Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

3.8.0 Release (#230)

Browse Source 
* Initial Coding Standards & Static Analysis Chanages.
* Adds WordPress coding standards configuration.
* Adds WordPress/PHP static analysis configuration.
* Adds Git hooks to enforce checks and ensure quality on commits.
* Adds initial local Docker development environment setup.
* Current state of coding standards and analysis fixes.
* Near Completion Update of PHP Code Sniffer Compliance Changes.
* Fixes all PHP Code Sniffer WordPress Coding Standards Issues.
* Updates Code Base to Pass Level 5 Baseline
* Ensures PHP Code Sniffs continue to pass.
* Fixes all code base issues to pass a level 5 PHP static analysis.
* Updates PHPStan configurations to use a level 5 baseline.
* Fixes Travis CI Configuration for Static Analysis
* Fixes Plugin Pass i18n Checks
* Adds i18n check to Travis CI builds.
* Adds additional i18n run scripts to package.json.
* Internationalization Checking & Fixes
* Fixes missing i18n translation in main plugin file.
* Adds update POT file.
* Enforces i18n checks on commit with GrumPHP.
* Adds i18n check step to Travis CI builds.
* Gitattributes for export exclusions
* Fixes missing loaded settings property assignment.
* Adds Support for IDP Settings as Defined Constants
    - Reads from defined constants on plugin bootstrap.
    - Disabled plugin settings fields when defined constants are used.
    - Prevents savings plugin settings that are using defined constants.
* Adds Node/NPM Environment Requirements
* Fixes GrumPHP Bin Directory Configuration
* Updates GrumPHP for Required Features
    - Bumps Composer package PHP version to 7.3.
    - Updates GrumPHP configuration to new format.
* Plugin Settings Page Updates Using Constants
    - Ensures that any available defined constants are loaded in place of any database stored settings as an override.
* Composer Dependency Updates & Travis CI Caching Fix
* Travis CI Build Composer Update Change
* NPM Updates & NVM Version Lock
* Fixes NPM Package Lock File for Node v12
* Updates NPM Package Dependencies
* Updates Changelog & README Files With Relevant Changes
* Fixes Localizaion on Error Output
* Changes GrumPHP Configuration to Provide a Full PHPCS Report
* Fixes Local Dev Setup to Activate Plugin by Default
* Adds Contribution Guide and Issue & PR Templates (#222)
* Fixes Support GitHub Issue Template (#223)
* Fixes space/typo with Wiki link (#224)
* Fixes invalid wp-env plugin configuration (#225)
* Improve Local Dev Setup by Reducing Setup Commands (#226)
* Improve Local Dev Setup by Reducing Setup Commands
* Adds Code Owners Configuration for Pull Requests
* Fixes Development Dependencies and Setup Scripts (#227)
* Dev release/3.8 (#229)
* Adds dev Branch to Travis CI Builds
* Release Preparation Enhancements & Release Changes

Co-authored-by: Jonathan Daggerhart <jonathan@daggerhart.com>
isekai
Tim Nolte 5 years ago committed by GitHub
parent 705b7716f1
commit b3c7b70c13
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
41 changed files with 31281 additions and 819 deletions
Show Stats Download Patch File Download Diff File

24
.editorconfig
Unescape Escape View File

@ -0,0 +1,24 @@
# This file is for unifying the coding style for different editors and IDEs
# editorconfig.org
# WordPress Coding Standards
# https://make.wordpress.org/core/handbook/coding-standards/
root = true
[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
indent_style = tab
[*.yml,*.yml.dist]
indent_style = space
indent_size = 2
[*.md]
trim_trailing_whitespace = false
[{*.txt,wp-config-sample.php}]
end_of_line = crlf

35
.gitattributes vendored
Unescape Escape View File

@ -0,0 +1,35 @@
# Set default behavior to automatically normalize line endings.
* text=auto
# Force batch scripts to always use CRLF line endings so that if a repo is accessed
# in Windows via a file share from Linux, the scripts will work.
*.{cmd,[cC][mM][dD]} text eol=crlf
*.{bat,[bB][aA][tT]} text eol=crlf
# Force bash scripts to always use LF line endings so that if a repo is accessed
# in Unix via a file share from Windows, the scripts will work.
*.sh text eol=lf
# Ignored directories during export.
/.wordpress-org export-ignore
/.github export-ignore
/scripts export-ignore
/tests export-ignore
/tools export-ignore
# Ignored files during export.
/.editorconfig export-ignore
/.gitattributes export-ignore
/.gitignore export-ignore
/.travis.yml export-ignore
/.wp-env.json export-ignore
/composer.json export-ignore
/composer.lock export-ignore
/Gruntfile.js export-ignore
/docker-compose.override.yml export-ignore
/grumphp.yml.dist export-ignore
/phpcs.xml.dist export-ignore
/phpstan.neon.dist export-ignore
/phpunit.xml.dist export-ignore
/package.json export-ignore
/package-lock.json export-ignore

2
.github/CODEOWNERS vendored
Unescape Escape View File

@ -0,0 +1,2 @@
# The default owners for everything in the repo.
* @daggerhart @timnolte

37
.github/CONTRIBUTING.md vendored
Unescape Escape View File

@ -0,0 +1,37 @@
# Contributing to OpenID Connect Generic Client ✨
This plugin provides security enhancements to WordPress, and your help making it even more awesome will be greatly appreciated :)
There are many ways to contribute to the project!
- [Translating strings into your language](https://translate.wordpress.org/projects/wp-plugins/daggerhart-openid-connect-generic/).
- Answering open questions under the GitHub Issue Tracker (https://github.com/oidc-wp/openid-connect-generic/issues).
- Testing open [issues](https://github.com/oidc-wp/openid-connect-generic/issues) or [pull requests](https://github.com/oidc-wp/openid-connect-generic/pulls) and sharing your findings in a comment.
- Submitting fixes, improvements, and enhancements.
- Disclose a security issue to our team.
If you wish to contribute code, please read the information in the sections below. Then [fork](https://help.github.com/articles/fork-a-repo/) the plugin, commit your changes, and [submit a pull request](https://help.github.com/articles/using-pull-requests/) 🎉
We use the `good first issue` label to mark issues that are suitable for new contributors. You can find all the issues with this label [here](https://github.com/oidc-wp/openid-connect-generic/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22).
OpenID Connect Generic Client is licensed under the GPLv2.0, and all contributions to the project will be released under the same license. You maintain copyright over any contribution you make, and by submitting a pull request, you are agreeing to release that contribution under the GPLv2.0 license.
## Getting started
- [How to set up the plugin development environment](https://github.com/oidc-wp/openid-connect-generic/wiki/How-to-setup-the-plugin-development-environment)
## Coding Guidelines and Development 🛠
- Ensure you stick to the [WordPress Coding Standards](https://make.wordpress.org/core/handbook/best-practices/coding-standards/php/)
- Run our build process described in the document on [How to setup the plugin development environment](https://github.com/oidc-wp/openid-connect-generic/wiki/How-to-setup-the-plugin-development-environment), it will install everything needed to do development on our plugin.
- Whenever possible please fix pre-existing code standards errors in the files that you change. It is ok to skip that for larger files or complex fixes.
- Ensure you use LF line endings in your code editor. Use [EditorConfig](http://editorconfig.org/) if your editor supports it so that indentation, line endings and other settings are auto configured.
- When committing, reference your issue number (#1234) and include a note about the fix.
- Ensure that your code supports the minimum supported versions of PHP and WordPress; this is shown at the top of the `readme.txt` file.
- Push the changes to your fork and submit a pull request on the `dev` branch of the plugin repository.
- Make sure to write good and detailed commit messages (see [this post](https://chris.beams.io/posts/git-commit/) for more on this) and follow all the applicable sections of the pull request template.
- Please avoid modifying the changelog directly or updating the .pot files. These will be updated by the plugin team.
## Feature Requests 🚀
Feature requests can be [submitted to our issue tracker](https://github.com/oidc-wp/openid-connect-generic/issues/new?template=5-Feature-request.md). Be sure to include a description of the expected behavior and use case, and before submitting a request, please search for similar ones in the closed issues.

12
.github/ISSUE_TEMPLATE/1-Security-issue.md vendored
Unescape Escape View File

@ -0,0 +1,12 @@
---
name: "\U0001F46E Security issue"
about: Please report security issues *only* via secure message to [timnolte](https://keybase.io/timnolte/chat) or [daggerhart](https://keybase.io/daggerhart/chat)
title: ''
labels: ''
assignees: ''
---
For security reasons, please report all security issues via secure message to [timnolte](https://keybase.io/timnolte/chat) or [daggerhart](https://keybase.io/daggerhart/chat)
Please disclose responsibly and not via GitHub (which allows for exploiting issues in the wild before the patch is released).

14
.github/ISSUE_TEMPLATE/2-Support.md vendored
Unescape Escape View File

@ -0,0 +1,14 @@
---
name: "❓ Support Question"
about: "Ask a general usage question \U0001F4AC."
title: ''
labels: 'help+wanted'
assignees: ''
---
**Review Wiki**
Please be sure to check the [GitHub Wiki](https://github.com/oidc-wp/openid-connect-generic/wiki) to see if your question has already been answered.
**General usage questions**
If your question hasn't been answered in the Wiki please be as descriptive as possible when asking your question.

37
.github/ISSUE_TEMPLATE/3-Bug-report.md vendored
Unescape Escape View File

@ -0,0 +1,37 @@
---
name: "\U0001F41E Bug report"
about: Report a bug if something isn't working as expected in the plugin.
title: ''
labels: 'bug'
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is. Please be as descriptive as possible; issues lacking detail, or for any other reason than to report a bug, may be closed without action.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Expected behavior**
A clear and concise description of what you expected to happen.
**Isolating the problem (mark completed items with an [x]):**
- [ ] I have deactivated other plugins and confirmed this bug occurs when only this plugin is active.
- [ ] This bug happens with a default WordPress theme active.
- [ ] I can reproduce this bug consistently using the steps above.
**WordPress Environment**
- Website URL:
- PHP Version:
- WordPress Version:
- Plugin Version:
- Identity Provider:
- Relevant Plugin Settings:

21
.github/ISSUE_TEMPLATE/4-Enhancement.md vendored
Unescape Escape View File

@ -0,0 +1,21 @@
---
name: "✨ New Enhancement"
about: If you have an idea to improve an existing feature in the plugin or need something
for development (such as a new hook) please let us know or submit a Pull Request!
title: ''
labels: 'enhancement'
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

21
.github/ISSUE_TEMPLATE/5-Feature-request.md vendored
Unescape Escape View File

@ -0,0 +1,21 @@
---
name: "\U0001F680 Feature request"
about: "Suggest a new feature \U0001F389 We'll consider building it if it receives
sufficient interest! \U0001F44D"
title: ''
labels: 'enhancement'
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

1
.github/ISSUE_TEMPLATE/config.yml vendored
Unescape Escape View File

@ -0,0 +1 @@
blank_issues_enabled: false

33
.github/PULL_REQUEST_TEMPLATE.md vendored
Unescape Escape View File

@ -0,0 +1,33 @@
### All Submissions:
* [ ] Have you followed the [plugin Contributing guideline](https://github.com/oidc-wp/openid-connect-generi/blob/dev/.github/CONTRIBUTING.md)?
* [ ] Does your code follow the [WordPress' coding standards](https://make.wordpress.org/core/handbook/best-practices/coding-standards/)?
* [ ] Have you checked to ensure there aren't other open [Pull Requests](../pulls) for the same update/change?
<!-- Mark completed items with an [x] -->
<!-- You can erase any parts of this template not applicable to your Pull Request. -->
### Changes proposed in this Pull Request:
<!-- Describe the changes made to this Pull Request and the reason for such changes. -->
Closes # .
### How to test the changes in this Pull Request:
1.
2.
3.
### Other information:
* [ ] Have you added an explanation of what your changes do and why you'd like us to include them?
* [ ] Have you written new tests for your changes, as applicable?
* [ ] Have you successfully run tests with your changes locally?
<!-- Mark completed items with an [x] -->
### Changelog entry
> Enter a summary of all changes on this Pull Request. This will appear in the changelog if accepted.

55
.gitignore vendored
Unescape Escape View File

@ -1,2 +1,53 @@
vendor/**/*
composer.lock
# Numerous always-ignore extensions
*.diff
*.err
*.orig
*.log
*.rej
*.swo
*.swp
*.vi
*~
*.sass-cache
# Local Development files/folders.
.env
.wp-env.override.json
phpcs.xml
phpstan.neon
phpunit.xml
# OS or Editor folders
.DS_Store
Thumbs.db
.cache
tags.*
.project
.settings
.tmproj
*.esproj
nbproject
*.sublime-project
*.sublime-workspace
.idea
clover.xml
# Dreamweaver added files
_notes
dwsync.xml
# Komodo
*.komodoproject
.komodotools
# Folders to ignore
.hg
.svn
.CVS
intermediate
.idea
cache
node_modules
vendor
dist
wordpress

