Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

whitespace- switching to sweet-sweet tabs

Browse Source
isekai
Jonathan Daggerhart 10 years ago
parent 782e674def
commit 0ddb501a55
2 changed files with 1036 additions and 1014 deletions
Show Stats Download Patch File Download Diff File

110
admin/openid-connect-generic-settings.php
Unescape Escape View File

@ -18,7 +18,7 @@ class OpenID_Connect_Generic_Settings {
/**
* @param $settings
*/
function __construct( $settings ){
function __construct( $settings ) {
$this->settings = $settings;
$this->settings_field_group = OPENID_CONNECT_GENERIC_SETTINGS_NAME . '-group';
@ -39,90 +39,90 @@ class OpenID_Connect_Generic_Settings {
*/
$fields = array(
'login_type' => array(
'title' => __('Login Type'),
'description' => __('Select how the client (login form) should provide login options.'),
'title' => __( 'Login Type' ),
'description' => __( 'Select how the client (login form) should provide login options.' ),
'type' => 'select',
'options' => array(
'button' => __('OpenID Connect button on login form'),
'auto' => __('Auto Login - SSO'),
'button' => __( 'OpenID Connect button on login form' ),
'auto' => __( 'Auto Login - SSO' ),
),
'section' => 'client_settings',
),
'ep_login' => array(
'title' => __('Login Endpoint URL'),
'description' => __('Identify provider authorization endpoint.'),
'title' => __( 'Login Endpoint URL' ),
'description' => __( 'Identify provider authorization endpoint.' ),
'example' => 'https://example.com/oauth2/authorize',
'type' => 'text',
'section' => 'client_settings',
),
'ep_token' => array(
'title' => __('Token Validation Endpoint URL'),
'description' => __('Identify provider token endpoint.'),
'title' => __( 'Token Validation Endpoint URL' ),
'description' => __( 'Identify provider token endpoint.' ),
'example' => 'https://example.com/oauth2/token',
'type' => 'text',
'section' => 'client_settings',
),
'ep_userinfo' => array(
'title' => __('Userinfo Endpoint URL'),
'description' => __('Identify provider User information endpoint.'),
'title' => __( 'Userinfo Endpoint URL' ),
'description' => __( 'Identify provider User information endpoint.' ),
'example' => 'https://example.com/oauth2/UserInfo',
'type' => 'text',
'section' => 'client_settings',
),
'no_sslverify' => array(
'title' => __('Disable SSL Verify'),
'description' => __('Do not require SSL verification during authorization. The OAuth extension uses curl to make the request. By default CURL will generally verify the SSL certificate to see if its valid an issued by an accepted CA. This setting disabled that verification.'),
'title' => __( 'Disable SSL Verify' ),
'description' => __( 'Do not require SSL verification during authorization. The OAuth extension uses curl to make the request. By default CURL will generally verify the SSL certificate to see if its valid an issued by an accepted CA. This setting disabled that verification.' ),
'type' => 'checkbox',
'section' => 'client_settings',
),
'client_id' => array(
'title' => __('Client ID'),
'description' => __('The ID this client will be recognized as when connecting the to Identity provider server.'),
'title' => __( 'Client ID' ),
'description' => __( 'The ID this client will be recognized as when connecting the to Identity provider server.' ),
'example' => 'my-wordpress-client-id',
'type' => 'text',
'section' => 'client_settings',
),
'client_secret' => array(
'title' => __('Client Secret Key'),
'description' => __('Arbitrary secret key the server expects from this client. Can be anything, but should be very unique.'),
'title' => __( 'Client Secret Key' ),
'description' => __( 'Arbitrary secret key the server expects from this client. Can be anything, but should be very unique.' ),
'type' => 'text',
'section' => 'client_settings',
),
'scope' => array(
'title' => __('OpenID Scope'),
'description' => __('Space separated list of scopes this client should access.'),
'title' => __( 'OpenID Scope' ),
'description' => __( 'Space separated list of scopes this client should access.' ),
'example' => 'email profile openid',
