTION_LAST_SECRET_REFRESH => Controller_Settings::shared()->get(Controller_Settings::OPTION_LAST_SECRET_REFRESH),
);
// Convert the database strings to typed values.
foreach ($lsFields as $lsField => $value) {
$lsFields[$lsField] = Controller_Settings::shared()->clean($lsField, $value);
}
if (!$fields) {
foreach (wfConfig::$defaultConfig as $group => $groupOptions) {
foreach ($groupOptions as $field => $values) {
$fields[] = $field;
}
}
foreach ($wafFields as $wafField => $value) {
$fields[] = 'waf.' . $wafField;
}
foreach ($lsFields as $lsField => $value) {
$fields[] = 'wfls_settings_' . $lsField;
}
}
foreach ($fields as $field) {
if (strpos($field, 'waf.') === 0) {
$wafField = substr($field, 4);
if (array_key_exists($wafField, $wafFields)) {
$config['waf'][$wafField] = $wafFields[$wafField];
}
continue;
}
if (strpos($field, 'wfls_settings_') === 0) {
$lsField = substr($field, 14);
if (array_key_exists($lsField, $lsFields)) {
$config['wfls_settings_' . $lsField] = $lsFields[$lsField];
}
continue;
}
if (array_key_exists($field, wfConfig::$defaultConfig['checkboxes'])) {
$config[$field] = (bool) wfConfig::get($field);
} else if (array_key_exists($field, wfConfig::$defaultConfig['otherParams']) ||
array_key_exists($field, wfConfig::$defaultConfig['defaultsOnly'])) {
$configConfig = !empty(wfConfig::$defaultConfig['otherParams'][$field]) ?
wfConfig::$defaultConfig['otherParams'][$field] : wfConfig::$defaultConfig['defaultsOnly'][$field];
if (!empty($configConfig['validation']['type'])) {
switch ($configConfig['validation']['type']) {
case wfConfig::TYPE_INT:
$config[$field] = wfConfig::getInt($field);
break;
case wfConfig::TYPE_DOUBLE:
case wfConfig::TYPE_FLOAT:
$config[$field] = floatval(wfConfig::get($field));
break;
case wfConfig::TYPE_BOOL:
$config[$field] = (bool) wfConfig::get($field);
break;
case wfConfig::TYPE_ARRAY:
$config[$field] = wfConfig::get_ser($field);
break;
case wfConfig::TYPE_STRING:
default:
$config[$field] = wfConfig::get($field);
break;
}
} else {
$config[$field] = wfConfig::get($field);
}
} else if (in_array($field, wfConfig::$serializedOptions)) {
$config[$field] = wfConfig::get_ser($field);
}
}
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
parse_str($api->makeAPIQueryString(), $qs);
$systemInfo = json_decode(wfUtils::base64url_decode($qs['s']), true);
$systemInfo['output_buffering'] = ini_get('output_buffering');
$systemInfo['ip'] = wfUtils::getIPAndServerVariable();
$systemInfo['detected_ips'] = wfUtils::getAllServerVariableIPs();
$systemInfo['admin_url'] = network_admin_url();
$response = rest_ensure_response(array(
'config' => $config,
'info' => $systemInfo,
));
return $response;
}
/**
* @param WP_REST_Request $request
* @return mixed|WP_REST_Response
*/
public function setConfig($request) {
wfCentral::preventConfigurationSync();
$fields = $request['fields'];
if (is_array($fields) && $fields) {
$loginSecurityConfig = array();
foreach ($fields as $key => $value) {
if (strpos($key, 'wfls_settings_') === 0) {
$lsField = substr($key, 14);
$loginSecurityConfig[$lsField] = $value;
}
}
if ($loginSecurityConfig) {
$errors = Controller_Settings::shared()->validate_multiple($loginSecurityConfig);
if ($errors !== true) {
if (count($errors) == 1) {
return new WP_Error('rest_set_config_error',
sprintf(
/* translators: Error message. */
__('An error occurred while saving the configuration: %s', 'wordfence'), $errors[0]['error']),
array('status' => 422));
} else if (count($errors) > 1) {
$compoundMessage = array();
foreach ($errors as $e) {
$compoundMessage[] = $e['error'];
}
return new WP_Error('rest_set_config_error',
sprintf(