1
.npmrc
Unescape Escape View File

@ -0,0 +1 @@
save-exact = true

1
.nvmrc
Unescape Escape View File

@ -0,0 +1 @@
lts/erbium

125
.travis.yml
Unescape Escape View File

@ -0,0 +1,125 @@
# Travis CI Configuration File
# Tell Travis CI which distro to use
dist: trusty
sudo: false
# Tell Travis CI we're using PHP
language: php
# Tell Travis CI which notifications to send
notifications:
email:
on_success: never
on_failure: change
# whitelist branches for the "push" build check
branches:
only:
- dev
- main
- /^dev\-release\/.*$/
- /^feature\/.*$/
- /^fix\/.*$/
# Git clone depth
# By default Travis CI clones repositories to a depth of 50 commits
git:
depth: 1
cache:
directories:
- $HOME/.composer/cache
# Define a matrix of additional build configurations
# The versions listed above will automatically create our first configuration,
# so it doesn't need to be re-defined below.
matrix:
fast_finish: true
include:
- name: Internationalization
php: 7.3
env: WP_MODE=single WP_VERSION=5.4.* I18N=1
- name: Coding Standards
php: 7.3
env: WP_MODE=single WP_VERSION=5.4.* PHP_LINT=1 COVERAGE=1
- name: Static Code Analysis
php: 7.3
env: WP_MODE=single WP_VERSION=5.4.* PHP_ANALYZE=1
- name: Latest Stable
php: 7.3
env: WP_MODE=single WP_VERSION=5.4.* PHP_UNIT=1
- name: Preferred Minimum requirements
php: 7.2
env: WP_MODE=single WP_VERSION=5.3.* PHP_UNIT=1
- name: Minimum requirements
php: 7.1
env: WP_MODE=single WP_VERSION=5.2.* PHP_UNIT=1
- name: Bleeding Edge
php: 7.4
env: WP_MODE=single WP_VERSION=dev-master PHP_UNIT=1
- name: Multisite Compatibility
php: 7.3
env: WP_MODE=multi WP_VERSION=5.4.* PHP_UNIT=1
allow_failures:
- name: Bleeding Edge
addons:
apt:
packages:
- nodejs
before_install:
- npm install -g npm@6.14
- npm install -g grunt-cli
- composer require "wordpress/wordpress:${WP_VERSION}" --dev --prefer-source --no-update
install:
- composer update --prefer-source --no-interaction --optimize-autoloader
- npm install
before_script:
- export PATH="$HOME/.composer/vendor/bin:$PATH"
# Setup WordPress coding standards
- |
if [[ "$PHP_LINT" == "1" ]]; then
composer global require wp-coding-standards/wpcs
fi
# Setup unit testing environment
- |
if [[ "$PHP_UNIT" == "1" ]]; then
# bash scripts/install-wp-tests.sh wordpress_test root '' localhost $WP_VERSION
if [[ $TRAVIS_PHP_VERSION == "7.4" ]]; then
composer global require "phpunit/php-code-coverage=dev-master"
composer global require "sebastian/global-state:dev-master"
composer global require "phpunit/phpunit=dev-master"
else
composer global require "phpunit/phpunit=7.*"
fi
fi
script:
- |
if [[ "$I18N" == "1" ]]; then
if [[ "$WP_MODE" == "single" ]]; then WP_MULTISITE=0 npm run i18n:check; fi
fi
- |
if [[ "$PHP_LINT" == "1" ]]; then
if [[ "$WP_MODE" == "single" ]]; then WP_MULTISITE=0 npm run lint; fi
fi
- |
if [[ "$PHP_ANALYZE" == "1" ]]; then
if [[ "$WP_MODE" == "single" ]]; then WP_MULTISITE=0 npm run analyze; fi
fi
- |
if [[ "$PHP_UNIT" == "1" ]]; then
if [[ "$WP_MODE" == "multi" ]]; then WP_MULTISITE=1 npm run test; fi
if [[ "$WP_MODE" == "single" ]]; then WP_MULTISITE=0 npm run test; fi
fi
after_success:
- |
if [[ "$COVERAGE" == "1" ]]; then
bash <(curl -s https://codecov.io/bash)
fi

17
.wp-env.json
Unescape Escape View File

@ -0,0 +1,17 @@
{
"core": "./wordpress/build",
"plugins": [ "." ],
"mappings": {
"wp-content/mu-plugins": "./tools/local-env/mu-plugins"
},
"config": {
"PHP_INI_MEMORY_LIMIT": "512M",
"WP_MEMORY_LIMIT": "512M",
"WP_DEBUG": true,
"WP_DEBUG_LOG": true,
"WP_DEBUG_DISPLAY": true,
"SCRIPT_DEBUG": true,
"SMTP_HOST": "mailhog",
"SMTP_PORT": 1025
}
}

223
Gruntfile.js
Unescape Escape View File

@ -0,0 +1,223 @@
module.exports = function (grunt) {
require('load-grunt-tasks')(grunt);
// Project configuration.
grunt.initConfig({
pkg: grunt.file.readJSON('package.json'),
composerBin: 'vendor/bin',
shell: {
phpcs: {
options: {
stdout: true
},
command: '<%= composerBin %>/phpcs'
},
phpcbf: {
options: {
stdout: true
},
command: '<%= composerBin %>/phpcbf'
},
phpstan: {
options: {
stdout: true
},
command: '<%= composerBin %>/phpstan analyze .'
},
phpunit: {
options: {
stdout: true
},
command: '<%= composerBin %>/phpunit'
},
},
gitinfo: {
commands: {
'local.tag.current.name': ['name-rev', '--tags', '--name-only', 'HEAD'],
'local.tag.current.nameLong': ['describe', '--tags', '--long']
}
},
clean: {
main: ['dist'], //Clean up build folder
i18n: ['languages/*.mo', 'languages/*.pot']
},
copy: {
// Copy the plugin to a versioned release directory
main: {
src: [
'**',
'!*.xml', '!*.log', //any config/log files
'!node_modules/**', '!Gruntfile.js', '!package.json', '!package-lock.json', //npm/Grunt
'!assets/**', //wp-org assets
'!dist/**', //build directory
'!.git/**', //version control
'!tests/**', '!scripts/**', '!phpunit.xml', '!phpunit.xml.dist', //unit testing
'!vendor/**', '!composer.lock', '!composer.phar', '!composer.json', //composer
'!wordpress/**',
'!.*', '!**/*~', //hidden files
'!CONTRIBUTING.md',
'!README.md',
'!phpcs.xml', '!phpcs.xml.dist', '!phpstan.neon.dist', '!grumphp.yml.dist', // CodeSniffer Configuration.
'!docker-compose.override.yml', // Local Docker Development configuration.
'!codecov.yml', // Code coverage configuration.
'!tools/**', // Local Development/Build tools configuration.
],
dest: 'dist/',
options: {
processContentExclude: ['**/*.{png,gif,jpg,ico,mo}'],
processContent: function (content, srcpath) {
if (srcpath == 'readme.txt' || srcpath == 'openid-connect-generic.php') {
if (grunt.config.get('gitinfo').local.tag.current.name !== 'undefined') {
content = content.replace('{{version}}', grunt.config.get('gitinfo').local.tag.current.name);
} else {
content = content.replace('{{version}}', grunt.config.get('gitinfo').local.tag.current.nameLong);
}
}
return content;
},
},
}
},
addtextdomain: {
options: {
textdomain: 'daggerhart-openid-connect-generic', // Project text domain.
},
update_all_domains: {
options: {
updateDomains: true
},
src: ['*.php', '**/*.php', '!node_modules/**', '!tests/**', '!scripts/**', '!vendor/**', '!wordpress/**']
},
},
wp_readme_to_markdown: {
dest: {
files: {
'README.md': 'readme.txt'
}
},
},
makepot: {
target: {
options: {
domainPath: '/languages', // Where to save the POT file.
exclude: [
'node_modules/.*', //npm
'assets/.*', //wp-org assets
'dist/.*', //build directory
'.git/.*', //version control
'tests/.*', 'scripts/.*', //unit testing
'vendor/.*', //composer
'wordpress/.*',
], // List of files or directories to ignore.
mainFile: 'openid-connect-generic.php', // Main project file.
potFilename: 'openid-connect-generic.pot', // Name of the POT file.
potHeaders: {
poedit: true, // Includes common Poedit headers.
'report-msgid-bugs-to': 'https://github.com/daggerhart/openid-connect-generic/issues',
'x-poedit-keywordslist': true // Include a list of all possible gettext functions.
}, // Headers to add to the generated POT file.
type: 'wp-plugin', // Type of project (wp-plugin or wp-theme).
updateTimestamp: true, // Whether the POT-Creation-Date should be updated without other changes.
updatePoFiles: true // Whether to update PO files in the same directory as the POT file.
}
}
},
po2mo: {
plugin: {
src: 'languages/*.po',
expand: true
}
},
checkrepo: {
deploy: {
tagged: true, // Check that the last commit (HEAD) is tagged
clean: true // Check that working directory is clean
}
},
checktextdomain: {
options: {
text_domain: 'daggerhart-openid-connect-generic',
keywords: [
'__:1,2d',
'_e:1,2d',
'_x:1,2c,3d',
'esc_html__:1,2d',
'esc_html_e:1,2d',
'esc_html_x:1,2c,3d',
'esc_attr__:1,2d',
'esc_attr_e:1,2d',
'esc_attr_x:1,2c,3d',
'_ex:1,2c,3d',
'_x:1,2c,3d',
'_n:1,2,4d',
'_nx:1,2,4c,5d',
'_n_noop:1,2,3d',
'_nx_noop:1,2,3c,4d'
],
},
files: {
src: [
'**/*.php',
'!node_modules/**',
'!dist/**',
'!tests/**',
'!vendor/**',
'!wordpress/**',
'!*~',
],
expand: true,
},
},
// Bump version numbers
version: {
class: {
options: {
prefix: "const VERSION = '"
},
src: ['<%= pkg.name %>.php']
},
header: {
options: {
prefix: '\\* Version:\\s+'
},
src: ['<%= pkg.name %>.php']
},
readme: {
options: {
prefix: 'Stable tag:\\s+'
},
src: ['readme.txt']
}
}
});
grunt.registerTask('phpcs', ['shell:phpcs']);
grunt.registerTask('phpcbf', ['shell:phpcbf']);
grunt.registerTask('phpstan', ['shell:phpstan']);
grunt.registerTask('phpunit', ['shell:phpunit']);
grunt.registerTask('i18n', ['addtextdomain', 'makepot', 'po2mo']);
grunt.registerTask('readme', ['wp_readme_to_markdown']);
grunt.registerTask('test', ['checktextdomain']);
grunt.registerTask('build', ['gitinfo', 'test', 'clean', 'i18n', 'readme', 'copy']);
//grunt.registerTask( 'deploy', [ 'checkbranch:master', 'checkrepo', 'build' ] );
grunt.registerTask('deploy', ['checkrepo', 'build']);
};

10
changelog.md
Unescape Escape View File

@ -1,5 +1,15 @@
# OpenId Connect Generic Changelog
3.8.0
* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
* Improvement: @timnolte - NPM version requirements for development.
* Improvement: @timnolte - Travis CI build fixes.
* Improvement: @timnolte - GrumPHP configuration updates for code contributions.
* Improvement: @timnolte - Refactored to meet WordPress coding standards.
* Improvement: @timnolte - Refactored to provide localization.
* Improvement: @timnolte - Refactored to provide a Docker-based local development environment.
3.7.1
* Fix: Release Version Number.

128
composer.json
Unescape Escape View File

@ -1,30 +1,102 @@
{
"name": "daggerhart/openid-connect-generic",
"type": "wordpress-plugin",
"license": "GPL-2.0-only",
"description": "OpenID Connect generic WordPress plugin.",
"homepage": "https://github.com/daggerhart/openid-connect-generic",
"authors": [
{
"name": "Jonathan Daggerhart",
"email": "jonathan@daggerhart.com",
"homepage": "https://github.com/daggerhart"
},
{
"name": "Tim Nolte",
"email": "tim.nolte@ndigitals.com",
"homepage": "https://github.com/timnolte"
}
],
"keywords": [
"wordpress",
"openid"
],
"support": {
"issues": "https://github.com/daggerhart/openid-connect-generic/issues"
},
"require": {
"php": ">=5.6.0",
"composer/installers": "~1.0"
}
"name": "daggerhart/openid-connect-generic",
"type": "wordpress-plugin",
"license": "GPL-2.0-only",
"description": "OpenID Connect generic WordPress plugin.",
"homepage": "https://github.com/daggerhart/openid-connect-generic",
"authors": [
{
"name": "Jonathan Daggerhart",
"email": "jonathan@daggerhart.com",
"homepage": "https://github.com/daggerhart"
},
{
"name": "Tim Nolte",
"email": "tim.nolte@ndigitals.com",
"homepage": "https://github.com/timnolte"
}
],
"keywords": [
"wordpress",
"openid"
],
"support": {
"issues": "https://github.com/daggerhart/openid-connect-generic/issues"
},
"config": {
"platform": {
"php": "7.3"
},
"optimize-autoloader": true
},
"repositories": [
{
"type": "git",
"url": "https://github.com/wordpress/wordpress-develop"
}
],
"require": {
"php": ">=7.1.0",
"composer/installers": "~1.0"
},
"require-dev": {
"php": ">=7.1.0",
"squizlabs/php_codesniffer": "^3.3",
"wp-coding-standards/wpcs": "^2.2",
"phpcompatibility/php-compatibility": "^9.0",
"phpcompatibility/phpcompatibility-wp": "^2.1",
"phpmd/phpmd": "^2.6",
"phpunit/phpunit": "^7",
"phpstan/phpstan": "*",
"phpstan/extension-installer": "^1.0",
"szepeviktor/phpstan-wordpress": "*",
"php-stubs/wordpress-stubs": "~5.4.2",
"roave/security-advisories": "dev-master",
"mnsami/composer-custom-directory-installer": "~1.0",
"wordpress/wordpress": "~5.4.2",
"dealerdirect/phpcodesniffer-composer-installer": "~0.6",
"brain/monkey": "^2.4",
"mockery/mockery": "^1.3",
"phpro/grumphp": "~0.20",
"sensiolabs/security-checker": "^5.0",
"phpstan/phpstan-deprecation-rules": "^0.12"
},
"autoload-dev": {
"classmap": [
"wordpress/src/"
]
},
"autoload": {
"classmap": [
"openid-connect-generic.php",
"includes/openid-connect-generic-client.php",
"includes/openid-connect-generic-client-wrapper.php",
"includes/openid-connect-generic-login-form.php",
"includes/openid-connect-generic-option-logger.php",
"includes/openid-connect-generic-option-settings.php",
"includes/openid-connect-generic-settings-page.php"
]
},
"scripts": {
"install-codestandards": [
"Dealerdirect\\Composer\\Plugin\\Installers\\PHPCodeSniffer\\Plugin::run"
],
"post-install-cmd": [
"@install-codestandards"
],
"post-update-cmd": [
"@install-codestandards"
],
"phpcs": "vendor/bin/phpcs",
"phpcbf": "vendor/bin/phpcbf",
"phpstan": "\"vendor/bin/phpstan\""
},
"extra": {
"installer-paths": {
"{$name}": [
"wordpress/wordpress"
]
},
"phpcodesniffer-search-depth": 5
}
}