'type' => 'text',
'section' => 'client_settings',
),
'identity_key' => array(
'title' => __('Identity Key'),
'description' => __('Where in the response array to find the identification data. When in doubt, use "sub".'),
'title' => __( 'Identity Key' ),
'description' => __( 'Where in the response array to find the identification data. When in doubt, use "sub".' ),
'example' => 'sub',
'type' => 'text',
'section' => 'client_settings',
),
'allowed_regex' => array(
'title' => __('Authorization Regex'),
'description' => __('Provide a regular expression that enforces your expectations concerning the identity value returned from the IDP.'),
'title' => __( 'Authorization Regex' ),
'description' => __( 'Provide a regular expression that enforces your expectations concerning the identity value returned from the IDP.' ),
'type' => 'text',
'section' => 'authorization_settings',
),
'enforce_privacy' => array(
'title' => __('Enforce Privacy'),
'description' => __('Require users be logged in to see the site.'),
'title' => __( 'Enforce Privacy' ),
'description' => __( 'Require users be logged in to see the site.' ),
'type' => 'checkbox',
'section' => 'authorization_settings',
),
'enable_logging' => array(
'title' => __('Enable Logging'),
'description' => __('Very simple log messages for debugging purposes.'),
'title' => __( 'Enable Logging' ),
'description' => __( 'Very simple log messages for debugging purposes.' ),
'type' => 'checkbox',
'section' => 'log_settings',
),
'log_limit' => array(
'title' => __('Log Limit'),
'description' => __('Number of items to keep in the log. These logs are stored as an option in the database, so space is limited.'),
'title' => __( 'Log Limit' ),
'description' => __( 'Number of items to keep in the log. These logs are stored as an option in the database, so space is limited.' ),
'type' => 'number',
'section' => 'log_settings',
),
@ -146,33 +146,36 @@ class OpenID_Connect_Generic_Settings {
*/
public function admin_menu() {
add_options_page(
__('OpenID Connect - Generic Client'),
__('OpenID Connect Client'),
__( 'OpenID Connect - Generic Client' ),
__( 'OpenID Connect Client' ),
'manage_options',
$this->options_page_name,
array( $this, 'settings_page') );
array( $this, 'settings_page' ) );
}
/**
* Implements hook admin_init to register our settings
*/
public function admin_init() {
register_setting( $this->settings_field_group, OPENID_CONNECT_GENERIC_SETTINGS_NAME, array( $this, 'sanitize_settings' ) );
register_setting( $this->settings_field_group, OPENID_CONNECT_GENERIC_SETTINGS_NAME, array(
$this,
'sanitize_settings'
) );
add_settings_section( 'client_settings',
__('Client Settings'),
__( 'Client Settings' ),
array( $this, 'client_settings_description' ),
$this->options_page_name
);
add_settings_section( 'authorization_settings',
__('Authorization Settings'),
__( 'Authorization Settings' ),
array( $this, 'authorization_settings_description' ),
$this->options_page_name
);
add_settings_section( 'log_settings',
__('Log Settings'),
__( 'Log Settings' ),
array( $this, 'log_settings_description' ),
$this->options_page_name
);
@ -180,8 +183,8 @@ class OpenID_Connect_Generic_Settings {
// preprocess fields and add them to the page
foreach ( $this->settings_fields as $key => $field ) {
// make sure each key exists in the settings array
if ( ! isset( $this->settings[ $key ] ) ){
$this->settings[ $key ] = null;
if ( ! isset( $this->settings[ $key ] ) ) {
$this->settings[ $key ] = NULL;
}
// determine appropriate output callback
@ -214,6 +217,7 @@ class OpenID_Connect_Generic_Settings {
* Sanitization callback for settings/option page
*
* @param $input - submitted settings values
*
* @return array
*/
public function sanitize_settings( $input ) {
@ -221,7 +225,7 @@ class OpenID_Connect_Generic_Settings {
// loop through settings fields to control what we're saving
foreach ( $this->settings_fields as $key => $field ) {
if ( isset( $input[ $key ] ) ){
if ( isset( $input[ $key ] ) ) {
$options[ $key ] = sanitize_text_field( trim( $input[ $key ] ) );
}
else {