/* translators: Error message. */
__('Errors occurred while saving the configuration: %s', 'wordfence'), implode(', ', $compoundMessage)),
array('status' => 422));
}
return new WP_Error('rest_set_config_error',
__('Errors occurred while saving the configuration.', 'wordfence'),
array('status' => 422));
}
try {
Controller_Settings::shared()->set_multiple($loginSecurityConfig);
foreach ($fields as $key => $value) {
if (strpos($key, 'wfls_settings_') === 0) {
unset($fields[$key]);
}
}
} catch (Exception $e) {
return new WP_Error('rest_save_config_error',
sprintf(
/* translators: Error message. */
__('A server error occurred while saving the configuration: %s', 'wordfence'), $e->getMessage()),
array('status' => 500));
}
}
$errors = wfConfig::validate($fields);
if ($errors !== true) {
if (count($errors) == 1) {
return new WP_Error('rest_set_config_error',
sprintf(
/* translators: Error message. */
__('An error occurred while saving the configuration: %s', 'wordfence'), $errors[0]['error']),
array('status' => 422));
} else if (count($errors) > 1) {
$compoundMessage = array();
foreach ($errors as $e) {
$compoundMessage[] = $e['error'];
}
return new WP_Error('rest_set_config_error',
sprintf(
/* translators: Error message. */
__('Errors occurred while saving the configuration: %s', 'wordfence'), implode(', ', $compoundMessage)),
array('status' => 422));
}
return new WP_Error('rest_set_config_error',
__('Errors occurred while saving the configuration.', 'wordfence'),
array('status' => 422));
}
try {
wfConfig::save($fields);
return rest_ensure_response(array(
'success' => true,
));
} catch (Exception $e) {
return new WP_Error('rest_save_config_error',
sprintf(
/* translators: Error message. */
__('A server error occurred while saving the configuration: %s', 'wordfence'), $e->getMessage()),
array('status' => 500));
}
}
return new WP_Error('rest_save_config_error',
__("Validation error: 'fields' parameter is empty or not an array.", 'wordfence'),
array('status' => 422));
}
/**
* @param WP_REST_Request $request
* @return mixed|WP_REST_Response
*/
public function disconnect($request) {
self::disconnectConfig(!empty($this->tokenData['adminEmail']) ? $this->tokenData['adminEmail'] : self::WF_CENTRAL_USER_MARKER);
return rest_ensure_response(array(
'success' => true,
));
}
/**
* @param WP_REST_Request $request
* @return mixed|WP_REST_Response
*/
public function premiumConnect($request) {
require_once(WORDFENCE_PATH . '/lib/sodium_compat_fast.php');
// Store values sent by Central.
$wordfenceCentralPK = $request['public-key'];
$wordfenceCentralSiteData = $request['site-data'];
$wordfenceCentralSiteID = $request['site-id'];
$keypair = ParagonIE_Sodium_Compat::crypto_sign_keypair();
$publicKey = ParagonIE_Sodium_Compat::crypto_sign_publickey($keypair);
$secretKey = ParagonIE_Sodium_Compat::crypto_sign_secretkey($keypair);
wfConfig::set('wordfenceCentralSecretKey', $secretKey);
wfConfig::set('wordfenceCentralConnected', 1);
wfConfig::set('wordfenceCentralCurrentStep', 6);
wfConfig::set('wordfenceCentralPK', pack("H*", $wordfenceCentralPK));
wfConfig::set('wordfenceCentralSiteData', json_encode($wordfenceCentralSiteData));
wfConfig::set('wordfenceCentralSiteID', $wordfenceCentralSiteID);
wfConfig::set('wordfenceCentralConnectTime', time());
wfConfig::set('wordfenceCentralConnectEmail', !empty($this->tokenData['adminEmail']) ? $this->tokenData['adminEmail'] : null);
// Return values created by Wordfence.
return rest_ensure_response(array(
'success' => true,
'public-key' => ParagonIE_Sodium_Compat::bin2hex($publicKey),
));
}
}
All system for education purposes only. For more tools: Telegram @jackleet