Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #217 from timnolte/feature/client-id-secret-env

Browse Source 
Feature - Client Configuration w/ Environment Variables/Defined Constants
isekai
Tim Nolte 4 years ago committed by GitHub
parent f7b74892d0 e5a2178b76
commit 3f6a2ca8ed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 6180 additions and 983 deletions
Show Stats Download Patch File Download Diff File

1
.npmrc
Unescape Escape View File

@ -0,0 +1 @@
save-exact = true

1
.nvmrc
Unescape Escape View File

@ -0,0 +1 @@
lts/erbium

3
.travis.yml
Unescape Escape View File

@ -29,7 +29,6 @@ git:
cache: cache:
directories: directories:
- vendor
- $HOME/.composer/cache - $HOME/.composer/cache
# Define a matrix of additional build configurations # Define a matrix of additional build configurations
@ -76,7 +75,7 @@ before_install:
- composer require "wordpress/wordpress:${WP_VERSION}" --dev --prefer-source --no-update - composer require "wordpress/wordpress:${WP_VERSION}" --dev --prefer-source --no-update
install: install:
- composer update --prefer-source --no-interaction --dev --optimize-autoloader - composer update --prefer-source --no-interaction --optimize-autoloader
- npm install - npm install
before_script: before_script:

10
changelog.md
Unescape Escape View File

@ -1,5 +1,15 @@
# OpenId Connect Generic Changelog # OpenId Connect Generic Changelog
3.8.0
* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
* Improvement: @timnolte - NPM version requirements for development.
* Improvement: @timnolte - Travis CI build fixes.
* Improvement: @timnolte - GrumPHP configuration updates for code contributions.
* Improvement: @timnolte - Refactored to meet WordPress coding standards.
* Improvement: @timnolte - Refactored to provide localization.
* Improvement: @timnolte - Refactored to provide a Docker-based local development environment.
3.7.1 3.7.1
* Fix: Release Version Number. * Fix: Release Version Number.

4
composer.json
Unescape Escape View File

@ -25,7 +25,7 @@
}, },
"config": { "config": {
"platform": { "platform": {
"php": "7.1" "php": "7.3"
}, },
"optimize-autoloader": true "optimize-autoloader": true
}, },
@ -57,7 +57,7 @@
"dealerdirect/phpcodesniffer-composer-installer": "^0.6", "dealerdirect/phpcodesniffer-composer-installer": "^0.6",
"brain/monkey": "^2.4", "brain/monkey": "^2.4",
"mockery/mockery": "^1.3", "mockery/mockery": "^1.3",
"phpro/grumphp": "^0.16.2", "phpro/grumphp": "^0.21",
"sensiolabs/security-checker": "^5.0", "sensiolabs/security-checker": "^5.0",
"phpstan/phpstan-deprecation-rules": "^0.12.4" "phpstan/phpstan-deprecation-rules": "^0.12.4"
}, },

1595
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

21
grumphp.yml.dist
Unescape Escape View File

@ -1,7 +1,6 @@
# grumphp.yml # grumphp.yml
parameters: grumphp:
git_dir: . hide_circumvention_tip: true
bin_dir: 'vendor/bin'
stop_on_failure: true stop_on_failure: true
process_timeout: 120 process_timeout: 120
parallel: parallel:
@ -10,6 +9,11 @@ parameters:
fixer: fixer:
enabled: false enabled: false
fix_by_default: false fix_by_default: false
environment:
variables:
GRUMPHP_BIN_DIR: 'vendor/bin'
paths:
- 'node_modules/.bin'
tasks: tasks:
git_blacklist: git_blacklist:
keywords: keywords:
@ -24,18 +28,25 @@ parameters:
git_commit_message: git_commit_message:
allow_empty_message: false allow_empty_message: false
enforce_capitalized_subject: true enforce_capitalized_subject: true
grunt: enforce_no_subject_punctuations: true
task: checktextdomain enforce_no_subject_trailing_period: true
npm_script:
script: 'i18n:check'
is_run_task: true
triggered_by: [php] triggered_by: [php]
metadata:
label: 'i18n Check'
phpcs: phpcs:
standard: './phpcs.xml.dist' standard: './phpcs.xml.dist'
report: 'summary' report: 'summary'
ignore_patterns: ignore_patterns:
- '/^assets\/(.*)/' - '/^assets\/(.*)/'
triggered_by: [php]
phpstan: phpstan:
configuration: './phpstan.neon.dist' configuration: './phpstan.neon.dist'
level: 5 level: 5
ignore_patterns: ignore_patterns:
- '/^assets\/(.*)/' - '/^assets\/(.*)/'
memory_limit: '-1' memory_limit: '-1'
triggered_by: [php]
securitychecker: ~ securitychecker: ~

