Allow for the use of an alternate authentication route (redirect_uri) as opposed to the default admin-ajax method

isekai
Jonathan Daggerhart 8 years ago
parent 0dc448fee5
commit 14d0ec44f6

@ -63,7 +63,14 @@ class OpenID_Connect_Generic_Client_Wrapper {
add_action( 'wp_ajax_openid-connect-authorize', array( $client_wrapper, 'authentication_request_callback' ) );
add_action( 'wp_ajax_nopriv_openid-connect-authorize', array( $client_wrapper, 'authentication_request_callback' ) );
}
if ( $settings->alternate_redirect_uri ){
// provide an alternate route for authentication_request_callback
add_rewrite_rule( '^openid-connect-authorize/?', 'index.php?openid-connect-authorize=1', 'top' );
add_rewrite_tag( '%openid-connect-authorize%', '1' );
add_action( 'parse_request', array( $client_wrapper, 'alternate_redirect_uri_parse_request' ) );
}
// verify token for any logged in user
if ( is_user_logged_in() ) {
$client_wrapper->ensure_tokens_still_fresh();
@ -72,6 +79,24 @@ class OpenID_Connect_Generic_Client_Wrapper {
return $client_wrapper;
}
/**
* Implements WP action - parse_request
*
* @param $query
*
* @return mixed
*/
function alternate_redirect_uri_parse_request( $query ){
if ( isset( $query->query_vars['openid-connect-authorize'] ) &&
$query->query_vars['openid-connect-authorize'] === '1' )
{
$this->authentication_request_callback();
exit;
}
return $query;
}
/**
* WP Hook for altering remote request timeout
*
@ -259,7 +284,6 @@ class OpenID_Connect_Generic_Client_Wrapper {
* returning from the IDP.
*/
function authentication_request_callback() {
$settings = $this->settings;
$client = $this->client;
// start the authentication flow

@ -118,6 +118,12 @@ class OpenID_Connect_Generic_Settings_Page {
'type' => 'checkbox',
'section' => 'authorization_settings',
),
'alternate_redirect_uri' => array(
'title' => __( 'Alternate Redirect URI' ),
'description' => __( 'Provide an alternative redirect route. Useful if your server is causing issues with the default admin-ajax method. You must flush rewrite rules after changing this setting. This can be done by saving the Permalinks settings page.' ),
'type' => 'checkbox',
'section' => 'authorization_settings',
),
'link_existing_users' => array(
'title' => __( 'Link Existing Users' ),
'description' => __( 'If a WordPress account already exists with the same email address as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error.' ),
@ -280,6 +286,11 @@ class OpenID_Connect_Generic_Settings_Page {
* Output the options/settings page
*/
public function settings_page() {
$redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
if ( $this->settings->alternate_redirect_uri ){
$redirect_uri = site_url( '/openid-connect-authorize' );
}
?>
<div class="wrap">
<h2><?php print esc_html( get_admin_page_title() ); ?></h2>
@ -301,7 +312,7 @@ class OpenID_Connect_Generic_Settings_Page {
<p class="description">
<strong><?php _e( 'Redirect URI' ); ?></strong>
<code><?php print admin_url( 'admin-ajax.php?action=openid-connect-authorize' ); ?></code>
<code><?php print $redirect_uri; ?></code>
</p>
<p class="description">
<strong><?php _e( 'Login Button Shortcode' ); ?></strong>

@ -71,6 +71,12 @@ class OpenID_Connect_Generic {
* WP Hook 'init'
*/
function init(){
$redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
if ( $this->settings->alternate_redirect_uri ){
$redirect_uri = site_url( '/openid-connect-authorize' );
}
$this->client = new OpenID_Connect_Generic_Client(
$this->settings->client_id,
$this->settings->client_secret,
@ -78,8 +84,7 @@ class OpenID_Connect_Generic {
$this->settings->endpoint_login,
$this->settings->endpoint_userinfo,
$this->settings->endpoint_token,
// redirect uri
admin_url( 'admin-ajax.php?action=openid-connect-authorize' )
$redirect_uri
);
$this->client_wrapper = OpenID_Connect_Generic_Client_Wrapper::register( $this->client, $this->settings, $this->logger );
@ -194,6 +199,7 @@ class OpenID_Connect_Generic {
// plugin settings
'enforce_privacy' => 0,
'alternate_redirect_uri' => 0,
'link_existing_users' => 0,
'redirect_user_back' => 0,
'enable_logging' => 0,

Loading…
Cancel
Save