@ -239,6 +243,7 @@ class OpenID_Connect_Generic_Settings {
?>
<div class="wrap">
<h2><?php print esc_html( get_admin_page_title() ); ?></h2>
<form method="post" action="options.php">
<?php
settings_fields( $this->settings_field_group );
@ -247,17 +252,19 @@ class OpenID_Connect_Generic_Settings {
?>
</form>
<h4><?php _e('Notes'); ?></h4>
<h4><?php _e( 'Notes' ); ?></h4>
<p class="description">
<strong><?php _e('Redirect URI'); ?></strong> <code><?php print admin_url( 'admin-ajax.php?action=openid-connect-authorize' ); ?></code>
<strong><?php _e( 'Redirect URI' ); ?></strong>
<code><?php print admin_url( 'admin-ajax.php?action=openid-connect-authorize' ); ?></code>
</p>
<?php
$logs = get_option( 'openid_connect_generic_logs', array() );
if ( !empty( $logs ) ) {
if ( ! empty( $logs ) ) {
?>
<h4><?php _e('Logs'); ?></h4>
<h4><?php _e( 'Logs' ); ?></h4>
<table class="wp-list-table widefat fixed striped posts">
<thead>
<th>Type</th>
@ -266,7 +273,7 @@ class OpenID_Connect_Generic_Settings {
<th style="width: 65%;">Data</th>
</thead>
<tbody>
<?php foreach( $logs as $log ){ ?>
<?php foreach ( $logs as $log ) { ?>
<tr>
<td><?php print $log['type']; ?></td>
<td><?php print date( 'Y-m-d H:i:s', $log['time'] ); ?></td>
@ -312,7 +319,7 @@ class OpenID_Connect_Generic_Settings {
id="<?php print esc_attr( $field['key'] ); ?>"
name="<?php print esc_attr( $field['name'] ); ?>"
value="1"
<?php checked( $this->settings[ $field['key'] ] , 1 ); ?>>
<?php checked( $this->settings[ $field['key'] ], 1 ); ?>>
<?php
$this->do_field_description( $field );
}
@ -321,7 +328,7 @@ class OpenID_Connect_Generic_Settings {
* @param $field
*/
function do_select( $field ) {
$current_value = ( $this->settings[ $field['key'] ] ? $this->settings[ $field['key'] ] : '');
$current_value = ( $this->settings[ $field['key'] ] ? $this->settings[ $field['key'] ] : '' );
?>
<select name="<?php print esc_attr( $field['name'] ); ?>">
<?php foreach ( $field['options'] as $value => $text ): ?>
@ -337,27 +344,28 @@ class OpenID_Connect_Generic_Settings {
*
* @param $field
*/
public function do_field_description( $field ){
public function do_field_description( $field ) {
?>
<p class="description">
<?php print $field['description']; ?>
<?php if ( isset( $field['example'] ) ) : ?>
<br /><strong><?php _e( 'Example' ); ?>: </strong><code><?php print $field['example']; ?></code>
<br/><strong><?php _e( 'Example' ); ?>: </strong>
<code><?php print $field['example']; ?></code>
<?php endif; ?>
</p>
<?php
}
public function client_settings_description() {
_e('Enter your OpenID Connect identity provider settings');
_e( 'Enter your OpenID Connect identity provider settings' );
}
public function authorization_settings_description() {
_e('Control the authorization mechanics of the site');
_e( 'Control the authorization mechanics of the site' );
}
public function log_settings_description() {
_e('Log information about login attempts through OpenID Connect Generic');
_e( 'Log information about login attempts through OpenID Connect Generic' );
}
}

182
openid-connect-generic.php
Unescape Escape View File

@ -62,28 +62,28 @@ class OpenID_Connect_Generic {
private $redirect_uri;
private $logs = null;
private $logs = NULL;
/**
* Initialize the plugin
*/
function __construct(){
function __construct() {
add_action( 'init', array( $this, 'init' ) );
$this->redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
// translatable errors
$this->errors = array(
1 => __('Cannot get authentication response'),
2 => __('Cannot get token response'),
3 => __('Cannot get user claims'),
4 => __('Cannot get valid token'),
5 => __('Cannot get user key'),
6 => __('Cannot create authorized user'),
7 => __('User not found'),
8 => __('You do not have access to this site'),
9 => __('Cannot get authorization to join this site'),
99 => __('Unknown error')
1 => __( 'Cannot get authentication response' ),
2 => __( 'Cannot get token response' ),
3 => __( 'Cannot get user claims' ),
4 => __( 'Cannot get valid token' ),
5 => __( 'Cannot get user key' ),
6 => __( 'Cannot create authorized user' ),