5334
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

75
docker-compose.override.yml
Unescape Escape View File

@ -0,0 +1,75 @@
version: '3.7'
services:
wordpress-develop:
depends_on:
- php
- mailhog
environment:
LOCAL_DIR: ${LOCAL_DIR-src}
SMTP_HOST: ${SMTP_HOST-mailhog}
SMTP_PORT: ${SMTP_PORT-1025}
volumes:
- ../tools/local-env/default.template:/etc/nginx/conf.d/default.template
- ..:/var/www/${LOCAL_DIR-src}/wp-content/plugins/daggerhart-openid-connect-generic
- ../tools/local-env/mu-plugins:/var/www/${LOCAL_DIR-src}/wp-content/mu-plugins
# Load our config file, substituning environment variables into the config.
command: /bin/sh -c "envsubst '$$LOCAL_DIR $$LOCAL_HOSTNAME' < /etc/nginx/conf.d/default.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"
php:
environment:
LOCAL_PHP_XDEBUG: ${LOCAL_PHP_XDEBUG-false}
LOCAL_PHP_MEMCACHED: ${LOCAL_PHP_MEMCACHED-false}
PHP_FPM_UID: ${PHP_FPM_UID-1000}
PHP_FPM_GID: ${PHP_FPM_GID-1000}
SMTP_HOST: ${SMTP_HOST-mailhog}
SMTP_PORT: ${SMTP_PORT-1025}
volumes:
- ..:/var/www/${LOCAL_DIR-src}/wp-content/plugins/daggerhart-openid-connect-generic/
- ../tools/local-env/mu-plugins:/var/www/${LOCAL_DIR-src}/wp-content/mu-plugins
cli:
environment:
LOCAL_PHP_XDEBUG: ${LOCAL_PHP_XDEBUG-false}
LOCAL_PHP_MEMCACHED: ${LOCAL_PHP_MEMCACHED-false}
PHP_FPM_UID: ${PHP_FPM_UID-1000}
PHP_FPM_GID: ${PHP_FPM_GID-1000}
SMTP_HOST: ${SMTP_HOST-mailhog}
SMTP_PORT: ${SMTP_PORT-1025}
volumes:
- ..:/var/www/${LOCAL_DIR-src}/wp-content/plugins/daggerhart-openid-connect-generic/
- ../tools/local-env/mu-plugins:/var/www/${LOCAL_DIR-src}/wp-content/mu-plugins
phpunit:
environment:
LOCAL_PHP_XDEBUG: ${LOCAL_PHP_XDEBUG-false}
LOCAL_PHP_MEMCACHED: ${LOCAL_PHP_MEMCACHED-false}
LOCAL_DIR: ${LOCAL_DIR-src}
WP_MULTISITE: ${WP_MULTISITE-false}
PHP_FPM_UID: ${PHP_FPM_UID-1000}
PHP_FPM_GID: ${PHP_FPM_GID-1000}
TRAVIS_BRANCH: ${TRAVIS_BRANCH-false}
TRAVIS_PULL_REQUEST: ${TRAVIS_PULL_REQUEST-false}
SMTP_HOST: ${SMTP_HOST-mailhog}
SMTP_PORT: ${SMTP_PORT-1025}
volumes:
- ..:/var/www/${LOCAL_DIR-src}/wp-content/plugins/daggerhart-openid-connect-generic/
- ../tools/local-env/mu-plugins:/var/www/${LOCAL_DIR-src}/wp-content/mu-plugins
## SMTP Server + Web Interface for viewing and testing emails during development.
mailhog:
image: mailhog/mailhog
restart: always
networks:
- wpdevnet
ports:
- "${MAILHOG_PORT:-8025}:8025"
- "${SMTP_PORT:-1025}:1025"

52
grumphp.yml.dist
Unescape Escape View File

@ -0,0 +1,52 @@
# grumphp.yml
grumphp:
hide_circumvention_tip: true
stop_on_failure: true
process_timeout: 120
parallel:
enabled: true
max_workers: 32
fixer:
enabled: false
fix_by_default: false
environment:
variables:
GRUMPHP_BIN_DIR: 'vendor/bin'
paths:
- 'node_modules/.bin'
tasks:
git_blacklist:
keywords:
- 'wp_die('
- 'die('
git_branch_name:
blacklist:
- 'main'
- 'master'
- 'dev*'
allow_detached_head: false
git_commit_message:
allow_empty_message: false
enforce_capitalized_subject: true
enforce_no_subject_punctuations: true
enforce_no_subject_trailing_period: true
npm_script:
script: 'i18n:check'
is_run_task: true
triggered_by: [php]
metadata:
label: 'i18n Check'
phpcs:
standard: './phpcs.xml.dist'
report: 'full'
ignore_patterns:
- '/^assets\/(.*)/'
triggered_by: [php]
phpstan:
configuration: './phpstan.neon.dist'
level: 5
ignore_patterns:
- '/^assets\/(.*)/'
memory_limit: '-1'
triggered_by: [php]
securitychecker: ~

572
includes/openid-connect-generic-client-wrapper.php
View File

File diff suppressed because it is too large Load Diff

353
includes/openid-connect-generic-client.php
Unescape Escape View File

@ -1,36 +1,117 @@
<?php
/**
* Plugin OIDC/oAuth client class.
*
* @package OpenID_Connect_Generic
* @category Authentication
* @author Jonathan Daggerhart <jonathan@daggerhart.com>
* @copyright 2015-2020 daggerhart
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
/**
* OpenID_Connect_Generic_Client class.
*
* Plugin OIDC/oAuth client class.
*
* @package OpenID_Connect_Generic
* @category Authentication
*/
class OpenID_Connect_Generic_Client {
/**
* The OIDC/oAuth client ID.
*
* @see OpenID_Connect_Generic_Option_Settings::client_id
*
* @var string
*/
private $client_id;
/**
* The OIDC/oAuth client secret.
*
* @see OpenID_Connect_Generic_Option_Settings::client_secret
*
* @var string
*/
private $client_secret;
/**
* The OIDC/oAuth scopes.
*
* @see OpenID_Connect_Generic_Option_Settings::scope
*
* @var string
*/
private $scope;
/**
* The OIDC/oAuth authorization endpoint URL.
*
* @see OpenID_Connect_Generic_Option_Settings::endpoint_login
*
* @var string
*/
private $endpoint_login;
/**
* The OIDC/oAuth User Information endpoint URL.
*
* @see OpenID_Connect_Generic_Option_Settings::endpoint_userinfo
*
* @var string
*/
private $endpoint_userinfo;
/**
* The OIDC/oAuth token validation endpoint URL.
*
* @see OpenID_Connect_Generic_Option_Settings::endpoint_token
*
* @var string
*/
private $endpoint_token;
// login flow "ajax" endpoint
/**
* The login flow "ajax" endpoint URI.
*
* @see OpenID_Connect_Generic_Option_Settings::redirect_uri
*
* @var string
*/
private $redirect_uri;
// states are only valid for 3 minutes
/**
* The state time limit. States are only valid for 3 minutes.
*
* @see OpenID_Connect_Generic_Option_Settings::state_time_limit
*
* @var int
*/
private $state_time_limit = 180;
// logger object
/**
* The logger object instance.
*
* @var OpenID_Connect_Generic_Option_Logger
*/
private $logger;
/**
* Client constructor
*
* @param $client_id
* @param $client_secret
* @param $scope
* @param $endpoint_login
* @param $endpoint_userinfo
* @param $endpoint_token
* @param $redirect_uri
* @param $state_time_limit time states are valid in seconds
* Client constructor.
*
* @param string $client_id @see OpenID_Connect_Generic_Option_Settings::client_id for description.
* @param string $client_secret @see OpenID_Connect_Generic_Option_Settings::client_secret for description.
* @param string $scope @see OpenID_Connect_Generic_Option_Settings::scope for description.
* @param string $endpoint_login @see OpenID_Connect_Generic_Option_Settings::endpoint_login for description.
* @param string $endpoint_userinfo @see OpenID_Connect_Generic_Option_Settings::endpoint_userinfo for description.
* @param string $endpoint_token @see OpenID_Connect_Generic_Option_Settings::endpoint_token for description.
* @param string $redirect_uri @see OpenID_Connect_Generic_Option_Settings::redirect_uri for description.
* @param int $state_time_limit @see OpenID_Connect_Generic_Option_Settings::state_time_limit for description.
* @param OpenID_Connect_Generic_Option_Logger $logger The plugin logging object instance.
*/
function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri, $state_time_limit, $logger){
function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri, $state_time_limit, $logger ) {
$this->client_id = $client_id;
$this->client_secret = $client_secret;
$this->scope = $scope;
@ -55,12 +136,13 @@ class OpenID_Connect_Generic_Client {
$scope = ( ! empty( $atts['scope'] ) ) ? $atts['scope'] : $this->scope;
$client_id = ( ! empty( $atts['client_id'] ) ) ? $atts['client_id'] : $this->client_id;
$redirect_uri = ( ! empty( $atts['redirect_uri'] ) ) ? $atts['redirect_uri'] : $this->redirect_uri;
$separator = '?';
if ( stripos( $this->endpoint_login, '?' ) !== FALSE ) {
if ( stripos( $this->endpoint_login, '?' ) !== false ) {
$separator = '&';
}
$url = sprintf( '%1$s%2$sresponse_type=code&scope=%3$s&client_id=%4$s&state=%5$s&redirect_uri=%6$s',
$url = sprintf(
'%1$s%2$sresponse_type=code&scope=%3$s&client_id=%4$s&state=%5$s&redirect_uri=%6$s',
$endpoint_login,
$separator,
rawurlencode( $scope ),
@ -76,29 +158,29 @@ class OpenID_Connect_Generic_Client {
/**
* Validate the request for login authentication
*
* @param $request
* @param array<string> $request The authentication request results.
*
* @return array|\WP_Error
* @return array<string>|WP_Error
*/
function validate_authentication_request( $request ){
// look for an existing error of some kind
function validate_authentication_request( $request ) {
// Look for an existing error of some kind.
if ( isset( $request['error'] ) ) {
return new WP_Error( 'unknown-error', 'An unknown error occurred.', $request );
}
// make sure we have a legitimate authentication code and valid state
// Make sure we have a legitimate authentication code and valid state.
if ( ! isset( $request['code'] ) ) {
return new WP_Error( 'no-code', 'No authentication code present in the request.', $request );
}
// check the client request state
if( ! isset( $request['state']) ) {
// Check the client request state.
if ( ! isset( $request['state'] ) ) {
do_action( 'openid-connect-generic-no-state-provided' );
return new WP_Error( 'missing-state', __( 'Missing state.' ), $request );
return new WP_Error( 'missing-state', __( 'Missing state.', 'daggerhart-openid-connect-generic' ), $request );
}
if ( ! $this->check_state( $request['state'] ) ) {
return new WP_Error( 'invalid-state', __( 'Invalid state.' ), $request );
return new WP_Error( 'invalid-state', __( 'Invalid state.', 'daggerhart-openid-connect-generic' ), $request );
}
return $request;
@ -107,25 +189,29 @@ class OpenID_Connect_Generic_Client {
/**
* Get the authorization code from the request
*
* @param $request array
* @param array<string>|WP_Error $request The authentication request results.
*
* @return string|\WP_Error
* @return string|WP_Error
*/
function get_authentication_code( $request ){
function get_authentication_code( $request ) {
if ( ! isset( $request['code'] ) ) {
return new WP_Error( 'missing-authentication-code', __( 'Missing authentication code.', 'daggerhart-openid-connect-generic' ), $request );
}
return $request['code'];
}
/**
* Using the authorization_code, request an authentication token from the idp
* Using the authorization_code, request an authentication token from the IDP.
*
* @param $code - authorization_code
* @param string|WP_Error $code The authorization code.
*
* @return array|\WP_Error
* @return array<mixed>|WP_Error
*/
function request_authentication_token( $code ) {
// Add Host header - required for when the openid-connect endpoint is behind a reverse-proxy
$parsed_url = parse_url($this->endpoint_token);
// Add Host header - required for when the openid-connect endpoint is behind a reverse-proxy.
$parsed_url = parse_url( $this->endpoint_token );
$host = $parsed_url['host'];
$request = array(
@ -137,18 +223,18 @@ class OpenID_Connect_Generic_Client {
'grant_type' => 'authorization_code',
'scope' => $this->scope,
),
'headers' => array( 'Host' => $host )
'headers' => array( 'Host' => $host ),
);
// allow modifications to the request
// Allow modifications to the request.
$request = apply_filters( 'openid-connect-generic-alter-request', $request, 'get-authentication-token' );
// call the server and ask for a token
// Call the server and ask for a token.
$this->logger->log( $this->endpoint_token, 'request_authentication_token' );
$response = wp_remote_post( $this->endpoint_token, $request );
if ( is_wp_error( $response ) ){
$response->add( 'request_authentication_token' , __( 'Request for authentication token failed.' ) );
if ( is_wp_error( $response ) ) {
$response->add( 'request_authentication_token', __( 'Request for authentication token failed.', 'daggerhart-openid-connect-generic' ) );
}
return $response;
@ -157,9 +243,9 @@ class OpenID_Connect_Generic_Client {
/**
* Using the refresh token, request new tokens from the idp
*
* @param $refresh_token - refresh token previously obtained from token response.
* @param string $refresh_token The refresh token previously obtained from token response.
*
* @return array|\WP_Error
* @return array|WP_Error
*/
function request_new_tokens( $refresh_token ) {
$request = array(
@ -167,19 +253,19 @@ class OpenID_Connect_Generic_Client {
'refresh_token' => $refresh_token,
'client_id' => $this->client_id,
'client_secret' => $this->client_secret,
'grant_type' => 'refresh_token'
)
'grant_type' => 'refresh_token',
),
);
// allow modifications to the request
// Allow modifications to the request.
$request = apply_filters( 'openid-connect-generic-alter-request', $request, 'refresh-token' );
// call the server and ask for new tokens
// Call the server and ask for new tokens.
$this->logger->log( $this->endpoint_token, 'request_new_tokens' );
$response = wp_remote_post( $this->endpoint_token, $request );
if ( is_wp_error( $response ) ) {
$response->add( 'refresh_token' , __( 'Refresh token failed.' ) );
$response->add( 'refresh_token', __( 'Refresh token failed.', 'daggerhart-openid-connect-generic' ) );
}
return $response;
@ -188,22 +274,28 @@ class OpenID_Connect_Generic_Client {
/**
* Extract and decode the token body of a token response
*
* @param $token_result
* @return array|mixed|object
* @param array<mixed>|WP_Error $token_result The token response.
*
* @return array<mixed>|WP_Error|null
*/
function get_token_response( $token_result ){
if ( ! isset( $token_result['body'] ) ){
return new WP_Error( 'missing-token-body', __( 'Missing token body.' ), $token_result );
function get_token_response( $token_result ) {
if ( ! isset( $token_result['body'] ) ) {
return new WP_Error( 'missing-token-body', __( 'Missing token body.', 'daggerhart-openid-connect-generic' ), $token_result );
}
// extract token response from token
// Extract the token response from token.
$token_response = json_decode( $token_result['body'], true );
if ( isset( $token_response[ 'error' ] ) ) {
$error = $token_response[ 'error' ];
// Check that the token response body was able to be parsed.
if ( is_null( $token_response ) ) {
return new WP_Error( 'invalid-token', __( 'Invalid token.', 'daggerhart-openid-connect-generic' ), $token_result );
}
if ( isset( $token_response['error'] ) ) {
$error = $token_response['error'];
$error_description = $error;
if ( isset( $token_response[ 'error_description' ] ) ) {
$error_description = $token_response[ 'error_description' ];
if ( isset( $token_response['error_description'] ) ) {
$error_description = $token_response['error_description'];
}
return new WP_Error( $error, $error_description, $token_result );
}
@ -211,55 +303,55 @@ class OpenID_Connect_Generic_Client {
return $token_response;
}
/**
* Exchange an access_token for a user_claim from the userinfo endpoint
*
* @param $access_token
* @param string $access_token The access token supplied from authentication user claim.
*
* @return array|\WP_Error
* @return array|WP_Error
*/
function request_userinfo( $access_token ) {
// allow modifications to the request
// Allow modifications to the request.
$request = apply_filters( 'openid-connect-generic-alter-request', array(), 'get-userinfo' );
// section 5.3.1 of the spec recommends sending the access token using the authorization header
// a filter may or may not have already added headers - make sure they exist then add the token
if ( !array_key_exists( 'headers', $request ) || !is_array( $request['headers'] ) ) {
/*
* Section 5.3.1 of the spec recommends sending the access token using the authorization header
* a filter may or may not have already added headers - make sure they exist then add the token.
*/
if ( ! array_key_exists( 'headers', $request ) || ! is_array( $request['headers'] ) ) {
$request['headers'] = array();
}
$request['headers']['Authorization'] = 'Bearer '.$access_token;
$request['headers']['Authorization'] = 'Bearer ' . $access_token;
// Add Host header - required for when the openid-connect endpoint is behind a reverse-proxy
$parsed_url = parse_url($this->endpoint_userinfo);
// Add Host header - required for when the openid-connect endpoint is behind a reverse-proxy.
$parsed_url = parse_url( $this->endpoint_userinfo );
$host = $parsed_url['host'];
if ( !empty( $parsed_url['port'] ) ) {
$host.= ":{$parsed_url['port']}";
if ( ! empty( $parsed_url['port'] ) ) {
$host .= ":{$parsed_url['port']}";
}
$request['headers']['Host'] = $host;
// attempt the request including the access token in the query string for backwards compatibility
// Attempt the request including the access token in the query string for backwards compatibility.
$this->logger->log( $this->endpoint_userinfo, 'request_userinfo' );
$response = wp_remote_post( $this->endpoint_userinfo, $request );
if ( is_wp_error( $response ) ){
$response->add( 'request_userinfo' , __( 'Request for userinfo failed.' ) );
if ( is_wp_error( $response ) ) {
$response->add( 'request_userinfo', __( 'Request for userinfo failed.', 'daggerhart-openid-connect-generic' ) );
}
return $response;
}
/**
* Generate a new state, save it as a transient,
* and return the state hash.
* Generate a new state, save it as a transient, and return the state hash.
*
* @return string
*/
function new_state() {
// new state w/ timestamp
// New state w/ timestamp.
$state = md5( mt_rand() . microtime( true ) );
set_transient( 'openid-connect-generic-state--' . $state, $state, $this->state_time_limit );
@ -269,7 +361,7 @@ class OpenID_Connect_Generic_Client {
/**
* Check the existence of a given state transient.
*
* @param $state
* @param string $state The state hash to validate.
*
* @return bool
*/
@ -288,21 +380,23 @@ class OpenID_Connect_Generic_Client {
do_action( 'openid-connect-generic-state-expired', $state );
}
return !!$valid;
return ! ! $valid;
}
/**
* Ensure that the token meets basic requirements
* Ensure that the token meets basic requirements.
*
* @param $token_response
* @param array $token_response The token response.
*
* @return bool|\WP_Error
* @return bool|WP_Error
*/
function validate_token_response( $token_response ){
// we need to ensure 2 specific items exist with the token response in order
// to proceed with confidence: id_token and token_type == 'Bearer'
function validate_token_response( $token_response ) {
/*
* Ensure 2 specific items exist with the token response in order
* to proceed with confidence: id_token and token_type == 'Bearer'
*/
if ( ! isset( $token_response['id_token'] ) ||
! isset( $token_response['token_type'] ) || strcasecmp( $token_response['token_type'], 'Bearer' )
! isset( $token_response['token_type'] ) || strcasecmp( $token_response['token_type'], 'Bearer' )
) {
return new WP_Error( 'invalid-token-response', 'Invalid token response', $token_response );
}
@ -311,74 +405,74 @@ class OpenID_Connect_Generic_Client {
}
/**
* Extract the id_token_claim from the token_response
* Extract the id_token_claim from the token_response.
*
* @param $token_response
* @param array $token_response The token response.
*
* @return array|\WP_Error
* @return array|WP_Error
*/
function get_id_token_claim( $token_response ){
// name sure we have an id_token
function get_id_token_claim( $token_response ) {
// Validate there is an id_token.
if ( ! isset( $token_response['id_token'] ) ) {
return new WP_Error( 'no-identity-token', __( 'No identity token' ), $token_response );
return new WP_Error( 'no-identity-token', __( 'No identity token.', 'daggerhart-openid-connect-generic' ), $token_response );
}
// break apart the id_token in the response for decoding
// Break apart the id_token in the response for decoding.
$tmp = explode( '.', $token_response['id_token'] );
if ( ! isset( $tmp[1] ) ) {
return new WP_Error( 'missing-identity-token', __( 'Missing identity token' ), $token_response );
return new WP_Error( 'missing-identity-token', __( 'Missing identity token.', 'daggerhart-openid-connect-generic' ), $token_response );
}
// Extract the id_token's claims from the token
// Extract the id_token's claims from the token.
$id_token_claim = json_decode(
base64_decode(
str_replace( // because token is encoded in base64 URL (and not just base64)
array('-', '_'),
array('+', '/'),
str_replace( // Because token is encoded in base64 URL (and not just base64).
array( '-', '_' ),
array( '+', '/' ),
$tmp[1]
)
)
, true
),
true
);
return $id_token_claim;
}
/**
* Ensure the id_token_claim contains the required values
* Ensure the id_token_claim contains the required values.
*
* @param $id_token_claim
* @param array $id_token_claim The ID token claim.
*
* @return bool|\WP_Error
* @return bool|WP_Error
*/
function validate_id_token_claim( $id_token_claim ){
function validate_id_token_claim( $id_token_claim ) {
if ( ! is_array( $id_token_claim ) ) {
return new WP_Error( 'bad-id-token-claim', __( 'Bad ID token claim' ), $id_token_claim );
return new WP_Error( 'bad-id-token-claim', __( 'Bad ID token claim.', 'daggerhart-openid-connect-generic' ), $id_token_claim );
}
// make sure we can find our identification data and that it has a value
// Validate the identification data and it's value.
if ( ! isset( $id_token_claim['sub'] ) || empty( $id_token_claim['sub'] ) ) {
return new WP_Error( 'no-subject-identity', __( 'No subject identity' ), $id_token_claim );
return new WP_Error( 'no-subject-identity', __( 'No subject identity.', 'daggerhart-openid-connect-generic' ), $id_token_claim );
}
return true;
}
/**
* Attempt to exchange the access_token for a user_claim
* Attempt to exchange the access_token for a user_claim.
*
* @param $token_response
* @param array $token_response The token response.
*
* @return array|mixed|object|\WP_Error
* @return array|WP_Error|null
*/
function get_user_claim( $token_response ){
// send a userinfo request to get user claim
function get_user_claim( $token_response ) {
// Send a userinfo request to get user claim.
$user_claim_result = $this->request_userinfo( $token_response['access_token'] );
// make sure we didn't get an error, and that the response body exists
// Make sure we didn't get an error, and that the response body exists.
if ( is_wp_error( $user_claim_result ) || ! isset( $user_claim_result['body'] ) ) {
return new WP_Error( 'bad-claim', __( 'Bad user claim' ), $user_claim_result );
return new WP_Error( 'bad-claim', __( 'Bad user claim.', 'daggerhart-openid-connect-generic' ), $user_claim_result );
}
$user_claim = json_decode( $user_claim_result['body'], true );
@ -390,49 +484,50 @@ class OpenID_Connect_Generic_Client {
* Make sure the user_claim has all required values, and that the subject
* identity matches of the id_token matches that of the user_claim.
*
* @param $user_claim
* @param $id_token_claim
* @param array $user_claim The authenticated user claim.
* @param array $id_token_claim The ID token claim.
*
* @return \WP_Error
* @return bool|WP_Error
*/
function validate_user_claim( $user_claim, $id_token_claim ) {
// must be an array
if ( ! is_array( $user_claim ) ){
return new WP_Error( 'invalid-user-claim', __( 'Invalid user claim' ), $user_claim );
// Validate the user claim.
if ( ! is_array( $user_claim ) ) {
return new WP_Error( 'invalid-user-claim', __( 'Invalid user claim.', 'daggerhart-openid-connect-generic' ), $user_claim );
}
// allow for errors from the IDP
// Allow for errors from the IDP.
if ( isset( $user_claim['error'] ) ) {
$message = __( 'Error from the IDP' );
if ( !empty( $user_claim['error_description'] ) ) {
$message = __( 'Error from the IDP.', 'daggerhart-openid-connect-generic' );
if ( ! empty( $user_claim['error_description'] ) ) {
$message = $user_claim['error_description'];
}
return new WP_Error( 'invalid-user-claim-' . $user_claim['error'], $message, $user_claim );
}
// make sure the id_token sub === user_claim sub, according to spec
if ( $id_token_claim['sub' ] !== $user_claim['sub'] ) {
return new WP_Error( 'incorrect-user-claim', __( 'Incorrect user claim' ), func_get_args() );
// Make sure the id_token sub equals the user_claim sub, according to spec.
if ( $id_token_claim['sub'] !== $user_claim['sub'] ) {
return new WP_Error( 'incorrect-user-claim', __( 'Incorrect user claim.', 'daggerhart-openid-connect-generic' ), func_get_args() );
}
// allow for other plugins to alter the login success
// Allow for other plugins to alter the login success.
$login_user = apply_filters( 'openid-connect-generic-user-login-test', true, $user_claim );
if ( ! $login_user ) {
return new WP_Error( 'unauthorized', __( 'Unauthorized access' ), $login_user );
return new WP_Error( 'unauthorized', __( 'Unauthorized access.', 'daggerhart-openid-connect-generic' ), $login_user );
}
return true;
}
/**
* Retrieve the subject identity from the id_token
* Retrieve the subject identity from the id_token.
*
* @param $id_token_claim array
* @param array $id_token_claim The ID token claim.
*
* @return mixed
*/
function get_subject_identity( $id_token_claim ){
function get_subject_identity( $id_token_claim ) {
return $id_token_claim['sub'];
}
}

