Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow for the use of an alternate authentication route (redirect_uri) as opposed to the default admin-ajax method

Browse Source
isekai
Jonathan Daggerhart 8 years ago
parent 0dc448fee5
commit 14d0ec44f6
3 changed files with 46 additions and 5 deletions
Show Stats Download Patch File Download Diff File

28
includes/openid-connect-generic-client-wrapper.php
Unescape Escape View File

@ -63,7 +63,14 @@ class OpenID_Connect_Generic_Client_Wrapper {
add_action( 'wp_ajax_openid-connect-authorize', array( $client_wrapper, 'authentication_request_callback' ) ); add_action( 'wp_ajax_openid-connect-authorize', array( $client_wrapper, 'authentication_request_callback' ) );
add_action( 'wp_ajax_nopriv_openid-connect-authorize', array( $client_wrapper, 'authentication_request_callback' ) ); add_action( 'wp_ajax_nopriv_openid-connect-authorize', array( $client_wrapper, 'authentication_request_callback' ) );
} }
if ( $settings->alternate_redirect_uri ){
// provide an alternate route for authentication_request_callback
add_rewrite_rule( '^openid-connect-authorize/?', 'index.php?openid-connect-authorize=1', 'top' );
add_rewrite_tag( '%openid-connect-authorize%', '1' );
add_action( 'parse_request', array( $client_wrapper, 'alternate_redirect_uri_parse_request' ) );
}
// verify token for any logged in user // verify token for any logged in user
if ( is_user_logged_in() ) { if ( is_user_logged_in() ) {
$client_wrapper->ensure_tokens_still_fresh(); $client_wrapper->ensure_tokens_still_fresh();
@ -72,6 +79,24 @@ class OpenID_Connect_Generic_Client_Wrapper {
return $client_wrapper; return $client_wrapper;
} }
/**
* Implements WP action - parse_request
*
* @param $query
*
* @return mixed
*/
function alternate_redirect_uri_parse_request( $query ){
if ( isset( $query->query_vars['openid-connect-authorize'] ) &&
$query->query_vars['openid-connect-authorize'] === '1' )
{
$this->authentication_request_callback();
exit;
}
return $query;
}
/** /**
* WP Hook for altering remote request timeout * WP Hook for altering remote request timeout
* *
@ -259,7 +284,6 @@ class OpenID_Connect_Generic_Client_Wrapper {
* returning from the IDP. * returning from the IDP.
*/ */
function authentication_request_callback() { function authentication_request_callback() {
$settings = $this->settings;
$client = $this->client; $client = $this->client;
// start the authentication flow // start the authentication flow

13
includes/openid-connect-generic-settings-page.php
Unescape Escape View File

@ -118,6 +118,12 @@ class OpenID_Connect_Generic_Settings_Page {
'type' => 'checkbox', 'type' => 'checkbox',
'section' => 'authorization_settings', 'section' => 'authorization_settings',
), ),
'alternate_redirect_uri' => array(
'title' => __( 'Alternate Redirect URI' ),
'description' => __( 'Provide an alternative redirect route. Useful if your server is causing issues with the default admin-ajax method. You must flush rewrite rules after changing this setting. This can be done by saving the Permalinks settings page.' ),
'type' => 'checkbox',
'section' => 'authorization_settings',
),
'link_existing_users' => array( 'link_existing_users' => array(
'title' => __( 'Link Existing Users' ), 'title' => __( 'Link Existing Users' ),
'description' => __( 'If a WordPress account already exists with the same email address as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error.' ), 'description' => __( 'If a WordPress account already exists with the same email address as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error.' ),
@ -280,6 +286,11 @@ class OpenID_Connect_Generic_Settings_Page {
* Output the options/settings page * Output the options/settings page
*/ */
public function settings_page() { public function settings_page() {
$redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
if ( $this->settings->alternate_redirect_uri ){
$redirect_uri = site_url( '/openid-connect-authorize' );
}
?> ?>
<div class="wrap"> <div class="wrap">
<h2><?php print esc_html( get_admin_page_title() ); ?></h2> <h2><?php print esc_html( get_admin_page_title() ); ?></h2>
@ -301,7 +312,7 @@ class OpenID_Connect_Generic_Settings_Page {
<p class="description"> <p class="description">
<strong><?php _e( 'Redirect URI' ); ?></strong> <strong><?php _e( 'Redirect URI' ); ?></strong>
<code><?php print admin_url( 'admin-ajax.php?action=openid-connect-authorize' ); ?></code> <code><?php print $redirect_uri; ?></code>
</p> </p>
<p class="description"> <p class="description">
<strong><?php _e( 'Login Button Shortcode' ); ?></strong> <strong><?php _e( 'Login Button Shortcode' ); ?></strong>

10
openid-connect-generic.php
Unescape Escape View File

@ -71,6 +71,12 @@ class OpenID_Connect_Generic {
* WP Hook 'init' * WP Hook 'init'
*/ */
function init(){ function init(){
$redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
if ( $this->settings->alternate_redirect_uri ){
$redirect_uri = site_url( '/openid-connect-authorize' );
}
$this->client = new OpenID_Connect_Generic_Client( $this->client = new OpenID_Connect_Generic_Client(
$this->settings->client_id, $this->settings->client_id,
$this->settings->client_secret, $this->settings->client_secret,
@ -78,8 +84,7 @@ class OpenID_Connect_Generic {
$this->settings->endpoint_login, $this->settings->endpoint_login,
$this->settings->endpoint_userinfo, $this->settings->endpoint_userinfo,
$this->settings->endpoint_token, $this->settings->endpoint_token,
// redirect uri $redirect_uri
admin_url( 'admin-ajax.php?action=openid-connect-authorize' )
); );
$this->client_wrapper = OpenID_Connect_Generic_Client_Wrapper::register( $this->client, $this->settings, $this->logger ); $this->client_wrapper = OpenID_Connect_Generic_Client_Wrapper::register( $this->client, $this->settings, $this->logger );
@ -194,6 +199,7 @@ class OpenID_Connect_Generic {
// plugin settings // plugin settings
'enforce_privacy' => 0, 'enforce_privacy' => 0,
'alternate_redirect_uri' => 0,
'link_existing_users' => 0, 'link_existing_users' => 0,
'redirect_user_back' => 0, 'redirect_user_back' => 0,
'enable_logging' => 0, 'enable_logging' => 0,

Write Preview
Loading…
Cancel
Save