7 => __( 'User not found' ),
8 => __( 'You do not have access to this site' ),
9 => __( 'Cannot get authorization to join this site' ),
99 => __( 'Unknown error' )
);
}
@ -94,18 +94,19 @@ class OpenID_Connect_Generic {
* @return array
*/
public function get_settings() {
if ( ! empty( $this->settings ) ){
if ( ! empty( $this->settings ) ) {
return $this->settings;
}
$this->settings = wp_parse_args( get_option( OPENID_CONNECT_GENERIC_SETTINGS_NAME, array() ), $this->default_settings );
return $this->settings;
}
/**
* Retrieve all log messages
*/
public function get_logs(){
public function get_logs() {
if ( is_null( $this->logs ) ) {
$this->logs = get_option( 'openid_connect_generic_logs', array() );
}
@ -116,7 +117,7 @@ class OpenID_Connect_Generic {
/**
*
*/
public function log( $data, $type = 'error' ){
public function log( $data, $type = 'error' ) {
if ( (bool) $this->settings['enable_logging'] ) {
$this->add_log_message( $data, $type );
}
@ -128,7 +129,7 @@ class OpenID_Connect_Generic {
* @param $data array - extra data about the message
* @param $type string - simple message type string, defaults to error
*/
public function add_log_message( $data = array(), $type = 'error' ){
public function add_log_message( $data = array(), $type = 'error' ) {
// construct our message
$message = array(
'type' => $type,
@ -146,19 +147,19 @@ class OpenID_Connect_Generic {
while ( $items_to_remove > 0 ) {
array_shift( $logs );
$items_to_remove--;
$items_to_remove --;
}
// save our logs
$this->logs = $logs;
update_option( 'openid_connect_generic_logs', $logs, false );
update_option( 'openid_connect_generic_logs', $logs, FALSE );
}
/**
* Implements hook init
* - hook plugin into WP as needed
*/
public function init(){
public function init() {
// check the user's status based on plugin settings
$this->check_user_status();
@ -172,14 +173,23 @@ class OpenID_Connect_Generic {
add_filter( 'login_message', array( $this, 'login_message' ), 99 );
// alter the requests according to settings
add_filter( 'openid-connect-generic-alter-request', array( $this, 'alter_request' ), 10, 3 );
add_filter( 'openid-connect-generic-alter-request', array(
$this,
'alter_request'
), 10, 3 );
// administration yo!
if ( is_admin() ) {
// use the ajax url to handle processing authorization without any html output
// this callback will occur when then IDP returns with an authenticated value
add_action( 'wp_ajax_openid-connect-authorize', array( $this, 'auth_callback' ) );
add_action( 'wp_ajax_nopriv_openid-connect-authorize', array( $this, 'auth_callback' ) );
add_action( 'wp_ajax_openid-connect-authorize', array(
$this,
'auth_callback'
) );
add_action( 'wp_ajax_nopriv_openid-connect-authorize', array(
$this,
'auth_callback'
) );
// initialize the settings page
require_once OPENID_CONNECT_GENERIC_DIR . '/admin/openid-connect-generic-settings.php';
@ -190,17 +200,16 @@ class OpenID_Connect_Generic {
/**
* Validate the user's status based on plugin settings
*/
function check_user_status(){
function check_user_status() {
$settings = $this->get_settings();
// check if privacy enforcement is enabled
if ( $settings['enforce_privacy'] &&
! is_user_logged_in() &&
// avoid redirects on cron or ajax
( ! defined( 'DOING_AJAX') || ! DOING_AJAX ) &&
( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) &&
( ! defined( 'DOING_CRON' ) || ! DOING_CRON )
)
{
) {
global $pagenow;
// avoid redirect loop
@ -219,8 +228,8 @@ class OpenID_Connect_Generic {
/**
* Check the user's cookie
*/
function check_user_token(){
$is_openid_connect_user = get_user_meta( wp_get_current_user()->ID, 'openid-connect-generic-user', true );
function check_user_token() {
$is_openid_connect_user = get_user_meta( wp_get_current_user()->ID, 'openid-connect-generic-user', TRUE );
if ( is_user_logged_in() && ! empty( $is_openid_connect_user ) && ! isset( $_COOKIE[ $this->cookie_id_key ] ) ) {
wp_logout();
@ -233,7 +242,7 @@ class OpenID_Connect_Generic {
* Control the authentication and subsequent authorization of the user when
* returning from the IDP.