2
includes/openid-connect-generic-login-form.php
Unescape Escape View File

@ -153,7 +153,7 @@ class OpenID_Connect_Generic_Login_Form {
ob_start(); ob_start();
?> ?>
<div id="login_error"> <div id="login_error">
<strong><?php printf( _e( 'ERROR (%1$s)', 'daggerhart-openid-connect-generic' ), $error_code ); ?>: </strong> <strong><?php printf( __( 'ERROR (%1$s)', 'daggerhart-openid-connect-generic' ), $error_code ); ?>: </strong>
<?php print esc_html( $error_message ); ?> <?php print esc_html( $error_message ); ?>
</div> </div>
<?php <?php

30
includes/openid-connect-generic-option-settings.php
Unescape Escape View File

@ -80,6 +80,20 @@ class OpenID_Connect_Generic_Option_Settings {
*/ */
private $default_settings; private $default_settings;
/**
* List of settings that can be defined by environment variables.
*
* @var array<string,string>
*/
private $environment_settings = array(
'client_id' => 'OIDC_CLIENT_ID',
'client_secret' => 'OIDC_CLIENT_SECRET',
'endpoint_login' => 'OIDC_ENDPOINT_LOGIN_URL',
'endpoint_userinfo' => 'OIDC_ENDPOINT_USERINFO_URL',
'endpoint_token' => 'OIDC_ENDPOINT_TOKEN_URL',
'endpoint_end_session' => 'OIDC_ENDPOINT_LOGOUT_URL',
);
/** /**
* The class constructor. * The class constructor.
* *
@ -96,6 +110,13 @@ class OpenID_Connect_Generic_Option_Settings {
$this->values = (array) get_option( $this->option_name, $this->default_settings ); $this->values = (array) get_option( $this->option_name, $this->default_settings );
} }
// For each defined environment variable/constant be sure the settings key is set.
foreach ( $this->environment_settings as $key => $constant ) {
if ( defined( $constant ) ) {
$this->__set( $key, constant( $constant ) );
}
}
if ( $granular_defaults ) { if ( $granular_defaults ) {
$this->values = array_replace_recursive( $this->default_settings, $this->values ); $this->values = array_replace_recursive( $this->default_settings, $this->values );
} }
@ -172,6 +193,15 @@ class OpenID_Connect_Generic_Option_Settings {
* @return void * @return void
*/ */
function save() { function save() {
// For each defined environment variable/constant be sure it isn't saved to the database.
foreach ( $this->environment_settings as $key => $constant ) {
if ( defined( $constant ) ) {
$this->__unset( $key );
}
}
update_option( $this->option_name, $this->values ); update_option( $this->option_name, $this->values );
} }
} }

