Merge pull request #217 from timnolte/feature/client-id-secret-env

Feature - Client Configuration w/ Environment Variables/Defined Constants

.npmrc

@@ -0,0 +1 @@
+save-exact = true

.nvmrc

@@ -0,0 +1 @@
+lts/erbium

.travis.yml

@@ -29,7 +29,6 @@ git:
 
 cache:
   directories:
-    - vendor
     - $HOME/.composer/cache
 
 # Define a matrix of additional build configurations
@@ -76,7 +75,7 @@ before_install:
   - composer require "wordpress/wordpress:${WP_VERSION}" --dev --prefer-source --no-update
 
 install:
-  - composer update --prefer-source --no-interaction --dev --optimize-autoloader
+  - composer update --prefer-source --no-interaction --optimize-autoloader
   - npm install
 
 before_script:

changelog.md

@@ -1,5 +1,15 @@
 # OpenId Connect Generic Changelog
 
+3.8.0
+
+* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
+* Improvement: @timnolte - NPM version requirements for development.
+* Improvement: @timnolte - Travis CI build fixes.
+* Improvement: @timnolte - GrumPHP configuration updates for code contributions.
+* Improvement: @timnolte - Refactored to meet WordPress coding standards.
+* Improvement: @timnolte - Refactored to provide localization.
+* Improvement: @timnolte - Refactored to provide a Docker-based local development environment.
+
 3.7.1
 
 * Fix: Release Version Number.

composer.json

@@ -25,7 +25,7 @@
   },
 	"config": {
 		"platform": {
-			"php": "7.1"
+			"php": "7.3"
 		},
 		"optimize-autoloader": true
 	},
@@ -57,7 +57,7 @@
 		"dealerdirect/phpcodesniffer-composer-installer": "^0.6",
 		"brain/monkey": "^2.4",
 		"mockery/mockery": "^1.3",
-		"phpro/grumphp": "^0.16.2",
+		"phpro/grumphp": "^0.21",
 		"sensiolabs/security-checker": "^5.0",
 		"phpstan/phpstan-deprecation-rules": "^0.12.4"
 	},

grumphp.yml.dist

@@ -1,7 +1,6 @@
 # grumphp.yml
-parameters:
-  git_dir: .
-  bin_dir: 'vendor/bin'
+grumphp:
+  hide_circumvention_tip: true
   stop_on_failure: true
   process_timeout: 120
   parallel:
@@ -10,6 +9,11 @@ parameters:
   fixer:
     enabled: false
     fix_by_default: false
+  environment:
+    variables:
+      GRUMPHP_BIN_DIR: 'vendor/bin'
+    paths:
+      - 'node_modules/.bin'
   tasks:
     git_blacklist:
       keywords:
@@ -24,18 +28,25 @@ parameters:
     git_commit_message:
       allow_empty_message: false
       enforce_capitalized_subject: true
-    grunt:
-      task: checktextdomain
+      enforce_no_subject_punctuations: true
+      enforce_no_subject_trailing_period: true
+    npm_script:
+      script: 'i18n:check'
+      is_run_task: true
       triggered_by: [php]
+      metadata:
+        label: 'i18n Check'
     phpcs:
       standard: './phpcs.xml.dist'
       report: 'summary'
       ignore_patterns:
         - '/^assets\/(.*)/'
+      triggered_by: [php]
     phpstan:
       configuration: './phpstan.neon.dist'
       level: 5
       ignore_patterns:
         - '/^assets\/(.*)/'
       memory_limit: '-1'
+      triggered_by: [php]
     securitychecker: ~

includes/openid-connect-generic-login-form.php

@@ -153,7 +153,7 @@ class OpenID_Connect_Generic_Login_Form {
 		ob_start();
 		?>
 		<div id="login_error">
-			<strong><?php printf( _e( 'ERROR (%1$s)', 'daggerhart-openid-connect-generic' ), $error_code ); ?>: </strong>
+			<strong><?php printf( __( 'ERROR (%1$s)', 'daggerhart-openid-connect-generic' ), $error_code ); ?>: </strong>
 			<?php print esc_html( $error_message ); ?>
 		</div>
 		<?php

includes/openid-connect-generic-option-settings.php

@@ -80,6 +80,20 @@ class OpenID_Connect_Generic_Option_Settings {
 	 */
 	private $default_settings;
 
