Merge pull request #217 from timnolte/feature/client-id-secret-env

Feature - Client Configuration w/ Environment Variables/Defined Constants
4 years ago · 3f6a2ca8ed
parent f7b74892d0 e5a2178b76
commit 3f6a2ca8ed
16 changed files with 6180 additions and 983 deletions
--- a/.npmrc
+++ b/.npmrc
@ -0,0 +1 @@
+save-exact = true
--- a/.nvmrc
+++ b/.nvmrc
@ -0,0 +1 @@
+lts/erbium
--- a/.travis.yml
+++ b/.travis.yml
@ -29,7 +29,6 @@ git:

 cache:
  directories:
-    - vendor
    - $HOME/.composer/cache

 # Define a matrix of additional build configurations
@ -76,7 +75,7 @@ before_install:
  - composer require "wordpress/wordpress:${WP_VERSION}" --dev --prefer-source --no-update

 install:
-  - composer update --prefer-source --no-interaction --dev --optimize-autoloader
+  - composer update --prefer-source --no-interaction --optimize-autoloader
  - npm install

 before_script:
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,15 @@
 # OpenId Connect Generic Changelog

+3.8.0
+
+* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
+* Improvement: @timnolte - NPM version requirements for development.
+* Improvement: @timnolte - Travis CI build fixes.
+* Improvement: @timnolte - GrumPHP configuration updates for code contributions.
+* Improvement: @timnolte - Refactored to meet WordPress coding standards.
+* Improvement: @timnolte - Refactored to provide localization.
+* Improvement: @timnolte - Refactored to provide a Docker-based local development environment.
+
 3.7.1

 * Fix: Release Version Number.
--- a/composer.json
+++ b/composer.json
@ -25,7 +25,7 @@
  },
 	"config": {
 		"platform": {
-			"php": "7.1"
+			"php": "7.3"
 		},
 		"optimize-autoloader": true
 	},
@ -57,7 +57,7 @@
 		"dealerdirect/phpcodesniffer-composer-installer": "^0.6",
 		"brain/monkey": "^2.4",
 		"mockery/mockery": "^1.3",
-		"phpro/grumphp": "^0.16.2",
+		"phpro/grumphp": "^0.21",
 		"sensiolabs/security-checker": "^5.0",
 		"phpstan/phpstan-deprecation-rules": "^0.12.4"
 	},
--- a/composer.lock
+++ b/composer.lock
--- a/grumphp.yml.dist
+++ b/grumphp.yml.dist
@ -1,7 +1,6 @@
 # grumphp.yml
-parameters:
-  git_dir: .
-  bin_dir: 'vendor/bin'
+grumphp:
+  hide_circumvention_tip: true
  stop_on_failure: true
  process_timeout: 120
  parallel:
@ -10,6 +9,11 @@ parameters:
  fixer:
    enabled: false
    fix_by_default: false
+  environment:
+    variables:
+      GRUMPHP_BIN_DIR: 'vendor/bin'
+    paths:
+      - 'node_modules/.bin'
  tasks:
    git_blacklist:
      keywords:
@ -24,18 +28,25 @@ parameters:
    git_commit_message:
      allow_empty_message: false
      enforce_capitalized_subject: true
-    grunt:
-      task: checktextdomain
+      enforce_no_subject_punctuations: true
+      enforce_no_subject_trailing_period: true
+    npm_script:
+      script: 'i18n:check'
+      is_run_task: true
      triggered_by: [php]
+      metadata:
+        label: 'i18n Check'
    phpcs:
      standard: './phpcs.xml.dist'
      report: 'summary'
      ignore_patterns:
        - '/^assets\/(.*)/'
+      triggered_by: [php]
    phpstan:
      configuration: './phpstan.neon.dist'
      level: 5
      ignore_patterns:
        - '/^assets\/(.*)/'
      memory_limit: '-1'
+      triggered_by: [php]
    securitychecker: ~
--- a/includes/openid-connect-generic-login-form.php
+++ b/includes/openid-connect-generic-login-form.php
@ -153,7 +153,7 @@ class OpenID_Connect_Generic_Login_Form {
 		ob_start();
 		?>
 		<div id="login_error">
-			<strong><?php printf( _e( 'ERROR (%1$s)', 'daggerhart-openid-connect-generic' ), $error_code ); ?>: </strong>
+			<strong><?php printf( __( 'ERROR (%1$s)', 'daggerhart-openid-connect-generic' ), $error_code ); ?>: </strong>
 			<?php print esc_html( $error_message ); ?>
 		</div>
 		<?php
--- a/includes/openid-connect-generic-option-settings.php
+++ b/includes/openid-connect-generic-option-settings.php
@ -80,6 +80,20 @@ class OpenID_Connect_Generic_Option_Settings {
 	 */
 	private $default_settings;