*/
function auth_callback(){
function auth_callback() {
$settings = $this->get_settings();
// look for an existing error of some kind
@ -242,7 +251,7 @@ class OpenID_Connect_Generic {
}
// make sure we have a legitimate authentication code and valid state
if ( !isset( $_GET['code'] ) || !isset( $_GET['state'] ) || !$this->check_state( $_GET['state'] ) ) {
if ( ! isset( $_GET['code'] ) || ! isset( $_GET['state'] ) || ! $this->check_state( $_GET['state'] ) ) {
$this->error( 1 );
}
@ -251,18 +260,18 @@ class OpenID_Connect_Generic {
$token_result = $this->request_authentication_token( $_GET['code'] );
// ensure the token is not an error generated by wp
if ( is_wp_error( $token_result ) ){
if ( is_wp_error( $token_result ) ) {
$this->error( 2, $token_result );
}
// extract token response from token
$token_response = json_decode( $token_result['body'], true );
$token_response = json_decode( $token_result['body'], TRUE );
// we need to ensure 3 specific items exist with the token response in order
// to proceed with confidence: id_token, access_token, and token_type == 'Bearer'
if ( ! isset( $token_response['id_token'] ) || ! isset( $token_response['access_token'] ) ||
! isset( $token_response['token_type'] ) || $token_response['token_type'] !== 'Bearer' )
{
! isset( $token_response['token_type'] ) || $token_response['token_type'] !== 'Bearer'
) {
$this->error( 4 );
}
@ -274,10 +283,10 @@ class OpenID_Connect_Generic {
// e.g. for the userinfo endpoint
// break apart the id_token int eh response for decoding
$tmp = explode('.', $token_response['id_token'] );
$tmp = explode( '.', $token_response['id_token'] );
// Extract the id_token's claims from the token
$id_token_claim = json_decode( base64_decode( $tmp[1] ), true );
$id_token_claim = json_decode( base64_decode( $tmp[1] ), TRUE );
// make sure we can find our identification data and that it has a value
if ( ! isset( $id_token_claim[ $settings['identity_key'] ] ) || empty( $id_token_claim[ $settings['identity_key'] ] ) ) {
@ -286,9 +295,9 @@ class OpenID_Connect_Generic {
// if desired, admins can use regex to determine if the identity value is valid
// according to their own standards expectations
if ( isset( $settings['allowed_regex'] ) && !empty( $settings['allowed_regex'] ) &&
preg_match( $settings['allowed_regex'], $id_token_claim[ $settings['identity_key'] ] ) !== 1)
{
if ( isset( $settings['allowed_regex'] ) && ! empty( $settings['allowed_regex'] ) &&
preg_match( $settings['allowed_regex'], $id_token_claim[ $settings['identity_key'] ] ) !== 1
) {
$this->error( 5 );
}
@ -300,7 +309,7 @@ class OpenID_Connect_Generic {
$this->error( 3, $user_claim_result );
}
$user_claim = json_decode( $user_claim_result['body'], true );
$user_claim = json_decode( $user_claim_result['body'], TRUE );
// make sure the id_token sub === user_claim sub, according to spec
if ( $id_token_claim[ $settings['identity_key'] ] !== $user_claim['sub'] ) {
@ -315,9 +324,9 @@ class OpenID_Connect_Generic {
// allow plugins / themes to halt the login process early
// based on the user_claim
$login_user = apply_filters( 'openid-connect-generic-user-login-test', true, $user_claim );
$login_user = apply_filters( 'openid-connect-generic-user-login-test', TRUE, $user_claim );
if ( ! $login_user ){
if ( ! $login_user ) {
$this->error( 8 );
}
@ -329,14 +338,13 @@ class OpenID_Connect_Generic {
'value' => $user_identity,
)
)
));
) );
// if we found an existing users, grab the first one returned
if ( $user_query->get_total() > 0 ) {
$users = $user_query->get_results();
$user = $users[0];
}
// otherwise, user does not exist and we'll need to create it
} // otherwise, user does not exist and we'll need to create it
else {
// default username & email to the user identity, since that is the only
// thing we can be sure to have
@ -347,8 +355,7 @@ class OpenID_Connect_Generic {
if ( isset( $user_claim['email'] ) ) {
$email = $user_claim['email'];
$username = $this->get_username_from_claim( $user_claim );
}
// if no name exists, attempt another request for userinfo
} // if no name exists, attempt another request for userinfo