+	/**
+	 * List of settings that can be defined by environment variables.
+	 *
+	 * @var array<string,string>
+	 */
+	private $environment_settings = array(
+		'client_id'            => 'OIDC_CLIENT_ID',
+		'client_secret'        => 'OIDC_CLIENT_SECRET',
+		'endpoint_login'       => 'OIDC_ENDPOINT_LOGIN_URL',
+		'endpoint_userinfo'    => 'OIDC_ENDPOINT_USERINFO_URL',
+		'endpoint_token'       => 'OIDC_ENDPOINT_TOKEN_URL',
+		'endpoint_end_session' => 'OIDC_ENDPOINT_LOGOUT_URL',
+	);
+
 	/**
 	 * The class constructor.
 	 *
@@ -96,6 +110,13 @@ class OpenID_Connect_Generic_Option_Settings {
 			$this->values = (array) get_option( $this->option_name, $this->default_settings );
 		}
 
+		// For each defined environment variable/constant be sure the settings key is set.
+		foreach ( $this->environment_settings as $key => $constant ) {
+			if ( defined( $constant ) ) {
+				$this->__set( $key, constant( $constant ) );
+			}
+		}
+
 		if ( $granular_defaults ) {
 			$this->values = array_replace_recursive( $this->default_settings, $this->values );
 		}
@@ -172,6 +193,15 @@ class OpenID_Connect_Generic_Option_Settings {
 	 * @return void
 	 */
 	function save() {
+
+		// For each defined environment variable/constant be sure it isn't saved to the database.
+		foreach ( $this->environment_settings as $key => $constant ) {
+			if ( defined( $constant ) ) {
+				$this->__unset( $key );
+			}
+		}
+
 		update_option( $this->option_name, $this->values );
+
 	}
 }

includes/openid-connect-generic-settings-page.php

@@ -223,12 +223,14 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'The ID this client will be recognized as when connecting the to Identity provider server.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'my-wordpress-client-id',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_CLIENT_ID' ),
 				'section'     => 'client_settings',
 			),
 			'client_secret'     => array(
 				'title'       => __( 'Client Secret Key', 'daggerhart-openid-connect-generic' ),
 				'description' => __( 'Arbitrary secret key the server expects from this client. Can be anything, but should be very unique.', 'daggerhart-openid-connect-generic' ),
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_CLIENT_SECRET' ),
 				'section'     => 'client_settings',
 			),
 			'scope'             => array(
@@ -243,6 +245,7 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'Identify provider authorization endpoint.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'https://example.com/oauth2/authorize',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_ENDPOINT_LOGIN_URL' ),
 				'section'     => 'client_settings',
 			),
 			'endpoint_userinfo' => array(
@@ -250,6 +253,7 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'Identify provider User information endpoint.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'https://example.com/oauth2/UserInfo',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_ENDPOINT_USERINFO_URL' ),
 				'section'     => 'client_settings',
 			),
 			'endpoint_token'    => array(
@@ -257,6 +261,7 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'Identify provider token endpoint.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'https://example.com/oauth2/token',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_ENDPOINT_TOKEN_URL' ),
 				'section'     => 'client_settings',
 			),
 			'endpoint_end_session'    => array(
@@ -264,6 +269,7 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'Identify provider logout endpoint.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'https://example.com/oauth2/logout',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ),
 				'section'     => 'client_settings',
 			),
 			'identity_key'     => array(
@@ -465,10 +471,11 @@ class OpenID_Connect_Generic_Settings_Page {
 	public function do_text_field( $field ) {
 		?>
 		<input type="<?php print esc_attr( $field['type'] ); ?>"
-			   id="<?php print esc_attr( $field['key'] ); ?>"
-			   class="large-text"
-			   name="<?php print esc_attr( $field['name'] ); ?>"
-			   value="<?php print esc_attr( $this->settings->{ $field['key'] } ); ?>">
+				<?php echo ( ! empty( $field['disabled'] ) && boolval( $field['disabled'] ) ) ? ' disabled' : ''; ?>
+			  id="<?php print esc_attr( $field['key'] ); ?>"
+			  class="large-text<?php echo ( ! empty( $field['disabled'] ) && boolval( $field['disabled'] ) ) ? ' disabled' : ''; ?>"
+			  name="<?php print esc_attr( $field['name'] ); ?>"
+			  value="<?php print esc_attr( $this->settings->{ $field['key'] } ); ?>">
 		<?php
 		$this->do_field_description( $field );
 	}