+	/**
+	 * List of settings that can be defined by environment variables.
+	 *
+	 * @var array<string,string>
+	 */
+	private $environment_settings = array(
+		'client_id'            => 'OIDC_CLIENT_ID',
+		'client_secret'        => 'OIDC_CLIENT_SECRET',
+		'endpoint_login'       => 'OIDC_ENDPOINT_LOGIN_URL',
+		'endpoint_userinfo'    => 'OIDC_ENDPOINT_USERINFO_URL',
+		'endpoint_token'       => 'OIDC_ENDPOINT_TOKEN_URL',
+		'endpoint_end_session' => 'OIDC_ENDPOINT_LOGOUT_URL',
+	);
+
 	/**
 	 * The class constructor.
 	 *
@ -96,6 +110,13 @@ class OpenID_Connect_Generic_Option_Settings {
 			$this->values = (array) get_option( $this->option_name, $this->default_settings );
 		}

+		// For each defined environment variable/constant be sure the settings key is set.
+		foreach ( $this->environment_settings as $key => $constant ) {
+			if ( defined( $constant ) ) {
+				$this->__set( $key, constant( $constant ) );
+			}
+		}
+
 		if ( $granular_defaults ) {
 			$this->values = array_replace_recursive( $this->default_settings, $this->values );
 		}
@ -172,6 +193,15 @@ class OpenID_Connect_Generic_Option_Settings {
 	 * @return void
 	 */
 	function save() {
+
+		// For each defined environment variable/constant be sure it isn't saved to the database.
+		foreach ( $this->environment_settings as $key => $constant ) {
+			if ( defined( $constant ) ) {
+				$this->__unset( $key );
+			}
+		}
+
 		update_option( $this->option_name, $this->values );
+
 	}
 }
--- a/includes/openid-connect-generic-settings-page.php
+++ b/includes/openid-connect-generic-settings-page.php
@ -223,12 +223,14 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'The ID this client will be recognized as when connecting the to Identity provider server.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'my-wordpress-client-id',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_CLIENT_ID' ),
 				'section'     => 'client_settings',
 			),
 			'client_secret'     => array(
 				'title'       => __( 'Client Secret Key', 'daggerhart-openid-connect-generic' ),
 				'description' => __( 'Arbitrary secret key the server expects from this client. Can be anything, but should be very unique.', 'daggerhart-openid-connect-generic' ),
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_CLIENT_SECRET' ),
 				'section'     => 'client_settings',
 			),
 			'scope'             => array(
@ -243,6 +245,7 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'Identify provider authorization endpoint.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'https://example.com/oauth2/authorize',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_ENDPOINT_LOGIN_URL' ),
 				'section'     => 'client_settings',
 			),
 			'endpoint_userinfo' => array(
@ -250,6 +253,7 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'Identify provider User information endpoint.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'https://example.com/oauth2/UserInfo',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_ENDPOINT_USERINFO_URL' ),
 				'section'     => 'client_settings',
 			),
 			'endpoint_token'    => array(
@ -257,6 +261,7 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'Identify provider token endpoint.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'https://example.com/oauth2/token',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_ENDPOINT_TOKEN_URL' ),
 				'section'     => 'client_settings',
 			),
 			'endpoint_end_session'    => array(
@ -264,6 +269,7 @@ class OpenID_Connect_Generic_Settings_Page {
 				'description' => __( 'Identify provider logout endpoint.', 'daggerhart-openid-connect-generic' ),
 				'example'     => 'https://example.com/oauth2/logout',
 				'type'        => 'text',
+				'disabled'    => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ),
 				'section'     => 'client_settings',
 			),
 			'identity_key'     => array(
@ -465,8 +471,9 @@ class OpenID_Connect_Generic_Settings_Page {
 	public function do_text_field( $field ) {
 		?>
 		<input type="<?php print esc_attr( $field['type'] ); ?>"
+				<?php echo ( ! empty( $field['disabled'] ) && boolval( $field['disabled'] ) ) ? ' disabled' : ''; ?>
 			  id="<?php print esc_attr( $field['key'] ); ?>"
-			   class="large-text"
+			  class="large-text<?php echo ( ! empty( $field['disabled'] ) && boolval( $field['disabled'] ) ) ? ' disabled' : ''; ?>"
 			  name="<?php print esc_attr( $field['name'] ); ?>"
 			  value="<?php print esc_attr( $this->settings->{ $field['key'] } ); ?>">
 		<?php
--- a/openid-connect-generic.php
+++ b/openid-connect-generic.php
@ -326,13 +326,13 @@ class OpenID_Connect_Generic {
 			array(
 				// OAuth client settings.
 				'login_type'           => 'button',
-				'client_id'         => '',
-				'client_secret'     => '',
+				'client_id'            => defined( 'OIDC_CLIENT_ID' ) ? OIDC_CLIENT_ID : '',
+				'client_secret'        => defined( 'OIDC_CLIENT_SECRET' ) ? OIDC_CLIENT_SECRET : '',
 				'scope'                => '',
-				'endpoint_login'    => '',
-				'endpoint_userinfo' => '',
-				'endpoint_token'    => '',
-				'endpoint_end_session' => '',
+				'endpoint_login'       => defined( 'OIDC_ENDPOINT_LOGIN_URL' ) ? OIDC_ENDPOINT_LOGIN_URL : '',
+				'endpoint_userinfo'    => defined( 'OIDC_ENDPOINT_USERINFO_URL' ) ? OIDC_ENDPOINT_USERINFO_URL : '',
+				'endpoint_token'       => defined( 'OIDC_ENDPOINT_TOKEN_URL' ) ? OIDC_ENDPOINT_TOKEN_URL : '',
+				'endpoint_end_session' => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ) ? OIDC_ENDPOINT_LOGOUT_URL : '',