else if ( isset( $token_response['access_token'] ) ) {
$user_claim_result = $this->request_userinfo( $token_response['access_token'] );
@ -357,7 +364,7 @@ class OpenID_Connect_Generic {
$this->error( 3, $user_claim_result );
}
$user_claim = json_decode( $user_claim_result['body'], true );
$user_claim = json_decode( $user_claim_result['body'], TRUE );
if ( isset( $user_claim['email'] ) ) {
$email = $user_claim['email'];
@ -367,29 +374,29 @@ class OpenID_Connect_Generic {
// allow other plugins / themes to determine authorization
// of new accounts based on the returned user claim
$create_user = apply_filters( 'openid-connect-generic-user-creation-test', true, $user_claim );
$create_user = apply_filters( 'openid-connect-generic-user-creation-test', TRUE, $user_claim );
if ( ! $create_user ) {
$this->error( 9 );
}
// create the new user
$uid = wp_create_user( $username, wp_generate_password( 32, true, true ), $email );
$uid = wp_create_user( $username, wp_generate_password( 32, TRUE, TRUE ), $email );
// make sure we didn't fail in creating the user
if ( is_wp_error( $uid ) ) {
$this->error( 6, $uid );
}
$this->log(array(
'message' => 'New user created: '. $uid
$this->log( array(
'message' => 'New user created: ' . $uid
), 'success' );
$user = get_user_by( 'id', $uid );
// save some meta data about this new user for the future
add_user_meta( $user->ID, 'openid-connect-generic-user', true, true );
add_user_meta( $user->ID, 'openid-connect-generic-user-identity', (string) $user_identity, true );
add_user_meta( $user->ID, 'openid-connect-generic-user', TRUE, TRUE );
add_user_meta( $user->ID, 'openid-connect-generic-user-identity', (string) $user_identity, TRUE );
// allow plugins / themes to take action on new user creation
do_action( 'openid-connect-generic-user-create', $user, $user_claim );
@ -407,13 +414,13 @@ class OpenID_Connect_Generic {
update_user_meta( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
// save our authorization cookie for the response expiration
$oauth_expiry = $token_response['expires_in'] + current_time( 'timestamp', true );
setcookie( $this->cookie_id_key, $user_identity, $oauth_expiry, COOKIEPATH, COOKIE_DOMAIN, true );
$oauth_expiry = $token_response['expires_in'] + current_time( 'timestamp', TRUE );
setcookie( $this->cookie_id_key, $user_identity, $oauth_expiry, COOKIEPATH, COOKIE_DOMAIN, TRUE );
// get a cookie and go home!
wp_set_auth_cookie( $user->ID, false );
wp_set_auth_cookie( $user->ID, FALSE );
$this->log(array(
$this->log( array(
'message' => "Successful login for: {$user->user_login} ({$user->ID})"
), 'success' );
@ -425,9 +432,10 @@ class OpenID_Connect_Generic {
* Using the authorization_code, request an authentication token from the idp
*
* @param $code - authorization_code
*
* @return array|\WP_Error
*/
function request_authentication_token( $code ){
function request_authentication_token( $code ) {
$settings = $this->get_settings();
$request = array(
@ -454,16 +462,17 @@ class OpenID_Connect_Generic {
* Using an access_token, request the userinfo from the idp
*
* @param $access_token
*
* @return array|\WP_Error
*/
function request_userinfo( $access_token ){
function request_userinfo( $access_token ) {
$settings = $this->get_settings();
// allow modifications to the request
$request = apply_filters( 'openid-connect-generic-alter-request', array(), $settings, 'get-userinfo' );
// attempt the request
$response = wp_remote_get( $settings['ep_userinfo'].'?access_token='.$access_token, $request );
$response = wp_remote_get( $settings['ep_userinfo'] . '?access_token=' . $access_token, $request );
return $response;
}
@ -474,11 +483,12 @@ class OpenID_Connect_Generic {
* @param $request
* @param $settings
* @param $op
*
* @return mixed
*/
function alter_request( $request, $settings, $op ){
function alter_request( $request, $settings, $op ) {
if ( isset( $settings['no_sslverify'] ) && $settings['no_sslverify'] ) {
$request['sslverify'] = false;
$request['sslverify'] = FALSE;
}
return $request;
@ -510,7 +520,7 @@ class OpenID_Connect_Generic {
*