15
includes/openid-connect-generic-settings-page.php
Unescape Escape View File

@ -223,12 +223,14 @@ class OpenID_Connect_Generic_Settings_Page {
'description' => __( 'The ID this client will be recognized as when connecting the to Identity provider server.', 'daggerhart-openid-connect-generic' ), 'description' => __( 'The ID this client will be recognized as when connecting the to Identity provider server.', 'daggerhart-openid-connect-generic' ),
'example' => 'my-wordpress-client-id', 'example' => 'my-wordpress-client-id',
'type' => 'text', 'type' => 'text',
'disabled' => defined( 'OIDC_CLIENT_ID' ),
'section' => 'client_settings', 'section' => 'client_settings',
), ),
'client_secret' => array( 'client_secret' => array(
'title' => __( 'Client Secret Key', 'daggerhart-openid-connect-generic' ), 'title' => __( 'Client Secret Key', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Arbitrary secret key the server expects from this client. Can be anything, but should be very unique.', 'daggerhart-openid-connect-generic' ), 'description' => __( 'Arbitrary secret key the server expects from this client. Can be anything, but should be very unique.', 'daggerhart-openid-connect-generic' ),
'type' => 'text', 'type' => 'text',
'disabled' => defined( 'OIDC_CLIENT_SECRET' ),
'section' => 'client_settings', 'section' => 'client_settings',
), ),
'scope' => array( 'scope' => array(
@ -243,6 +245,7 @@ class OpenID_Connect_Generic_Settings_Page {
'description' => __( 'Identify provider authorization endpoint.', 'daggerhart-openid-connect-generic' ), 'description' => __( 'Identify provider authorization endpoint.', 'daggerhart-openid-connect-generic' ),
'example' => 'https://example.com/oauth2/authorize', 'example' => 'https://example.com/oauth2/authorize',
'type' => 'text', 'type' => 'text',
'disabled' => defined( 'OIDC_ENDPOINT_LOGIN_URL' ),
'section' => 'client_settings', 'section' => 'client_settings',
), ),
'endpoint_userinfo' => array( 'endpoint_userinfo' => array(
@ -250,6 +253,7 @@ class OpenID_Connect_Generic_Settings_Page {
'description' => __( 'Identify provider User information endpoint.', 'daggerhart-openid-connect-generic' ), 'description' => __( 'Identify provider User information endpoint.', 'daggerhart-openid-connect-generic' ),
'example' => 'https://example.com/oauth2/UserInfo', 'example' => 'https://example.com/oauth2/UserInfo',
'type' => 'text', 'type' => 'text',
'disabled' => defined( 'OIDC_ENDPOINT_USERINFO_URL' ),
'section' => 'client_settings', 'section' => 'client_settings',
), ),
'endpoint_token' => array( 'endpoint_token' => array(
@ -257,6 +261,7 @@ class OpenID_Connect_Generic_Settings_Page {
'description' => __( 'Identify provider token endpoint.', 'daggerhart-openid-connect-generic' ), 'description' => __( 'Identify provider token endpoint.', 'daggerhart-openid-connect-generic' ),
'example' => 'https://example.com/oauth2/token', 'example' => 'https://example.com/oauth2/token',
'type' => 'text', 'type' => 'text',
'disabled' => defined( 'OIDC_ENDPOINT_TOKEN_URL' ),
'section' => 'client_settings', 'section' => 'client_settings',
), ),
'endpoint_end_session' => array( 'endpoint_end_session' => array(
@ -264,6 +269,7 @@ class OpenID_Connect_Generic_Settings_Page {
'description' => __( 'Identify provider logout endpoint.', 'daggerhart-openid-connect-generic' ), 'description' => __( 'Identify provider logout endpoint.', 'daggerhart-openid-connect-generic' ),
'example' => 'https://example.com/oauth2/logout', 'example' => 'https://example.com/oauth2/logout',
'type' => 'text', 'type' => 'text',
'disabled' => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ),
'section' => 'client_settings', 'section' => 'client_settings',
), ),
'identity_key' => array( 'identity_key' => array(
@ -465,10 +471,11 @@ class OpenID_Connect_Generic_Settings_Page {
public function do_text_field( $field ) { public function do_text_field( $field ) {
?> ?>
<input type="<?php print esc_attr( $field['type'] ); ?>" <input type="<?php print esc_attr( $field['type'] ); ?>"
id="<?php print esc_attr( $field['key'] ); ?>" <?php echo ( ! empty( $field['disabled'] ) && boolval( $field['disabled'] ) ) ? ' disabled' : ''; ?>
class="large-text" id="<?php print esc_attr( $field['key'] ); ?>"
name="<?php print esc_attr( $field['name'] ); ?>" class="large-text<?php echo ( ! empty( $field['disabled'] ) && boolval( $field['disabled'] ) ) ? ' disabled' : ''; ?>"
value="<?php print esc_attr( $this->settings->{ $field['key'] } ); ?>"> name="<?php print esc_attr( $field['name'] ); ?>"
value="<?php print esc_attr( $this->settings->{ $field['key'] } ); ?>">
<?php <?php
$this->do_field_description( $field ); $this->do_field_description( $field );
} }