139
includes/openid-connect-generic-login-form.php
Unescape Escape View File

@ -1,86 +1,117 @@
<?php
/**
* Login form and login button handlong class.
*
* @package OpenID_Connect_Generic
* @category Login
* @author Jonathan Daggerhart <jonathan@daggerhart.com>
* @copyright 2015-2020 daggerhart
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
/**
* OpenID_Connect_Generic_Login_Form class.
*
* Login form and login button handlong.
*
* @package OpenID_Connect_Generic
* @category Login
*/
class OpenID_Connect_Generic_Login_Form {
/**
* Plugin settings object.
*
* @var OpenID_Connect_Generic_Option_Settings
*/
private $settings;
/**
* Plugin client wrapper instance.
*
* @var OpenID_Connect_Generic_Client_Wrapper
*/
private $client_wrapper;
/**
* @param $settings
* @param $client_wrapper
* The class constructor.
*
* @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance.
* @param OpenID_Connect_Generic_Client_Wrapper $client_wrapper A plugin client wrapper object instance.
*/
function __construct( $settings, $client_wrapper ){
function __construct( $settings, $client_wrapper ) {
$this->settings = $settings;
$this->client_wrapper = $client_wrapper;
// maybe set redirect cookie on formular page
add_action('login_form_login', [$this, 'handle_redirect_cookie']);
// Handle setting the redirect cookie on a formu page.
add_action( 'login_form_login', array( $this, 'handle_redirect_cookie' ) );
}
/**
* @param $settings
* @param $client_wrapper
* Create an instance of the OpenID_Connect_Generic_Login_Form class.
*
* @return \OpenID_Connect_Generic_Login_Form
* @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance.
* @param OpenID_Connect_Generic_Client_Wrapper $client_wrapper A plugin client wrapper object instance.
*
* @return void
*/
static public function register( $settings, $client_wrapper ){
static public function register( $settings, $client_wrapper ) {
$login_form = new self( $settings, $client_wrapper );
// alter the login form as dictated by settings
// Alter the login form as dictated by settings.
add_filter( 'login_message', array( $login_form, 'handle_login_page' ), 99 );
// add a shortcode for the login button
// Add a shortcode for the login button.
add_shortcode( 'openid_connect_generic_login_button', array( $login_form, 'make_login_button' ) );
$login_form->handle_redirect_login_type_auto();
return $login_form;
}
/**
* Auto Login redirect
* Auto Login redirect.
*
* @return void
*/
function handle_redirect_login_type_auto()
{
if ( $GLOBALS['pagenow'] == 'wp-login.php'
&& ( $this->settings->login_type == 'auto' || ! empty( $_GET['force_redirect'] ) )
&& ( ! isset( $_GET[ 'action' ] ) || $_GET[ 'action' ] !== 'logout' )
&& ! isset( $_POST['wp-submit'] ) )
{
if ( ! isset( $_GET['login-error'] ) ) {
$this->handle_redirect_cookie();
function handle_redirect_login_type_auto() {
if ( 'wp-login.php' == $GLOBALS['pagenow']
&& ( 'auto' == $this->settings->login_type || ! empty( $_GET['force_redirect'] ) )
&& ( ! isset( $_GET['action'] ) || 'logout' !== $_GET['action'] )
&& ! isset( $_POST['wp-submit'] ) ) {
if ( ! isset( $_GET['login-error'] ) ) {
$this->handle_redirect_cookie();
wp_redirect( $this->client_wrapper->get_authentication_url() );
exit;
}
else {
} else {
add_action( 'login_footer', array( $this, 'remove_login_form' ), 99 );
}
}
}
/**
* Handle login related redirects
* Handle login related redirects.
*
* @return void
*/
function handle_redirect_cookie()
{
if ( $GLOBALS['pagenow'] == 'wp-login.php' && isset( $_GET[ 'action' ] ) && $_GET[ 'action' ] === 'logout' ) {
function handle_redirect_cookie() {
if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' == $GLOBALS['pagenow'] && isset( $_GET['action'] ) && 'logout' === $_GET['action'] ) {
return;
}
// record the URL of this page if set to redirect back to origin page
if ( $this->settings->redirect_user_back )
{
$redirect_expiry = current_time('timestamp') + DAY_IN_SECONDS;
// Record the URL of this page if set to redirect back to origin page.
if ( $this->settings->redirect_user_back ) {
$redirect_expiry = current_time( 'timestamp' ) + DAY_IN_SECONDS;
// default redirect to the homepage
// Default redirect to the homepage.
$redirect_url = home_url( esc_url( add_query_arg( null, null ) ) );
if ( $GLOBALS['pagenow'] == 'wp-login.php' ) {
// if using the login form, default redirect to the admin dashboard
if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' == $GLOBALS['pagenow'] ) {
// If using the login form, default redirect to the admin dashboard.
$redirect_url = admin_url();
if ( isset( $_REQUEST['redirect_to'] ) ) {
$redirect_url = esc_url_raw( $_REQUEST[ 'redirect_to' ] );
$redirect_url = esc_url_raw( $_REQUEST['redirect_to'] );
}
}
@ -91,9 +122,10 @@ class OpenID_Connect_Generic_Login_Form {
}
/**
* Implements filter login_message
* Implements filter login_message.
*
* @param string $message The text message to display on the login page.
*
* @param $message
* @return string
*/
function handle_login_page( $message ) {
@ -102,15 +134,17 @@ class OpenID_Connect_Generic_Login_Form {
$message .= $this->make_error_output( $_GET['login-error'], $_GET['message'] );
}
// login button is appended to existing messages in case of error
// Login button is appended to existing messages in case of error.
$message .= $this->make_login_button();
return $message;
}
/**
* Display an error message to the user
* Display an error message to the user.
*
* @param $error_code
* @param string $error_code The error code.
* @param string $error_message The error message test.
*
* @return string
*/
@ -119,27 +153,27 @@ class OpenID_Connect_Generic_Login_Form {
ob_start();
?>
<div id="login_error">
<strong><?php _e( 'ERROR'); ?>: </strong>
<?php print esc_html($error_message); ?>
<strong><?php printf( __( 'ERROR (%1$s)', 'daggerhart-openid-connect-generic' ), $error_code ); ?>: </strong>
<?php print esc_html( $error_message ); ?>
</div>
<?php
return ob_get_clean();
}
/**
* Create a login button (link)
*
* @param array $atts Array of optional attributes to override login buton
* Create a login button (link).
*
* @param array $atts Array of optional attributes to override login buton
* functionality when used by shortcode.
*
* @return string
*/
function make_login_button( $atts = array() ) {
$button_text = __( 'Login with OpenID Connect' );
$button_text = __( 'Login with OpenID Connect', 'daggerhart-openid-connect-generic' );
if ( ! empty( $atts['button_text'] ) ) {
$button_text = $atts['button_text'];
}
$text = apply_filters( 'openid-connect-generic-login-button-text', $button_text );
$href = $this->client_wrapper->get_authentication_url( $atts );
@ -152,8 +186,10 @@ class OpenID_Connect_Generic_Login_Form {
return ob_get_clean();
}
/*
/**
* Removes the login form from the HTML DOM
*
* @return void
*/
function remove_login_form() {
?>
@ -166,4 +202,5 @@ class OpenID_Connect_Generic_Login_Form {
</script>
<?php
}
}