 				// Non-standard settings.
 				'no_sslverify'    => 0,
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
 	"name": "openid-connect-generic",
-	"version": "3.7.0",
+	"version": "3.7.1",
 	"description": "OpenID Connect generic WordPress plugin.",
 	"main": "Gruntfile.js",
 	"repository": {
@ -20,21 +20,29 @@
 	"dependencies": {
 		"dev-require": "^0.1.0"
 	},
+	"engines": {
+		"node": "12.18.3",
+		"npm": "6.14.8"
+	},
 	"devDependencies": {
 		"@floatwork/grunt-po2mo": "^0.3.0",
 		"@ndigitals/grunt-checkrepo": "^0.2.0",
 		"@wordpress/env": "^1.6.0",
-		"@wordpress/scripts": "^12.1.0",
-		"grunt": "~1.0.4",
+		"@wordpress/scripts": "12.2.0",
+		"check-node-version": "^4.0.3",
+		"grunt": "1.3.0",
 		"grunt-checkbranch": "^1.0.4",
 		"grunt-checktextdomain": "^1.0.1",
+		"grunt-cli": "^1.3.2",
 		"grunt-contrib-clean": "^2.0.0",
 		"grunt-contrib-copy": "^1.0.0",
 		"grunt-gitinfo": "^0.1.9",
 		"grunt-shell": "^2.1.0",
 		"grunt-wp-i18n": "^1.0.3",
-		"grunt-wp-readme-to-markdown": "~2.0.0",
+		"grunt-wp-readme-to-markdown": "^2.0.0",
 		"load-grunt-tasks": "^3.5",
+		"node": "^12.18.3",
+		"npm": "^6.14.8",
 		"puppeteer": "^1.20.0",
 		"typescript": "^3.9.7"
 	},
@ -48,6 +56,8 @@
 		"grunt": "node_modules/.bin/grunt",
 		"test": "npm run grunt test",
 		"build": "npm run grunt build",
+		"check-engines": "wp-scripts check-engines",
+		"check-licenses": "wp-scripts check-licenses",
 		"wp-env": "wp-env",
 		"wp": "wp-env run cli wp",
 		"i18n:check": "npm run grunt checktextdomain",
--- a/readme.md
+++ b/readme.md
@ -21,6 +21,7 @@ Much of the documentation can be found on the Settings > OpenID Connect Generic
 - [Frequently Asked Questions](#frequently-asked-questions)
    - [What is the client's Redirect URI?](#what-is-the-clients-redirect-uri)
    - [Can I change the client's Redirect URI?](#can-i-change-the-clients-redirect-uri)
+- [Configuration Environment Variables/Constants](#configuration-environment-variables-constants)
 - [Hooks](#hooks)
    - [Filters](#filters)
        - [openid-connect-generic-alter-request](#openid-connect-generic-alter-request)
@ -73,6 +74,15 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 **Alternate Redirect URI**. When checked, the plugin will use the Redirect URI 
 `https://example.com/openid-connect-authorize`.