* @return string
*/
function new_state(){
function new_state() {
$states = get_option( 'openid-connect-generic-valid-states', array() );
// new state w/ timestamp
@ -527,25 +537,26 @@ class OpenID_Connect_Generic {
* Check the validity of a given state
*
* @param $state
*
* @return bool
*/
function check_state( $state ){
function check_state( $state ) {
$states = get_option( 'openid-connect-generic-valid-states', array() );
$valid = false;
$valid = FALSE;
// remove any expired states
foreach ( $states as $code => $timestamp ){
foreach ( $states as $code => $timestamp ) {
if ( ( $timestamp + $this->state_time_limit ) < time() ) {
unset( $states[ $code ] );
}
}
// see if the current state is still within the list of valid states
if ( isset( $states[ $state ] ) ){
if ( isset( $states[ $state ] ) ) {
// state is valid, remove it
unset( $states[ $state ] );
$valid = true;
$valid = TRUE;
}
// save our altered states
@ -558,9 +569,10 @@ class OpenID_Connect_Generic {
* Implements filter login_message
*
* @param $message
*
* @return string
*/
function login_message( $message ){
function login_message( $message ) {
$settings = $this->get_settings();
// errors and auto login can't happen at the same time
@ -574,7 +586,7 @@ class OpenID_Connect_Generic {
// login button is appended to existing messages in case of error
if ( $settings['login_type'] == 'button' ) {
$message.= $this->login_button();
$message .= $this->login_button();
}
return $message;
@ -588,7 +600,7 @@ class OpenID_Connect_Generic {
*/
function error( $error_number ) {
$args = func_get_args();
$error_number = array_shift($args);
$error_number = array_shift( $args );
$url = wp_login_url() . '?login-error=' . $error_number;
$error = array(
@ -597,7 +609,7 @@ class OpenID_Connect_Generic {
);
// allow for additional error details
if ( !empty( $args ) ){
if ( ! empty( $args ) ) {
$error['details'] = $args;
}
@ -613,9 +625,10 @@ class OpenID_Connect_Generic {
* Display an error message to the user
*
* @param $error_number
*
* @return string
*/
function get_error_message( $error_number ){
function get_error_message( $error_number ) {
// fallback to unknown error
if ( ! isset( $this->errors[ $error_number ] ) ) {
$error_number = 99;
@ -634,8 +647,8 @@ class OpenID_Connect_Generic {
* @return string
*/
function login_button() {
$text = apply_filters( 'openid-connect-generic-login-button-text', __('Login with OpenID Connect') );
$href =$this->make_authentication_url();
$text = apply_filters( 'openid-connect-generic-login-button-text', __( 'Login with OpenID Connect' ) );
$href = $this->make_authentication_url();
ob_start();
?>
@ -651,30 +664,31 @@ class OpenID_Connect_Generic {
*
* Remove cookies
*/
function wp_logout(){
setcookie( $this->cookie_id_key , '1', 0, COOKIEPATH, COOKIE_DOMAIN, true );
function wp_logout() {
setcookie( $this->cookie_id_key, '1', 0, COOKIEPATH, COOKIE_DOMAIN, TRUE );
}
/**
* Avoid user_login collisions by incrementing
*
* @param $user_claim array
*
* @return string
*/
function get_username_from_claim( $user_claim ){
if ( isset( $user_claim['preferred_username'] ) && !empty( $user_claim['preferred_username'] ) ) {
function get_username_from_claim( $user_claim ) {
if ( isset( $user_claim['preferred_username'] ) && ! empty( $user_claim['preferred_username'] ) ) {
$desired_username = $user_claim['preferred_username'];
}
else if ( isset( $user_claim['name'] ) && !empty( $user_claim['name'] ) ) {
else if ( isset( $user_claim['name'] ) && ! empty( $user_claim['name'] ) ) {
$desired_username = $user_claim['name'];
}
else if ( isset( $user_claim['email'] ) && !empty( $user_claim['email'] ) ) {
else if ( isset( $user_claim['email'] ) && ! empty( $user_claim['email'] ) ) {
$tmp = explode( '@', $user_claim['email'] );
$desired_username = $tmp[0];
}
else {
// nothing to build a name from
return false;
return FALSE;
}
// normalize the data a bit
@ -688,7 +702,7 @@ class OpenID_Connect_Generic {
// etc
$count = 1;
while ( username_exists( $username ) ) {
$count++;
$count ++;
$username = $desired_name . $count;
}

Write Preview
Loading…
Cancel
Save