178
includes/openid-connect-generic-option-logger.php
Unescape Escape View File

@ -1,90 +1,132 @@
<?php
/**
* Simple class for logging messages to the options table
* Plugin logging class.
*
* @package OpenID_Connect_Generic
* @category Logging
* @author Jonathan Daggerhart <jonathan@daggerhart.com>
* @copyright 2015-2020 daggerhart
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
/**
* OpenID_Connect_Generic_Option_Logger class.
*
* Simple class for logging messages to the options table.
*
* @package OpenID_Connect_Generic
* @category Logging
*/
class OpenID_Connect_Generic_Option_Logger {
// wp option name/key
/**
* Thw WordPress option name/key.
*
* @var string
*/
private $option_name;
// default message type
/**
* The default message type.
*
* @var string
*/
private $default_message_type;
// the number of items to keep in the log
/**
* The number of items to keep in the log.
*
* @var int
*/
private $log_limit;
// whether or not the
/**
* Whether or not logging is enabled.
*
* @var bool
*/
private $logging_enabled;
// internal cache of logs
/**
* Internal cache of logs.
*
* @var array
*/
private $logs;
/**
* Setup the logger according to the needs of the instance
* Setup the logger according to the needs of the instance.
*
* @param string $option_name
* @param string $default_message_type
* @param bool|TRUE $logging_enabled
* @param int $log_limit
* @param string $option_name The plugin log WordPress option name.
* @param string $default_message_type The log message type.
* @param bool|TRUE $logging_enabled Whether logging is enabled.
* @param int $log_limit The log entry limit.
*/
function __construct( $option_name, $default_message_type = 'none', $logging_enabled = true, $log_limit = 1000 ){
function __construct( $option_name, $default_message_type = 'none', $logging_enabled = true, $log_limit = 1000 ) {
$this->option_name = $option_name;
$this->default_message_type = $default_message_type;
$this->logging_enabled = (bool) $logging_enabled;
$this->log_limit = (int) $log_limit;
$this->logging_enabled = boolval( $logging_enabled );
$this->log_limit = intval( $log_limit );
}
/**
* Subscribe logger to a set of filters
* Subscribe logger to a set of filters.
*
* @param $filter_names
* @param int $priority
* @param array|string $filter_names The array, or string, of the name(s) of an filter(s) to hook the logger into.
* @param int $priority The WordPress filter priority level.
*
* @return void
*/
function log_filters( $filter_names, $priority = 10 ){
function log_filters( $filter_names, $priority = 10 ) {
if ( ! is_array( $filter_names ) ) {
$filter_names = array( $filter_names );
}
foreach ( $filter_names as $filter ){
foreach ( $filter_names as $filter ) {
add_filter( $filter, array( $this, 'log_hook' ), $priority );
}
}
/**
* Subscribe logger to a set of actions
* Subscribe logger to a set of actions.
*
* @param array|string $action_names The array, or string, of the name(s) of an action(s) to hook the logger into.
* @param int $priority The WordPress action priority level.
*
* @param $action_names
* @param $priority
* @return void
*/
function log_actions( $action_names, $priority ){
function log_actions( $action_names, $priority ) {
if ( ! is_array( $action_names ) ) {
$action_names = array( $action_names );
}
foreach ( $action_names as $action ){
foreach ( $action_names as $action ) {
add_filter( $action, array( $this, 'log_hook' ), $priority );
}
}
/**
* Log the data
* Log the data.
*
* @param mixed $arg1 The hook argument.
*
* @param null $arg1
* @return null
* @return mixed
*/
function log_hook( $arg1 = null ){
function log_hook( $arg1 = null ) {
$this->log( func_get_args(), current_filter() );
return $arg1;
}
/**
* Save an array of data to the logs
* Save an array of data to the logs.
*
* @param mixed $data The data to be logged.
* @param mixed $type The type of log message.
*
* @param $data mixed
* @return bool
*/
public function log( $data, $type = null ) {
if ( (bool) $this->logging_enabled ) {
if ( boolval( $this->logging_enabled ) ) {
$logs = $this->get_logs();
$logs[] = $this->make_message( $data, $type );
$logs = $this->upkeep_logs( $logs );
@ -95,12 +137,12 @@ class OpenID_Connect_Generic_Option_Logger {
}
/**
* Retrieve all log messages
* Retrieve all log messages.
*
* @return array
*/
public function get_logs() {
if ( is_null( $this->logs ) ) {
if ( empty( $this->logs ) ) {
$this->logs = get_option( $this->option_name, array() );
}
@ -108,41 +150,40 @@ class OpenID_Connect_Generic_Option_Logger {
}
/**
* Get the name of the option where this log is stored
* Get the name of the option where this log is stored.
*
* @return string
*/
public function get_option_name(){
public function get_option_name() {
return $this->option_name;
}
/**
* Create a message array containing the data and other information
* Create a message array containing the data and other information.
*
* @param $data mixed
* @param $type
* @param mixed $data The log message data.
* @param mixed $type The log message type.
*
* @return array
*/
private function make_message( $data, $type ){
// determine the type of message
private function make_message( $data, $type ) {
// Determine the type of message.
if ( empty( $type ) ) {
$this->default_message_type;
$type = $this->default_message_type;
if ( is_array( $data ) && isset( $data['type'] ) ){
if ( is_array( $data ) && isset( $data['type'] ) ) {
$type = $data['type'];
}
else if ( is_wp_error( $data ) ){
} else if ( is_wp_error( $data ) ) {
$type = $data->get_error_code();
}
}
// construct our message
// Construct the message.
$message = array(
'type' => $type,
'time' => time(),
'user_ID' => get_current_user_id(),
'uri' => preg_replace('/code=([^&]+)/i', 'code=', $_SERVER['REQUEST_URI']),
'uri' => preg_replace( '/code=([^&]+)/i', 'code=', $_SERVER['REQUEST_URI'] ),
'data' => $data,
);
@ -150,54 +191,59 @@ class OpenID_Connect_Generic_Option_Logger {
}
/**
* Keep our log count under the limit
* Keep the log count under the limit.
*
* @param array $logs The plugin logs.
*
* @param $message array - extra data about the message
* @return array
*/
private function upkeep_logs( $logs ) {
$items_to_remove = count( $logs ) - $this->log_limit;
if ( $items_to_remove > 0 ){
// keep only the last $log_limit messages from the end
$logs = array_slice( $logs, ( $items_to_remove * -1) );
if ( $items_to_remove > 0 ) {
// Only keep the last $log_limit messages from the end.
$logs = array_slice( $logs, ( $items_to_remove * -1 ) );
}
return $logs;
}
/**
* Save the log messages
* Save the log messages.
*
* @param array $logs The array of log messages.
*
* @param $logs
* @return bool
*/
private function save_logs( $logs ){
// save our logs
private function save_logs( $logs ) {
// Save the logs.
$this->logs = $logs;
return update_option( $this->option_name, $logs, false );
}
/**
* Clear all log messages
* Clear all log messages.
*
* @return void
*/
public function clear_logs(){
public function clear_logs() {
$this->save_logs( array() );
}
/**
* Get a simple html table of all the logs
* Get a simple html table of all the logs.
*
* @param array $logs The array of log messages.
*
* @param array $logs
* @return string
*/
public function get_logs_table( $logs = array() ){
public function get_logs_table( $logs = array() ) {
if ( empty( $logs ) ) {
$logs = $this->get_logs();
}
$logs = array_reverse( $logs );
ini_set( 'xdebug.var_display_max_depth', -1 );
ini_set( 'xdebug.var_display_max_depth', '-1' );
ob_start();
?>
@ -216,19 +262,19 @@ class OpenID_Connect_Generic_Option_Logger {
<tr>
<td class="col-details">
<div>
<label><?php _e( 'Type' ); ?>: </label>
<label><?php _e( 'Type', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print $log['type']; ?>
</div>
<div>
<label><?php _e( 'Date' ); ?>: </label>
<?php print date( 'Y-m-d H:i:s', $log['time'] ); ?>
<label><?php _e( 'Date', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print gmdate( 'Y-m-d H:i:s', $log['time'] ); ?>
</div>
<div>
<label><?php _e( 'User' ); ?>: </label>
<label><?php _e( 'User', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print ( get_userdata( $log['user_ID'] ) ) ? get_userdata( $log['user_ID'] )->user_login : '0'; ?>
</div>
<div>
<label><?php _e( 'URI ' ); ?>: </label>
<label><?php _e( 'URI ', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print $log['uri']; ?>
</div>
</td>

179
includes/openid-connect-generic-option-settings.php
Unescape Escape View File

@ -1,60 +1,207 @@
<?php
/**
* Class OpenId_Connect_Generic_Option_Settings
* WordPress options handling class.
*
* @package OpenID_Connect_Generic
* @category Settings
* @author Jonathan Daggerhart <jonathan@daggerhart.com>
* @copyright 2015-2020 daggerhart
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
/**
* OpenId_Connect_Generic_Option_Settings class.
*
* WordPress options handling.
*
* @package OpenID_Connect_Generic
* @category Settings
*
* Legacy Settings:
*
* @property string $ep_login The login endpoint.
* @property string $ep_token The token endpoint.
* @property string $ep_userinfo The userinfo endpoint.
*
* OAuth Client Settings:
*
* @property string $login_type How the client (login form) should provide login options.
* @property string $client_id The ID the client will be recognized as when connecting the to Identity provider server.
* @property string $client_secret The secret key the IDP server expects from the client.
* @property string $scope The list of scopes this client should access.
* @property string $endpoint_login The IDP authorization endpoint URL.
* @property string $endpoint_userinfo The IDP User information endpoint URL.
* @property string $endpoint_token The IDP token validation endpoint URL.
* @property string $endpoint_end_session The IDP logout endpoint URL.
*
* Non-standard Settings:
*
* @property bool $no_sslverify The flag to enable/disable SSL verification during authorization.
* @property int $http_request_timeout The timeout for requests made to the IDP. Default value is 5.
* @property string $identity_key The key in the user claim array to find the user's identification data.
* @property string $nickname_key The key in the user claim array to find the user's nickname.
* @property string $email_format The key(s) in the user claim array to formulate the user's email address.
* @property string $displayname_format The key(s) in the user claim array to formulate the user's display name.
* @property bool $identify_with_username The flag which indicates how the user's identity will be determined.
* @property int $state_time_limit The valid time limit of the state, in seconds. Defaults to 180 seconds.
*
* Plugin Settings:
*
* @property bool $enforce_privacy The flag to indicates whether a user us required to be authenticated to access the site.
* @property bool $alternate_redirect_uri The flag to indicate whether to use the alternative redirect URI.
* @property bool $token_refresh_enable The flag whether to support refresh tokens by IDPs.
* @property bool $link_existing_users The flag to indicate whether to link to existing WordPress-only accounts or greturn an error.
* @property bool $create_if_does_not_exist The flag to indicate whether to create new users or not.
* @property bool $redirect_user_back The flag to indicate whether to redirect the user back to the page on which they started.
* @property bool $redirect_on_logout The flag to indicate whether to redirect to the login screen on session expiration.
* @property bool $enable_logging The flag to enable/disable logging.
* @property int $log_limit The maximum number of log entries to keep.
*/
class OpenID_Connect_Generic_Option_Settings {
// wp option name/key
/**
* WordPress option name/key.
*
* @var string
*/
private $option_name;
// stored option values array
/**
* Stored option values array.
*
* @var array<mixed>
*/
private $values;
// default plugin settings values
/**
* Default plugin settings values.
*
* @var array<mixed>
*/
private $default_settings;
/**
* @param $option_name
* @param array $default_settings
* @param bool|TRUE $granular_defaults
* List of settings that can be defined by environment variables.
*
* @var array<string,string>
*/
function __construct( $option_name, $default_settings = array(), $granular_defaults = true ){
private $environment_settings = array(
'client_id' => 'OIDC_CLIENT_ID',
'client_secret' => 'OIDC_CLIENT_SECRET',
'endpoint_login' => 'OIDC_ENDPOINT_LOGIN_URL',
'endpoint_userinfo' => 'OIDC_ENDPOINT_USERINFO_URL',
'endpoint_token' => 'OIDC_ENDPOINT_TOKEN_URL',
'endpoint_end_session' => 'OIDC_ENDPOINT_LOGOUT_URL',
);
/**
* The class constructor.
*
* @param string $option_name The option name/key.
* @param array<mixed> $default_settings The default plugin settings values.
* @param bool $granular_defaults The granular defaults.
*/
function __construct( $option_name, $default_settings = array(), $granular_defaults = true ) {
$this->option_name = $option_name;
$this->default_settings = $default_settings;
$this->values = get_option( $this->option_name, $this->default_settings );
$this->values = array();
if ( ! empty( $this->option_name ) ) {
$this->values = (array) get_option( $this->option_name, $this->default_settings );
}
// For each defined environment variable/constant be sure the settings key is set.
foreach ( $this->environment_settings as $key => $constant ) {
if ( defined( $constant ) ) {
$this->__set( $key, constant( $constant ) );
}
}
if ( $granular_defaults ) {
$this->values = array_replace_recursive( $this->default_settings, $this->values );
}
}
function __get( $key ){
/**
* Magic getter for settings.
*
* @param string $key The array key/option name.
*
* @return mixed
*/
function __get( $key ) {
if ( isset( $this->values[ $key ] ) ) {
return $this->values[ $key ];
}
}
function __set( $key, $value ){
/**
* Magic setter for settings.
*
* @param string $key The array key/option name.
* @param mixed $value The option value.
*
* @return void
*/
function __set( $key, $value ) {
$this->values[ $key ] = $value;
}
function __isset( $key ){
/**
* Magic method to check is an attribute isset.
*
* @param string $key The array key/option name.
*
* @return bool
*/
function __isset( $key ) {
return isset( $this->values[ $key ] );
}
function __unset( $key ){
unset( $this->values[ $key ]);
/**
* Magic method to clear an attribute.
*
* @param string $key The array key/option name.
*
* @return void
*/
function __unset( $key ) {
unset( $this->values[ $key ] );
}
function get_values(){
/**
* Get the plugin settings array.
*
* @return array
*/
function get_values() {
return $this->values;
}
/**
* Get the plugin WordPress options name.
*
* @return string
*/
function get_option_name() {
return $this->option_name;
}
function save(){
/**
* Save the plugin options to the WordPress options table.
*
* @return void
*/
function save() {
// For each defined environment variable/constant be sure it isn't saved to the database.
foreach ( $this->environment_settings as $key => $constant ) {
if ( defined( $constant ) ) {
$this->__unset( $key );
}
}
update_option( $this->option_name, $this->values );
}
}