16
openid-connect-generic.php
Unescape Escape View File

@ -325,14 +325,14 @@ class OpenID_Connect_Generic {
// Default settings values. // Default settings values.
array( array(
// OAuth client settings. // OAuth client settings.
'login_type' => 'button', 'login_type' => 'button',
'client_id' => '', 'client_id' => defined( 'OIDC_CLIENT_ID' ) ? OIDC_CLIENT_ID : '',
'client_secret' => '', 'client_secret' => defined( 'OIDC_CLIENT_SECRET' ) ? OIDC_CLIENT_SECRET : '',
'scope' => '', 'scope' => '',
'endpoint_login' => '', 'endpoint_login' => defined( 'OIDC_ENDPOINT_LOGIN_URL' ) ? OIDC_ENDPOINT_LOGIN_URL : '',
'endpoint_userinfo' => '', 'endpoint_userinfo' => defined( 'OIDC_ENDPOINT_USERINFO_URL' ) ? OIDC_ENDPOINT_USERINFO_URL : '',
'endpoint_token' => '', 'endpoint_token' => defined( 'OIDC_ENDPOINT_TOKEN_URL' ) ? OIDC_ENDPOINT_TOKEN_URL : '',
'endpoint_end_session' => '', 'endpoint_end_session' => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ) ? OIDC_ENDPOINT_LOGOUT_URL : '',
// Non-standard settings. // Non-standard settings.
'no_sslverify' => 0, 'no_sslverify' => 0,

5409
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

18
package.json
Unescape Escape View File

@ -1,6 +1,6 @@
{ {
"name": "openid-connect-generic", "name": "openid-connect-generic",
"version": "3.7.0", "version": "3.7.1",
"description": "OpenID Connect generic WordPress plugin.", "description": "OpenID Connect generic WordPress plugin.",
"main": "Gruntfile.js", "main": "Gruntfile.js",
"repository": { "repository": {
@ -20,21 +20,29 @@
"dependencies": { "dependencies": {
"dev-require": "^0.1.0" "dev-require": "^0.1.0"
}, },
"engines": {
"node": "12.18.3",
"npm": "6.14.8"
},
"devDependencies": { "devDependencies": {
"@floatwork/grunt-po2mo": "^0.3.0", "@floatwork/grunt-po2mo": "^0.3.0",
"@ndigitals/grunt-checkrepo": "^0.2.0", "@ndigitals/grunt-checkrepo": "^0.2.0",
"@wordpress/env": "^1.6.0", "@wordpress/env": "^1.6.0",
"@wordpress/scripts": "^12.1.0", "@wordpress/scripts": "12.2.0",
"grunt": "~1.0.4", "check-node-version": "^4.0.3",
"grunt": "1.3.0",
"grunt-checkbranch": "^1.0.4", "grunt-checkbranch": "^1.0.4",
"grunt-checktextdomain": "^1.0.1", "grunt-checktextdomain": "^1.0.1",
"grunt-cli": "^1.3.2",
"grunt-contrib-clean": "^2.0.0", "grunt-contrib-clean": "^2.0.0",
"grunt-contrib-copy": "^1.0.0", "grunt-contrib-copy": "^1.0.0",
"grunt-gitinfo": "^0.1.9", "grunt-gitinfo": "^0.1.9",
"grunt-shell": "^2.1.0", "grunt-shell": "^2.1.0",
"grunt-wp-i18n": "^1.0.3", "grunt-wp-i18n": "^1.0.3",
"grunt-wp-readme-to-markdown": "~2.0.0", "grunt-wp-readme-to-markdown": "^2.0.0",
"load-grunt-tasks": "^3.5", "load-grunt-tasks": "^3.5",
"node": "^12.18.3",
"npm": "^6.14.8",
"puppeteer": "^1.20.0", "puppeteer": "^1.20.0",
"typescript": "^3.9.7" "typescript": "^3.9.7"
}, },
@ -48,6 +56,8 @@
"grunt": "node_modules/.bin/grunt", "grunt": "node_modules/.bin/grunt",
"test": "npm run grunt test", "test": "npm run grunt test",
"build": "npm run grunt build", "build": "npm run grunt build",
"check-engines": "wp-scripts check-engines",
"check-licenses": "wp-scripts check-licenses",
"wp-env": "wp-env", "wp-env": "wp-env",
"wp": "wp-env run cli wp", "wp": "wp-env run cli wp",
"i18n:check": "npm run grunt checktextdomain", "i18n:check": "npm run grunt checktextdomain",