openid-connect-generic.php

@@ -325,14 +325,14 @@ class OpenID_Connect_Generic {
 			// Default settings values.
 			array(
 				// OAuth client settings.
-				'login_type'        => 'button',
-				'client_id'         => '',
-				'client_secret'     => '',
-				'scope'             => '',
-				'endpoint_login'    => '',
-				'endpoint_userinfo' => '',
-				'endpoint_token'    => '',
-				'endpoint_end_session' => '',
+				'login_type'           => 'button',
+				'client_id'            => defined( 'OIDC_CLIENT_ID' ) ? OIDC_CLIENT_ID : '',
+				'client_secret'        => defined( 'OIDC_CLIENT_SECRET' ) ? OIDC_CLIENT_SECRET : '',
+				'scope'                => '',
+				'endpoint_login'       => defined( 'OIDC_ENDPOINT_LOGIN_URL' ) ? OIDC_ENDPOINT_LOGIN_URL : '',
+				'endpoint_userinfo'    => defined( 'OIDC_ENDPOINT_USERINFO_URL' ) ? OIDC_ENDPOINT_USERINFO_URL : '',
+				'endpoint_token'       => defined( 'OIDC_ENDPOINT_TOKEN_URL' ) ? OIDC_ENDPOINT_TOKEN_URL : '',
+				'endpoint_end_session' => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ) ? OIDC_ENDPOINT_LOGOUT_URL : '',
 
 				// Non-standard settings.
 				'no_sslverify'    => 0,

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "openid-connect-generic",
-	"version": "3.7.0",
+	"version": "3.7.1",
 	"description": "OpenID Connect generic WordPress plugin.",
 	"main": "Gruntfile.js",
 	"repository": {
@@ -20,21 +20,29 @@
 	"dependencies": {
 		"dev-require": "^0.1.0"
 	},
+	"engines": {
+		"node": "12.18.3",
+		"npm": "6.14.8"
+	},
 	"devDependencies": {
 		"@floatwork/grunt-po2mo": "^0.3.0",
 		"@ndigitals/grunt-checkrepo": "^0.2.0",
 		"@wordpress/env": "^1.6.0",
-		"@wordpress/scripts": "^12.1.0",
-		"grunt": "~1.0.4",
+		"@wordpress/scripts": "12.2.0",
+		"check-node-version": "^4.0.3",
+		"grunt": "1.3.0",
 		"grunt-checkbranch": "^1.0.4",
 		"grunt-checktextdomain": "^1.0.1",
+		"grunt-cli": "^1.3.2",
 		"grunt-contrib-clean": "^2.0.0",
 		"grunt-contrib-copy": "^1.0.0",
 		"grunt-gitinfo": "^0.1.9",
 		"grunt-shell": "^2.1.0",
 		"grunt-wp-i18n": "^1.0.3",
-		"grunt-wp-readme-to-markdown": "~2.0.0",
+		"grunt-wp-readme-to-markdown": "^2.0.0",
 		"load-grunt-tasks": "^3.5",
+		"node": "^12.18.3",
+		"npm": "^6.14.8",
 		"puppeteer": "^1.20.0",
 		"typescript": "^3.9.7"
 	},
@@ -48,6 +56,8 @@
 		"grunt": "node_modules/.bin/grunt",
 		"test": "npm run grunt test",
 		"build": "npm run grunt build",
+		"check-engines": "wp-scripts check-engines",
+		"check-licenses": "wp-scripts check-licenses",
 		"wp-env": "wp-env",
 		"wp": "wp-env run cli wp",
 		"i18n:check": "npm run grunt checktextdomain",

readme.md

@@ -21,6 +21,7 @@ Much of the documentation can be found on the Settings > OpenID Connect Generic
 - [Frequently Asked Questions](#frequently-asked-questions)
     - [What is the client's Redirect URI?](#what-is-the-clients-redirect-uri)
     - [Can I change the client's Redirect URI?](#can-i-change-the-clients-redirect-uri)
+- [Configuration Environment Variables/Constants](#configuration-environment-variables-constants)
 - [Hooks](#hooks)
     - [Filters](#filters)
         - [openid-connect-generic-alter-request](#openid-connect-generic-alter-request)
@@ -73,6 +74,15 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 **Alternate Redirect URI**. When checked, the plugin will use the Redirect URI 
 `https://example.com/openid-connect-authorize`.
 