507
includes/openid-connect-generic-settings-page.php
Unescape Escape View File

@ -1,35 +1,205 @@
<?php
/**
* Plugin Admin settings page class.
*
* @package OpenID_Connect_Generic
* @category Settings
* @author Jonathan Daggerhart <jonathan@daggerhart.com>
* @copyright 2015-2020 daggerhart
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
/**
* Class OpenID_Connect_Generic_Settings_Page.
* OpenID_Connect_Generic_Settings_Page class.
*
* Admin settings page.
*
* @package OpenID_Connect_Generic
* @category Settings
*/
class OpenID_Connect_Generic_Settings_Page {
// local copy of the settings provided by the base plugin
/**
* Local copy of the settings provided by the base plugin.
*
* @var OpenID_Connect_Generic_Option_Settings
*/
private $settings;
// The controlled list of settings & associated
// defined during construction for i18n reasons
/**
* Instance of the plugin logger.
*
* @var OpenID_Connect_Generic_Option_Logger
*/
private $logger;
/**
* The controlled list of settings & associated defined during
* construction for i18n reasons.
*
* @var array
*/
private $settings_fields = array();
// options page slug
/**
* Options page slug.
*
* @var string
*/
private $options_page_name = 'openid-connect-generic-settings';
// options page settings group name
/**
* Options page settings group name.
*
* @var string
*/
private $settings_field_group;
/**
* @param OpenID_Connect_Generic_Option_Settings $settings
* @param OpenID_Connect_Generic_Option_Logger $logger
* Settings page class constructor.
*
* @param OpenID_Connect_Generic_Option_Settings $settings The plugin settings object.
* @param OpenID_Connect_Generic_Option_Logger $logger The plugin logging class object.
*/
function __construct( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$this->settings = $settings;
$this->logger = $logger;
$this->settings_field_group = $this->settings->get_option_name() . '-group';
/*
* Simple settings fields simply have:
$fields = $this->get_settings_fields();
// Some simple pre-processing.
foreach ( $fields as $key => &$field ) {
$field['key'] = $key;
$field['name'] = $this->settings->get_option_name() . '[' . $key . ']';
}
// Allow alterations of the fields.
$this->settings_fields = $fields;
}
/**
* Hook the settings page into WordPress.
*
* @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance.
* @param OpenID_Connect_Generic_Option_Logger $logger A plugin logger object instance.
*
* @return void
*/
static public function register( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$settings_page = new self( $settings, $logger );
// Add our options page the the admin menu.
add_action( 'admin_menu', array( $settings_page, 'admin_menu' ) );
// Register our settings.
add_action( 'admin_init', array( $settings_page, 'admin_init' ) );
}
/**
* Implements hook admin_menu to add our options/settings page to the
* dashboard menu.
*
* @return void
*/
public function admin_menu() {
add_options_page(
__( 'OpenID Connect - Generic Client', 'daggerhart-openid-connect-generic' ),
__( 'OpenID Connect Client', 'daggerhart-openid-connect-generic' ),
'manage_options',
$this->options_page_name,
array( $this, 'settings_page' )
);
}
/**
* Implements hook admin_init to register our settings.
*
* @return void
*/
public function admin_init() {
register_setting(
$this->settings_field_group,
$this->settings->get_option_name(),
array(
$this,
'sanitize_settings',
)
);
add_settings_section(
'client_settings',
__( 'Client Settings', 'daggerhart-openid-connect-generic' ),
array( $this, 'client_settings_description' ),
$this->options_page_name
);
add_settings_section(
'user_settings',
__( 'WordPress User Settings', 'daggerhart-openid-connect-generic' ),
array( $this, 'user_settings_description' ),
$this->options_page_name
);
add_settings_section(
'authorization_settings',
__( 'Authorization Settings', 'daggerhart-openid-connect-generic' ),
array( $this, 'authorization_settings_description' ),
$this->options_page_name
);
add_settings_section(
'log_settings',
__( 'Log Settings', 'daggerhart-openid-connect-generic' ),
array( $this, 'log_settings_description' ),
$this->options_page_name
);
// Preprocess fields and add them to the page.
foreach ( $this->settings_fields as $key => $field ) {
// Make sure each key exists in the settings array.
if ( ! isset( $this->settings->{ $key } ) ) {
$this->settings->{ $key } = null;
}
// Determine appropriate output callback.
switch ( $field['type'] ) {
case 'checkbox':
$callback = 'do_checkbox';
break;
case 'select':
$callback = 'do_select';
break;
case 'text':
default:
$callback = 'do_text_field';
break;
}
// Add the field.
add_settings_field(
$key,
$field['title'],
array( $this, $callback ),
$this->options_page_name,
$field['section'],
$field
);
}
}
/**
* Get the plugin settings fields definition.
*
* @return array
*/
private function get_settings_fields() {
/**
* Simple settings fields have:
*
* - title
* - description
@ -39,297 +209,197 @@ class OpenID_Connect_Generic_Settings_Page {
*/
$fields = array(
'login_type' => array(
'title' => __( 'Login Type' ),
'description' => __( 'Select how the client (login form) should provide login options.' ),
'title' => __( 'Login Type', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Select how the client (login form) should provide login options.', 'daggerhart-openid-connect-generic' ),
'type' => 'select',
'options' => array(
'button' => __( 'OpenID Connect button on login form' ),
'auto' => __( 'Auto Login - SSO' ),
'button' => __( 'OpenID Connect button on login form', 'daggerhart-openid-connect-generic' ),
'auto' => __( 'Auto Login - SSO', 'daggerhart-openid-connect-generic' ),
),
'section' => 'client_settings',
),
'client_id' => array(
'title' => __( 'Client ID' ),
'description' => __( 'The ID this client will be recognized as when connecting the to Identity provider server.' ),
'title' => __( 'Client ID', 'daggerhart-openid-connect-generic' ),
'description' => __( 'The ID this client will be recognized as when connecting the to Identity provider server.', 'daggerhart-openid-connect-generic' ),
'example' => 'my-wordpress-client-id',
'type' => 'text',
'disabled' => defined( 'OIDC_CLIENT_ID' ),
'section' => 'client_settings',
),
'client_secret' => array(
'title' => __( 'Client Secret Key' ),
'description' => __( 'Arbitrary secret key the server expects from this client. Can be anything, but should be very unique.' ),
'title' => __( 'Client Secret Key', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Arbitrary secret key the server expects from this client. Can be anything, but should be very unique.', 'daggerhart-openid-connect-generic' ),
'type' => 'text',
'disabled' => defined( 'OIDC_CLIENT_SECRET' ),
'section' => 'client_settings',
),
'scope' => array(
'title' => __( 'OpenID Scope' ),
'description' => __( 'Space separated list of scopes this client should access.' ),
'title' => __( 'OpenID Scope', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Space separated list of scopes this client should access.', 'daggerhart-openid-connect-generic' ),
'example' => 'email profile openid offline_access',
'type' => 'text',
'section' => 'client_settings',
),
'endpoint_login' => array(
'title' => __( 'Login Endpoint URL' ),
'description' => __( 'Identify provider authorization endpoint.' ),
'title' => __( 'Login Endpoint URL', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Identify provider authorization endpoint.', 'daggerhart-openid-connect-generic' ),
'example' => 'https://example.com/oauth2/authorize',
'type' => 'text',
'disabled' => defined( 'OIDC_ENDPOINT_LOGIN_URL' ),
'section' => 'client_settings',
),
'endpoint_userinfo' => array(
'title' => __( 'Userinfo Endpoint URL' ),
'description' => __( 'Identify provider User information endpoint.' ),
'title' => __( 'Userinfo Endpoint URL', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Identify provider User information endpoint.', 'daggerhart-openid-connect-generic' ),
'example' => 'https://example.com/oauth2/UserInfo',
'type' => 'text',
'disabled' => defined( 'OIDC_ENDPOINT_USERINFO_URL' ),
'section' => 'client_settings',
),
'endpoint_token' => array(
'title' => __( 'Token Validation Endpoint URL' ),
'description' => __( 'Identify provider token endpoint.' ),
'title' => __( 'Token Validation Endpoint URL', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Identify provider token endpoint.', 'daggerhart-openid-connect-generic' ),
'example' => 'https://example.com/oauth2/token',
'type' => 'text',
'disabled' => defined( 'OIDC_ENDPOINT_TOKEN_URL' ),
'section' => 'client_settings',
),
'endpoint_end_session' => array(
'title' => __( 'End Session Endpoint URL' ),
'description' => __( 'Identify provider logout endpoint.' ),
'title' => __( 'End Session Endpoint URL', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Identify provider logout endpoint.', 'daggerhart-openid-connect-generic' ),
'example' => 'https://example.com/oauth2/logout',
'type' => 'text',
'disabled' => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ),
'section' => 'client_settings',
),
'identity_key' => array(
'title' => __( 'Identity Key' ),
'description' => __( 'Where in the user claim array to find the user\'s identification data. Possible standard values: preferred_username, name, or sub. If you\'re having trouble, use "sub".' ),
'title' => __( 'Identity Key', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Where in the user claim array to find the user\'s identification data. Possible standard values: preferred_username, name, or sub. If you\'re having trouble, use "sub".', 'daggerhart-openid-connect-generic' ),
'example' => 'preferred_username',
'type' => 'text',
'section' => 'client_settings',
),
'no_sslverify' => array(
'title' => __( 'Disable SSL Verify' ),
'description' => __( 'Do not require SSL verification during authorization. The OAuth extension uses curl to make the request. By default CURL will generally verify the SSL certificate to see if its valid an issued by an accepted CA. This setting disabled that verification.<br><strong>Not recommended for production sites.</strong>' ),
'title' => __( 'Disable SSL Verify', 'daggerhart-openid-connect-generic' ),
'description' => sprintf( __( 'Do not require SSL verification during authorization. The OAuth extension uses curl to make the request. By default CURL will generally verify the SSL certificate to see if its valid an issued by an accepted CA. This setting disabled that verification.%1$sNot recommended for production sites.%2$s', 'daggerhart-openid-connect-generic' ), '<br><strong>', '</strong>' ),
'type' => 'checkbox',
'section' => 'client_settings',
),
'http_request_timeout' => array(
'title' => __( 'HTTP Request Timeout' ),
'description' => __( 'Set the timeout for requests made to the IDP. Default value is 5.' ),
'title' => __( 'HTTP Request Timeout', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Set the timeout for requests made to the IDP. Default value is 5.', 'daggerhart-openid-connect-generic' ),
'example' => 30,
'type' => 'text',
'section' => 'client_settings',
),
'enforce_privacy' => array(
'title' => __( 'Enforce Privacy' ),
'description' => __( 'Require users be logged in to see the site.' ),
'title' => __( 'Enforce Privacy', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Require users be logged in to see the site.', 'daggerhart-openid-connect-generic' ),
'type' => 'checkbox',
'section' => 'authorization_settings',
),
'alternate_redirect_uri' => array(
'title' => __( 'Alternate Redirect URI' ),
'description' => __( 'Provide an alternative redirect route. Useful if your server is causing issues with the default admin-ajax method. You must flush rewrite rules after changing this setting. This can be done by saving the Permalinks settings page.' ),
'title' => __( 'Alternate Redirect URI', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Provide an alternative redirect route. Useful if your server is causing issues with the default admin-ajax method. You must flush rewrite rules after changing this setting. This can be done by saving the Permalinks settings page.', 'daggerhart-openid-connect-generic' ),
'type' => 'checkbox',
'section' => 'authorization_settings',
),
'nickname_key' => array(
'title' => __( 'Nickname Key' ),
'description' => __( 'Where in the user claim array to find the user\'s nickname. Possible standard values: preferred_username, name, or sub.' ),
'title' => __( 'Nickname Key', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Where in the user claim array to find the user\'s nickname. Possible standard values: preferred_username, name, or sub.', 'daggerhart-openid-connect-generic' ),
'example' => 'preferred_username',
'type' => 'text',
'section' => 'client_settings',
),
'email_format' => array(
'title' => __( 'Email Formatting' ),
'description' => __( 'String from which the user\'s email address is built. Specify "{email}" as long as the user claim contains an email claim.' ),
'title' => __( 'Email Formatting', 'daggerhart-openid-connect-generic' ),
'description' => __( 'String from which the user\'s email address is built. Specify "{email}" as long as the user claim contains an email claim.', 'daggerhart-openid-connect-generic' ),
'example' => '{email}',
'type' => 'text',
'section' => 'client_settings',
),
'displayname_format' => array(
'title' => __( 'Display Name Formatting' ),
'description' => __( 'String from which the user\'s display name is built.' ),
'title' => __( 'Display Name Formatting', 'daggerhart-openid-connect-generic' ),
'description' => __( 'String from which the user\'s display name is built.', 'daggerhart-openid-connect-generic' ),
'example' => '{given_name} {family_name}',
'type' => 'text',
'section' => 'client_settings',
),
'identify_with_username' => array(
'title' => __( 'Identify with User Name' ),
'description' => __( 'If checked, the user\'s identity will be determined by the user name instead of the email address.' ),
'title' => __( 'Identify with User Name', 'daggerhart-openid-connect-generic' ),
'description' => __( 'If checked, the user\'s identity will be determined by the user name instead of the email address.', 'daggerhart-openid-connect-generic' ),