10
readme.md
Unescape Escape View File

@ -21,6 +21,7 @@ Much of the documentation can be found on the Settings > OpenID Connect Generic
- [Frequently Asked Questions](#frequently-asked-questions) - [Frequently Asked Questions](#frequently-asked-questions)
- [What is the client's Redirect URI?](#what-is-the-clients-redirect-uri) - [What is the client's Redirect URI?](#what-is-the-clients-redirect-uri)
- [Can I change the client's Redirect URI?](#can-i-change-the-clients-redirect-uri) - [Can I change the client's Redirect URI?](#can-i-change-the-clients-redirect-uri)
- [Configuration Environment Variables/Constants](#configuration-environment-variables-constants)
- [Hooks](#hooks) - [Hooks](#hooks)
- [Filters](#filters) - [Filters](#filters)
- [openid-connect-generic-alter-request](#openid-connect-generic-alter-request) - [openid-connect-generic-alter-request](#openid-connect-generic-alter-request)
@ -73,6 +74,15 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
**Alternate Redirect URI**. When checked, the plugin will use the Redirect URI **Alternate Redirect URI**. When checked, the plugin will use the Redirect URI
`https://example.com/openid-connect-authorize`. `https://example.com/openid-connect-authorize`.
## Configuration Environment Variables/Constants
- Client ID: `OIDC_CLIENT_ID`
- Client Secret Key: `OIDC_CLIENT_SECRET`
- Login Endpoint URL: `OIDC_ENDPOINT_LOGIN_URL`
- Userinfo Endpoint URL: `OIDC_ENDPOINT_USERINFO_URL`
- Token Validation Endpoint URL: `OIDC_ENDPOINT_TOKEN_URL`
- End Session Endpoint URL: `OIDC_ENDPOINT_LOGOUT_URL`
## Hooks ## Hooks
This plugin provides a number of hooks to allow for a significant amount of customization of the plugin operations from This plugin provides a number of hooks to allow for a significant amount of customization of the plugin operations from

10
readme.txt
Unescape Escape View File

@ -51,6 +51,16 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
== Changelog == == Changelog ==
= 3.8.0 =
* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
* Improvement: @timnolte - NPM version requirements for development.
* Improvement: @timnolte - Travis CI build fixes.
* Improvement: @timnolte - GrumPHP configuration updates for code contributions.
* Improvement: @timnolte - Refactored to meet WordPress coding standards.
* Improvement: @timnolte - Refactored to provide localization.
* Improvement: @timnolte - Refactored to provide a Docker-based local development environment.
= 3.7.1 = = 3.7.1 =
* Fix: Release Version Number. * Fix: Release Version Number.

8
tests/phpstan-bootstrap.php
Unescape Escape View File

@ -16,4 +16,10 @@ defined( 'WP_LANG_DIR' ) || define( 'WP_LANG_DIR', 'wordpress/src/wp-includes/la
defined( 'COOKIE_DOMAIN' ) || define( 'COOKIE_DOMAIN', 'localhost' ); defined( 'COOKIE_DOMAIN' ) || define( 'COOKIE_DOMAIN', 'localhost' );
defined( 'COOKIEPATH' ) || define( 'COOKIEPATH', '/'); defined( 'COOKIEPATH' ) || define( 'COOKIEPATH', '/');
// Define Plugin Globals.
defined( 'OIDC_CLIENT_ID' ) || define( 'OIDC_CLIENT_ID', bin2hex( random_bytes( 32 ) ) );
defined( 'OIDC_CLIENT_SECRET' ) || define( 'OIDC_CLIENT_SECRET', bin2hex( random_bytes( 16 ) ) );
defined( 'OIDC_ENDPOINT_LOGIN_URL' ) || define( 'OIDC_ENDPOINT_LOGIN_URL', 'https://oidc/oauth2/authorize' );
defined( 'OIDC_ENDPOINT_USERINFO_URL' ) || define( 'OIDC_ENDPOINT_USERINFO_URL', 'https://oidc/oauth2/userinfo' );
defined( 'OIDC_ENDPOINT_TOKEN_URL' ) || define( 'OIDC_ENDPOINT_TOKEN_URL', 'https://oidc/oauth2/token' );
defined( 'OIDC_ENDPOINT_LOGOUT_URL' ) || define( 'OIDC_ENDPOINT_LOGOUT_URL', 'https://oidc/oauth2/logout' );

Write Preview
Loading…
Cancel
Save