+## Configuration Environment Variables/Constants
+
+- Client ID: `OIDC_CLIENT_ID`
+- Client Secret Key: `OIDC_CLIENT_SECRET`
+- Login Endpoint URL: `OIDC_ENDPOINT_LOGIN_URL`
+- Userinfo Endpoint URL: `OIDC_ENDPOINT_USERINFO_URL`
+- Token Validation Endpoint URL: `OIDC_ENDPOINT_TOKEN_URL`
+- End Session Endpoint URL: `OIDC_ENDPOINT_LOGOUT_URL`
+
 ## Hooks
 
 This plugin provides a number of hooks to allow for a significant amount of customization of the plugin operations from 

readme.txt

@@ -1,7 +1,7 @@
 === OpenID Connect Generic Client ===
 Contributors: daggerhart, tnolte
 Donate link: http://www.daggerhart.com/
-Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso 
+Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso
 Requires at least: 4.9
 Tested up to: 5.4.2
 Stable tag: trunk
@@ -15,7 +15,7 @@ A simple client that provides SSO or opt-in authentication against a generic OAu
 
 This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.
 Once installed, it can be configured to automatically authenticate users (SSO), or provide a "Login with OpenID Connect"
-button on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while 
+button on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while
 new users are created in WordPress database.
 
 Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.
@@ -51,6 +51,16 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 
 == Changelog ==
 
+= 3.8.0 =
+
+* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
+* Improvement: @timnolte - NPM version requirements for development.
+* Improvement: @timnolte - Travis CI build fixes.
+* Improvement: @timnolte - GrumPHP configuration updates for code contributions.
+* Improvement: @timnolte - Refactored to meet WordPress coding standards.
+* Improvement: @timnolte - Refactored to provide localization.
+* Improvement: @timnolte - Refactored to provide a Docker-based local development environment.
+
 = 3.7.1 =
 
 * Fix: Release Version Number.
@@ -119,7 +129,7 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 
 = 3.1.0 =
 
-* Feature: @rwasef1830 - Refresh tokens 
+* Feature: @rwasef1830 - Refresh tokens
 * Feature: @rwasef1830 - Integrated logout support with end_session endpoint
 * Feature: May use an alternate redirect_uri that doesn't rely on admin-ajax
 * Feature: @ahatherly - Support for IDP behind reverse proxy
@@ -136,8 +146,8 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 
 = 3.0.7 =
 
-* Bug fix: @wgengarelly - When requesting userinfo, send the access token using the Authorization header field as recommended in 
-section 5.3.1 of the specs. 
+* Bug fix: @wgengarelly - When requesting userinfo, send the access token using the Authorization header field as recommended in
+section 5.3.1 of the specs.
 
 = 3.0.6 =
 

tests/phpstan-bootstrap.php

@@ -16,4 +16,10 @@ defined( 'WP_LANG_DIR' ) || define( 'WP_LANG_DIR', 'wordpress/src/wp-includes/la
 defined( 'COOKIE_DOMAIN' ) || define( 'COOKIE_DOMAIN', 'localhost' );
 defined( 'COOKIEPATH' ) || define( 'COOKIEPATH', '/');
 
-
+// Define Plugin Globals.
+defined( 'OIDC_CLIENT_ID' ) || define( 'OIDC_CLIENT_ID', bin2hex( random_bytes( 32 ) ) );
+defined( 'OIDC_CLIENT_SECRET' ) || define( 'OIDC_CLIENT_SECRET', bin2hex( random_bytes( 16 ) ) );
+defined( 'OIDC_ENDPOINT_LOGIN_URL' ) || define( 'OIDC_ENDPOINT_LOGIN_URL', 'https://oidc/oauth2/authorize' );
+defined( 'OIDC_ENDPOINT_USERINFO_URL' ) || define( 'OIDC_ENDPOINT_USERINFO_URL', 'https://oidc/oauth2/userinfo' );
+defined( 'OIDC_ENDPOINT_TOKEN_URL' ) || define( 'OIDC_ENDPOINT_TOKEN_URL', 'https://oidc/oauth2/token' );
+defined( 'OIDC_ENDPOINT_LOGOUT_URL' ) || define( 'OIDC_ENDPOINT_LOGOUT_URL', 'https://oidc/oauth2/logout' );