'type' => 'checkbox',
'section' => 'client_settings',
),
'state_time_limit' => array(
'title' => __( 'State time limit' ),
'description' => __( 'State valid time in seconds. Defaults to 180' ),
'title' => __( 'State time limit', 'daggerhart-openid-connect-generic' ),
'description' => __( 'State valid time in seconds. Defaults to 180', 'daggerhart-openid-connect-generic' ),
'type' => 'number',
'section' => 'client_settings',
),
'token_refresh_enable' => array(
'title' => __( 'Enable Refresh Token' ),
'description' => __( 'If checked, support refresh tokens used to obtain access tokens from supported IDPs.' ),
'title' => __( 'Enable Refresh Token', 'daggerhart-openid-connect-generic' ),
'description' => __( 'If checked, support refresh tokens used to obtain access tokens from supported IDPs.', 'daggerhart-openid-connect-generic' ),
'type' => 'checkbox',
'section' => 'client_settings',
),
'link_existing_users' => array(
'title' => __( 'Link Existing Users' ),
'description' => __( 'If a WordPress account already exists with the same identity as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error.' ),
'title' => __( 'Link Existing Users', 'daggerhart-openid-connect-generic' ),
'description' => __( 'If a WordPress account already exists with the same identity as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error.', 'daggerhart-openid-connect-generic' ),
'type' => 'checkbox',
'section' => 'user_settings',
),
'create_if_does_not_exist' => array(
'title' => __( 'Create user if does not exist' ),
'description' => __( 'If the user identity is not link to an existing Wordpress user, it is created. If this setting is not enabled and if the user authenticates with an account which is not link to an existing Wordpress user then the authentication failed' ),
'title' => __( 'Create user if does not exist', 'daggerhart-openid-connect-generic' ),
'description' => __( 'If the user identity is not link to an existing Wordpress user, it is created. If this setting is not enabled and if the user authenticates with an account which is not link to an existing Wordpress user then the authentication failed', 'daggerhart-openid-connect-generic' ),
'type' => 'checkbox',
'section' => 'user_settings',
),
'redirect_user_back' => array(
'title' => __( 'Redirect Back to Origin Page' ),
'description' => __( 'After a successful OpenID Connect authentication, this will redirect the user back to the page on which they clicked the OpenID Connect login button. This will cause the login process to proceed in a traditional WordPress fashion. For example, users logging in through the default wp-login.php page would end up on the WordPress Dashboard and users logging in through the WooCommerce "My Account" page would end up on their account page.' ),
'title' => __( 'Redirect Back to Origin Page', 'daggerhart-openid-connect-generic' ),
'description' => __( 'After a successful OpenID Connect authentication, this will redirect the user back to the page on which they clicked the OpenID Connect login button. This will cause the login process to proceed in a traditional WordPress fashion. For example, users logging in through the default wp-login.php page would end up on the WordPress Dashboard and users logging in through the WooCommerce "My Account" page would end up on their account page.', 'daggerhart-openid-connect-generic' ),
'type' => 'checkbox',
'section' => 'user_settings',
),
'redirect_on_logout' => array(
'title' => __( 'Redirect to the login screen session is expired' ),
'description' => __( 'When enabled, this will automatically redirect the user back to the WordPress login page if their access token has expired.' ),
'title' => __( 'Redirect to the login screen when session is expired', 'daggerhart-openid-connect-generic' ),
'description' => __( 'When enabled, this will automatically redirect the user back to the WordPress login page if their access token has expired.', 'daggerhart-openid-connect-generic' ),
'type' => 'checkbox',
'section' => 'user_settings',
),
'enable_logging' => array(
'title' => __( 'Enable Logging' ),
'description' => __( 'Very simple log messages for debugging purposes.' ),
'title' => __( 'Enable Logging', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Very simple log messages for debugging purposes.', 'daggerhart-openid-connect-generic' ),
'type' => 'checkbox',
'section' => 'log_settings',
),
'log_limit' => array(
'title' => __( 'Log Limit' ),
'description' => __( 'Number of items to keep in the log. These logs are stored as an option in the database, so space is limited.' ),
'title' => __( 'Log Limit', 'daggerhart-openid-connect-generic' ),
'description' => __( 'Number of items to keep in the log. These logs are stored as an option in the database, so space is limited.', 'daggerhart-openid-connect-generic' ),
'type' => 'number',
'section' => 'log_settings',
),
);
$fields = apply_filters( 'openid-connect-generic-settings-fields', $fields );
return apply_filters( 'openid-connect-generic-settings-fields', $fields );
// some simple pre-processing
foreach ( $fields as $key => &$field ) {
$field['key'] = $key;
$field['name'] = $this->settings->get_option_name() . '[' . $key . ']';
}
// allow alterations of the fields
$this->settings_fields = $fields;
}
/**
* @param \OpenID_Connect_Generic_Option_Settings $settings
* @param \OpenID_Connect_Generic_Option_Logger $logger
* Sanitization callback for settings/option page.
*
* @return \OpenID_Connect_Generic_Settings_Page
*/
static public function register( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ){
$settings_page = new self( $settings, $logger );
// add our options page the the admin menu
add_action( 'admin_menu', array( $settings_page, 'admin_menu' ) );
// register our settings
add_action( 'admin_init', array( $settings_page, 'admin_init' ) );
return $settings_page;
}
/**
* Implements hook admin_menu to add our options/settings page to the
* dashboard menu
*/
public function admin_menu() {
add_options_page(
__( 'OpenID Connect - Generic Client' ),
__( 'OpenID Connect Client' ),
'manage_options',
$this->options_page_name,
array( $this, 'settings_page' ) );
}
/**
* Implements hook admin_init to register our settings
*/
public function admin_init() {
register_setting( $this->settings_field_group, $this->settings->get_option_name(), array(
$this,
'sanitize_settings'
) );
add_settings_section( 'client_settings',
__( 'Client Settings' ),
array( $this, 'client_settings_description' ),
$this->options_page_name
);
add_settings_section( 'user_settings',
__( 'WordPress User Settings' ),
array( $this, 'user_settings_description' ),
$this->options_page_name
);
add_settings_section( 'authorization_settings',
__( 'Authorization Settings' ),
array( $this, 'authorization_settings_description' ),
$this->options_page_name
);
add_settings_section( 'log_settings',
__( 'Log Settings' ),
array( $this, 'log_settings_description' ),
$this->options_page_name
);
// preprocess fields and add them to the page
foreach ( $this->settings_fields as $key => $field ) {
// make sure each key exists in the settings array
if ( ! isset( $this->settings->{ $key } ) ) {
$this->settings->{ $key } = null;
}
// determine appropriate output callback
switch ( $field['type'] ) {
case 'checkbox':
$callback = 'do_checkbox';
break;
case 'select':
$callback = 'do_select';
break;
case 'text':
default:
$callback = 'do_text_field';
break;
}
// add the field
add_settings_field( $key, $field['title'],
array( $this, $callback ),
$this->options_page_name,
$field['section'],
$field
);
}
}
/**
* Sanitization callback for settings/option page
*
* @param $input - submitted settings values
* @param array $input The submitted settings values.
*
* @return array
*/
public function sanitize_settings( $input ) {
$options = array();
// loop through settings fields to control what we're saving
// Loop through settings fields to control what we're saving.
foreach ( $this->settings_fields as $key => $field ) {
if ( isset( $input[ $key ] ) ) {
$options[ $key ] = sanitize_text_field( trim( $input[ $key ] ) );
}
else {
} else {
$options[ $key ] = '';
}
}
@ -338,12 +408,14 @@ class OpenID_Connect_Generic_Settings_Page {
}
/**
* Output the options/settings page
* Output the options/settings page.
*
* @return void
*/
public function settings_page() {
$redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
if ( $this->settings->alternate_redirect_uri ){
if ( $this->settings->alternate_redirect_uri ) {
$redirect_uri = site_url( '/openid-connect-authorize' );
}
?>
@ -356,30 +428,30 @@ class OpenID_Connect_Generic_Settings_Page {
do_settings_sections( $this->options_page_name );
submit_button();
// simple debug to view settings array
// Simple debug to view settings array.
if ( isset( $_GET['debug'] ) ) {
var_dump( $this->settings->get_values() );
}
?>
</form>
<h4><?php _e( 'Notes' ); ?></h4>
<h4><?php _e( 'Notes', 'daggerhart-openid-connect-generic' ); ?></h4>
<p class="description">
<strong><?php _e( 'Redirect URI' ); ?></strong>
<strong><?php _e( 'Redirect URI', 'daggerhart-openid-connect-generic' ); ?></strong>
<code><?php print $redirect_uri; ?></code>
</p>
<p class="description">
<strong><?php _e( 'Login Button Shortcode' ); ?></strong>
<strong><?php _e( 'Login Button Shortcode', 'daggerhart-openid-connect-generic' ); ?></strong>
<code>[openid_connect_generic_login_button]</code>
</p>
<p class="description">
<strong><?php _e( 'Authentication URL Shortcode' ); ?></strong>
<strong><?php _e( 'Authentication URL Shortcode', 'daggerhart-openid-connect-generic' ); ?></strong>
<code>[openid_connect_generic_auth_url]</code>
</p>
<?php if ( $this->settings->enable_logging ) { ?>
<h2><?php _e( 'Logs' ); ?></h2>
<h2><?php _e( 'Logs', 'daggerhart-openid-connect-generic' ); ?></h2>
<div id="logger-table-wrapper">
<?php print $this->logger->get_logs_table(); ?>
</div>
@ -390,47 +462,56 @@ class OpenID_Connect_Generic_Settings_Page {
}
/**
* Output a standard text field
* Output a standard text field.
*
* @param array $field The settings field definition array.
*
* @param $field
* @return void
*/
public function do_text_field( $field ) {
?>
<input type="<?php print esc_attr( $field['type'] ); ?>"
id="<?php print esc_attr( $field['key'] ); ?>"
class="large-text"
name="<?php print esc_attr( $field['name'] ); ?>"
value="<?php print esc_attr( $this->settings->{ $field['key'] } ); ?>">
<?php echo ( ! empty( $field['disabled'] ) && boolval( $field['disabled'] ) ) ? ' disabled' : ''; ?>
id="<?php print esc_attr( $field['key'] ); ?>"
class="large-text<?php echo ( ! empty( $field['disabled'] ) && boolval( $field['disabled'] ) ) ? ' disabled' : ''; ?>"
name="<?php print esc_attr( $field['name'] ); ?>"
value="<?php print esc_attr( $this->settings->{ $field['key'] } ); ?>">
<?php
$this->do_field_description( $field );
}
/**
* Output a checkbox for a boolean setting
* - hidden field is default value so we don't have to check isset() on save
* Output a checkbox for a boolean setting.
* - hidden field is default value so we don't have to check isset() on save.
*
* @param array $field The settings field definition array.
*
* @param $field
* @return void
*/
public function do_checkbox( $field ) {
?>
<input type="hidden" name="<?php print esc_attr( $field['name'] ); ?>" value="0">
<input type="checkbox"
id="<?php print esc_attr( $field['key'] ); ?>"
name="<?php print esc_attr( $field['name'] ); ?>"
value="1"
id="<?php print esc_attr( $field['key'] ); ?>"
name="<?php print esc_attr( $field['name'] ); ?>"
value="1"
<?php checked( $this->settings->{ $field['key'] }, 1 ); ?>>
<?php
$this->do_field_description( $field );
}
/**
* @param $field
* Output a select control.
*
* @param array $field The settings field definition array.
*
* @return void
*/
function do_select( $field ) {
$current_value = isset( $this->settings->{ $field['key'] } ) ? $this->settings->{ $field['key'] } : '';
?>
<select name="<?php print esc_attr( $field['name'] ); ?>">
<?php foreach ( $field['options'] as $value => $text ): ?>
<?php foreach ( $field['options'] as $value => $text ) : ?>
<option value="<?php print esc_attr( $value ); ?>" <?php selected( $value, $current_value ); ?>><?php print esc_html( $text ); ?></option>
<?php endforeach; ?>
</select>
@ -439,35 +520,57 @@ class OpenID_Connect_Generic_Settings_Page {
}
/**
* Simply output the field description, and example if present
* Output the field description, and example if present.
*
* @param array $field The settings field definition array.
*
* @param $field
* @return void
*/
public function do_field_description( $field ) {
?>
<p class="description">
<?php print $field['description']; ?>
<?php if ( isset( $field['example'] ) ) : ?>
<br/><strong><?php _e( 'Example' ); ?>: </strong>
<br/><strong><?php _e( 'Example', 'daggerhart-openid-connect-generic' ); ?>: </strong>
<code><?php print $field['example']; ?></code>
<?php endif; ?>
</p>
<?php
}
/**
* Output the 'Client Settings' plugin setting section description.
*
* @return void
*/
public function client_settings_description() {
_e( 'Enter your OpenID Connect identity provider settings' );
_e( 'Enter your OpenID Connect identity provider settings.', 'daggerhart-openid-connect-generic' );
}
/**
* Output the 'WordPress User Settings' plugin setting section description.
*
* @return void
*/
public function user_settings_description() {
_e( 'Modify the interaction between OpenID Connect and WordPress users' );
_e( 'Modify the interaction between OpenID Connect and WordPress users.', 'daggerhart-openid-connect-generic' );
}
/**
* Output the 'Authorization Settings' plugin setting section description.
*
* @return void
*/
public function authorization_settings_description() {
_e( 'Control the authorization mechanics of the site' );
_e( 'Control the authorization mechanics of the site.', 'daggerhart-openid-connect-generic' );
}
/**
* Output the 'Log Settings' plugin setting section description.
*
* @return void
*/
public function log_settings_description() {
_e( 'Log information about login attempts through OpenID Connect Generic' );
_e( 'Log information about login attempts through OpenID Connect Generic.', 'daggerhart-openid-connect-generic' );
}
}

