a0_options = $a0_options; $this->api_delete_mfa = $api_delete_mfa; } /** * Add actions and filters for the profile page. * * @codeCoverageIgnore - Tested in TestProfileDeleteMfa::testInitHooks() */ public function init() { add_action( 'edit_user_profile', array( $this, 'show_delete_mfa' ) ); add_action( 'show_user_profile', array( $this, 'show_delete_mfa' ) ); add_action( 'wp_ajax_auth0_delete_mfa', array( $this, 'delete_mfa' ) ); } /** * Show the delete Auth0 MFA data button. * Hooked to: edit_user_profile, show_user_profile * IMPORTANT: Internal callback use only, do not call this function directly! */ public function show_delete_mfa() { if ( ! isset( $GLOBALS['user_id'] ) || ! current_user_can( 'edit_users', $GLOBALS['user_id'] ) ) { return; } if ( ! $this->a0_options->get( 'mfa' ) ) { return; } if ( ! get_auth0userinfo( $GLOBALS['user_id'] ) ) { return; } ?> __( 'Empty user_id', 'wp-auth0' ) ) ); } $user_id = $_POST['user_id']; if ( ! current_user_can( 'edit_users', $user_id ) ) { wp_send_json_error( array( 'error' => __( 'Forbidden', 'wp-auth0' ) ) ); } $profile = get_auth0userinfo( $user_id ); if ( ! $profile || empty( $profile->sub ) ) { wp_send_json_error( array( 'error' => __( 'Auth0 profile data not found', 'wp-auth0' ) ) ); } if ( ! $this->api_delete_mfa->call( $profile->sub ) ) { wp_send_json_error( array( 'error' => __( 'API call failed', 'wp-auth0' ) ) ); } wp_send_json_success(); } }