+## Configuration Environment Variables/Constants
+
+- Client ID: `OIDC_CLIENT_ID`
+- Client Secret Key: `OIDC_CLIENT_SECRET`
+- Login Endpoint URL: `OIDC_ENDPOINT_LOGIN_URL`
+- Userinfo Endpoint URL: `OIDC_ENDPOINT_USERINFO_URL`
+- Token Validation Endpoint URL: `OIDC_ENDPOINT_TOKEN_URL`
+- End Session Endpoint URL: `OIDC_ENDPOINT_LOGOUT_URL`
+
 ## Hooks

 This plugin provides a number of hooks to allow for a significant amount of customization of the plugin operations from 
--- a/readme.txt
+++ b/readme.txt
@ -51,6 +51,16 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene

 == Changelog ==

+= 3.8.0 =
+
+* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
+* Improvement: @timnolte - NPM version requirements for development.
+* Improvement: @timnolte - Travis CI build fixes.
+* Improvement: @timnolte - GrumPHP configuration updates for code contributions.
+* Improvement: @timnolte - Refactored to meet WordPress coding standards.
+* Improvement: @timnolte - Refactored to provide localization.
+* Improvement: @timnolte - Refactored to provide a Docker-based local development environment.
+
 = 3.7.1 =

 * Fix: Release Version Number.
--- a/tests/phpstan-bootstrap.php
+++ b/tests/phpstan-bootstrap.php
@ -16,4 +16,10 @@ defined( 'WP_LANG_DIR' ) || define( 'WP_LANG_DIR', 'wordpress/src/wp-includes/la
 defined( 'COOKIE_DOMAIN' ) || define( 'COOKIE_DOMAIN', 'localhost' );
 defined( 'COOKIEPATH' ) || define( 'COOKIEPATH', '/');

-
+// Define Plugin Globals.
+defined( 'OIDC_CLIENT_ID' ) || define( 'OIDC_CLIENT_ID', bin2hex( random_bytes( 32 ) ) );
+defined( 'OIDC_CLIENT_SECRET' ) || define( 'OIDC_CLIENT_SECRET', bin2hex( random_bytes( 16 ) ) );
+defined( 'OIDC_ENDPOINT_LOGIN_URL' ) || define( 'OIDC_ENDPOINT_LOGIN_URL', 'https://oidc/oauth2/authorize' );
+defined( 'OIDC_ENDPOINT_USERINFO_URL' ) || define( 'OIDC_ENDPOINT_USERINFO_URL', 'https://oidc/oauth2/userinfo' );
+defined( 'OIDC_ENDPOINT_TOKEN_URL' ) || define( 'OIDC_ENDPOINT_TOKEN_URL', 'https://oidc/oauth2/token' );
+defined( 'OIDC_ENDPOINT_LOGOUT_URL' ) || define( 'OIDC_ENDPOINT_LOGOUT_URL', 'https://oidc/oauth2/logout' );