500
languages/openid-connect-generic.pot
Unescape Escape View File

@ -0,0 +1,500 @@
# Copyright (C) 2020 daggerhart
# This file is distributed under the GPL-2.0+.
msgid ""
msgstr ""
"Project-Id-Version: OpenID Connect Generic 3.7.1\n"
"Report-Msgid-Bugs-To: "
"https://github.com/daggerhart/openid-connect-generic/issues\n"
"POT-Creation-Date: 2020-08-29 04:30:04+00:00\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2020-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: en\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"X-Poedit-Country: United States\n"
"X-Poedit-SourceCharset: UTF-8\n"
"X-Poedit-KeywordsList: "
"__;_e;_x:1,2c;_ex:1,2c;_n:1,2;_nx:1,2,4c;_n_noop:1,2;_nx_noop:1,2,3c;esc_"
"attr__;esc_html__;esc_attr_e;esc_html_e;esc_attr_x:1,2c;esc_html_x:1,2c;\n"
"X-Poedit-Basepath: ../\n"
"X-Poedit-SearchPath-0: .\n"
"X-Poedit-Bookmarks: \n"
"X-Textdomain-Support: yes\n"
"X-Generator: grunt-wp-i18n 1.0.3\n"
#: includes/openid-connect-generic-client-wrapper.php:197
msgid "Session expired. Please login again."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:432
msgid "User identity is not linked to an existing WordPress user."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:478
msgid "Invalid user."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:597
msgid "No appropriate username found."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:604
msgid "Username %1$s could not be transliterated."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:608
msgid "Username %1$s could not be normalized."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:641
msgid "No nickname found in user claim using key: %1$s."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:668
msgid "User claim incomplete."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:770
msgid "Bad user claim result."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:825
msgid "Can not authorize."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:844
msgid "Failed user creation."
msgstr ""
#: includes/openid-connect-generic-client.php:179
msgid "Missing state."
msgstr ""
#: includes/openid-connect-generic-client.php:183
msgid "Invalid state."
msgstr ""
#: includes/openid-connect-generic-client.php:198
msgid "Missing authentication code."
msgstr ""
#: includes/openid-connect-generic-client.php:237
msgid "Request for authentication token failed."
msgstr ""
#: includes/openid-connect-generic-client.php:268
msgid "Refresh token failed."
msgstr ""
#: includes/openid-connect-generic-client.php:283
msgid "Missing token body."
msgstr ""
#: includes/openid-connect-generic-client.php:291
msgid "Invalid token."
msgstr ""
#: includes/openid-connect-generic-client.php:342
msgid "Request for userinfo failed."
msgstr ""
#: includes/openid-connect-generic-client.php:417
msgid "No identity token."
msgstr ""
#: includes/openid-connect-generic-client.php:424
msgid "Missing identity token."
msgstr ""
#: includes/openid-connect-generic-client.php:451
msgid "Bad ID token claim."
msgstr ""
#: includes/openid-connect-generic-client.php:456
msgid "No subject identity."
msgstr ""
#: includes/openid-connect-generic-client.php:475
msgid "Bad user claim."
msgstr ""
#: includes/openid-connect-generic-client.php:495
msgid "Invalid user claim."
msgstr ""
#: includes/openid-connect-generic-client.php:500
msgid "Error from the IDP."
msgstr ""
#: includes/openid-connect-generic-client.php:509
msgid "Incorrect user claim."
msgstr ""
#: includes/openid-connect-generic-client.php:516
msgid "Unauthorized access."
msgstr ""
#: includes/openid-connect-generic-login-form.php:156
msgid "ERROR (%1$s)"
msgstr ""
#: includes/openid-connect-generic-login-form.php:172
msgid "Login with OpenID Connect"
msgstr ""
#: includes/openid-connect-generic-option-logger.php:265
msgid "Type"
msgstr ""
#: includes/openid-connect-generic-option-logger.php:269
msgid "Date"
msgstr ""
#: includes/openid-connect-generic-option-logger.php:273
msgid "User"
msgstr ""
#: includes/openid-connect-generic-option-logger.php:277
msgid "URI "
msgstr ""
#: includes/openid-connect-generic-settings-page.php:108
msgid "OpenID Connect - Generic Client"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:109
msgid "OpenID Connect Client"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:133
msgid "Client Settings"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:140
msgid "WordPress User Settings"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:147
msgid "Authorization Settings"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:154
msgid "Log Settings"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:212
msgid "Login Type"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:213
msgid "Select how the client (login form) should provide login options."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:216
msgid "OpenID Connect button on login form"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:217
msgid "Auto Login - SSO"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:222
msgid "Client ID"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:223
msgid ""
"The ID this client will be recognized as when connecting the to Identity "
"provider server."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:229
msgid "Client Secret Key"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:230
msgid ""
"Arbitrary secret key the server expects from this client. Can be anything, "
"but should be very unique."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:235
msgid "OpenID Scope"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:236
msgid "Space separated list of scopes this client should access."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:242
msgid "Login Endpoint URL"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:243
msgid "Identify provider authorization endpoint."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:249
msgid "Userinfo Endpoint URL"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:250
msgid "Identify provider User information endpoint."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:256
msgid "Token Validation Endpoint URL"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:257
msgid "Identify provider token endpoint."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:263
msgid "End Session Endpoint URL"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:264
msgid "Identify provider logout endpoint."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:270
msgid "Identity Key"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:271
msgid ""
"Where in the user claim array to find the user's identification data. "
"Possible standard values: preferred_username, name, or sub. If you're "
"having trouble, use \"sub\"."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:277
msgid "Disable SSL Verify"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:278
msgid ""
"Do not require SSL verification during authorization. The OAuth extension "
"uses curl to make the request. By default CURL will generally verify the "
"SSL certificate to see if its valid an issued by an accepted CA. This "
"setting disabled that verification.%1$sNot recommended for production "
"sites.%2$s"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:283
msgid "HTTP Request Timeout"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:284
msgid "Set the timeout for requests made to the IDP. Default value is 5."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:290
msgid "Enforce Privacy"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:291
msgid "Require users be logged in to see the site."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:296
msgid "Alternate Redirect URI"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:297
msgid ""
"Provide an alternative redirect route. Useful if your server is causing "
"issues with the default admin-ajax method. You must flush rewrite rules "
"after changing this setting. This can be done by saving the Permalinks "
"settings page."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:302
msgid "Nickname Key"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:303
msgid ""
"Where in the user claim array to find the user's nickname. Possible "
"standard values: preferred_username, name, or sub."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:309
msgid "Email Formatting"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:310
msgid ""
"String from which the user's email address is built. Specify \"{email}\" as "
"long as the user claim contains an email claim."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:316
msgid "Display Name Formatting"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:317
msgid "String from which the user's display name is built."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:323
msgid "Identify with User Name"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:324
msgid ""
"If checked, the user's identity will be determined by the user name instead "
"of the email address."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:329
msgid "State time limit"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:330
msgid "State valid time in seconds. Defaults to 180"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:335
msgid "Enable Refresh Token"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:336
msgid ""
"If checked, support refresh tokens used to obtain access tokens from "
"supported IDPs."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:341
msgid "Link Existing Users"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:342
msgid ""
"If a WordPress account already exists with the same identity as a "
"newly-authenticated user over OpenID Connect, login as that user instead of "
"generating an error."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:347
msgid "Create user if does not exist"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:348
msgid ""
"If the user identity is not link to an existing Wordpress user, it is "
"created. If this setting is not enabled and if the user authenticates with "
"an account which is not link to an existing Wordpress user then the "
"authentication failed"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:353
msgid "Redirect Back to Origin Page"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:354
msgid ""
"After a successful OpenID Connect authentication, this will redirect the "
"user back to the page on which they clicked the OpenID Connect login "
"button. This will cause the login process to proceed in a traditional "
"WordPress fashion. For example, users logging in through the default "
"wp-login.php page would end up on the WordPress Dashboard and users logging "
"in through the WooCommerce \"My Account\" page would end up on their "
"account page."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:359
msgid "Redirect to the login screen when session is expired"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:360
msgid ""
"When enabled, this will automatically redirect the user back to the "
"WordPress login page if their access token has expired."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:365
msgid "Enable Logging"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:366
msgid "Very simple log messages for debugging purposes."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:371
msgid "Log Limit"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:372
msgid ""
"Number of items to keep in the log. These logs are stored as an option in "
"the database, so space is limited."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:432
msgid "Notes"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:435
msgid "Redirect URI"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:439
msgid "Login Button Shortcode"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:443
msgid "Authentication URL Shortcode"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:448
msgid "Logs"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:527
msgid "Example"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:540
msgid "Enter your OpenID Connect identity provider settings."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:549
msgid "Modify the interaction between OpenID Connect and WordPress users."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:558
msgid "Control the authorization mechanics of the site."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:567
msgid "Log information about login attempts through OpenID Connect Generic."
msgstr ""
#: openid-connect-generic.php:200
msgid "Private site"
msgstr ""
#. Plugin Name of the plugin/theme
msgid "OpenID Connect Generic"
msgstr ""
#. Plugin URI of the plugin/theme
msgid "https://github.com/daggerhart/openid-connect-generic"
msgstr ""
#. Description of the plugin/theme
msgid "Connect to an OpenID Connect generic client using Authorization Code Flow."
msgstr ""
#. Author of the plugin/theme
msgid "daggerhart"
msgstr ""
#. Author URI of the plugin/theme
msgid "http://www.daggerhart.com"
msgstr ""

183
openid-connect-generic.php
Unescape Escape View File

@ -2,13 +2,12 @@
/**
* OpenID Connect Generic Client
*
* This plugin provides the ability to authenticate users with Identity
* This plugin provides the ability to authenticate users with Identity
* Providers using the OpenID Connect OAuth2 API with Authorization Code Flow.
*
* @category Authentication
* @package OpenID_Connect_Generic
* @category General
* @author Jonathan Daggerhart <jonathan@daggerhart.com>
* @author Tim Nolte <tim.nolte@ndigitals.com>
* @copyright 2015-2020 daggerhart
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
* @link https://github.com/daggerhart
@ -17,9 +16,11 @@
* Plugin Name: OpenID Connect Generic
* Plugin URI: https://github.com/daggerhart/openid-connect-generic
* Description: Connect to an OpenID Connect generic client using Authorization Code Flow.
* Version: 3.7.1
* Version: 3.8.0
* Author: daggerhart
* Author URI: http://www.daggerhart.com
* Text Domain: daggerhart-openid-connect-generic
* Domain Path: /languages
* License: GPL-2.0+
* License URI: http://www.gnu.org/licenses/gpl-2.0.txt
* GitHub Plugin URI: https://github.com/daggerhart/openid-connect-generic
@ -64,50 +65,80 @@ Notes
*/
/**
* OpenID_Connect_Generic class.
*
* Defines plugin initialization functionality.
*
* @package OpenID_Connect_Generic
* @category General
*/
class OpenID_Connect_Generic {
// plugin version
const VERSION = '3.7.1';
// plugin settings
/**
* Plugin version.
*
* @var
*/
const VERSION = '3.8.0';
/**
* Plugin settings.
*
* @var OpenID_Connect_Generic_Option_Settings
*/
private $settings;
// plugin logs
/**
* Plugin logs.
*
* @var OpenID_Connect_Generic_Option_Logger
*/
private $logger;
// openid connect generic client
/**
* Openid Connect Generic client
*
* @var OpenID_Connect_Generic_Client
*/
private $client;
// settings admin page
private $settings_page;
// login form adjustments
private $login_form;
/**
* Client wrapper.
*
* @var OpenID_Connect_Generic_Client_Wrapper
*/
private $client_wrapper;
/**
* Setup the plugin
*
* @param OpenID_Connect_Generic_Option_Settings $settings
* @param OpenID_Connect_Generic_Option_Logger $logger
* @param OpenID_Connect_Generic_Option_Settings $settings The settings object.
* @param OpenID_Connect_Generic_Option_Logger $logger The loggin object.
*
* @return void
*/
function __construct( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ){
function __construct( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$this->settings = $settings;
$this->logger = $logger;
}
/**
* WP Hook 'init'
* WordPress Hook 'init'.
*
* @return void
*/
function init(){
function init() {
$redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
if ( $this->settings->alternate_redirect_uri ){
if ( $this->settings->alternate_redirect_uri ) {
$redirect_uri = site_url( '/openid-connect-authorize' );
}
$state_time_limit = 180;
if ($this->settings->state_time_limit) {
$state_time_limit = intval($this->settings->state_time_limit);
if ( $this->settings->state_time_limit ) {
$state_time_limit = intval( $this->settings->state_time_limit );
}
$this->client = new OpenID_Connect_Generic_Client(
@ -127,57 +158,61 @@ class OpenID_Connect_Generic {
return;
}
$this->login_form = OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper );
OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper );
// add a shortcode to get the auth url
// Add a shortcode to get the auth URL.
add_shortcode( 'openid_connect_generic_auth_url', array( $this->client_wrapper, 'get_authentication_url' ) );
// add actions to our scheduled cron jobs
add_action( 'openid-connect-generic-cron-daily', [ $this, 'cron_states_garbage_collection'] );
// Add actions to our scheduled cron jobs.
add_action( 'openid-connect-generic-cron-daily', array( $this, 'cron_states_garbage_collection' ) );
$this->upgrade();
if ( is_admin() ){
$this->settings_page = OpenID_Connect_Generic_Settings_Page::register( $this->settings, $this->logger );
if ( is_admin() ) {
OpenID_Connect_Generic_Settings_Page::register( $this->settings, $this->logger );
}
}
/**
* Check if privacy enforcement is enabled, and redirect users that aren't
* logged in.
*
* @return void
*/
function enforce_privacy_redirect() {
if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
// our client endpoint relies on the wp admind ajax endpoint
if ( ! defined( 'DOING_AJAX') || ! DOING_AJAX || ! isset( $_GET['action'] ) || $_GET['action'] != 'openid-connect-authorize' ) {
// The client endpoint relies on the wp admind ajax endpoint.
if ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX || ! isset( $_GET['action'] ) || 'openid-connect-authorize' != $_GET['action'] ) {
auth_redirect();
}
}
}
/**
* Enforce privacy settings for rss feeds
* Enforce privacy settings for rss feeds.
*
* @param $content
* @param string $content The content.
*
* @return mixed
*/
function enforce_privacy_feeds( $content ){
function enforce_privacy_feeds( $content ) {
if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
$content = 'Private site';
$content = __( 'Private site', 'daggerhart-openid-connect-generic' );
}
return $content;
}
/**
* Handle plugin upgrades
*
* @return void
*/
function upgrade(){
function upgrade() {
$last_version = get_option( 'openid-connect-generic-plugin-version', 0 );
$settings = $this->settings;
if ( version_compare( self::VERSION, $last_version, '>' ) ) {
// upgrade required
// An upgrade is required.
self::setup_cron_jobs();
// @todo move this to another file for upgrade scripts
@ -190,7 +225,7 @@ class OpenID_Connect_Generic {
$settings->save();
}
// update the stored version number
// Update the stored version number.
update_option( 'openid-connect-generic-plugin-version', self::VERSION );
}
}
@ -198,21 +233,25 @@ class OpenID_Connect_Generic {
/**
* Expire state transients by attempting to access them and allowing the
* transient's own mechanisms to delete any that have expired.
*
* @return void
*/
function cron_states_garbage_collection() {
global $wpdb;
$states = $wpdb->get_col( "SELECT `option_name` FROM {$wpdb->options} WHERE `option_name` LIKE '_transient_openid-connect-generic-state--%'" );
if ( !empty( $states ) ) {
if ( ! empty( $states ) ) {
foreach ( $states as $state ) {
$transient = str_replace("_transient_", "", $state);
get_transient( $transient );
$transient = str_replace( '_transient_', '', $state );
get_transient( $transient );
}
}
}
/**
* Ensure cron jobs are added to the schedule.
*
* @return void
*/
static public function setup_cron_jobs() {
if ( ! wp_next_scheduled( 'openid-connect-generic-cron-daily' ) ) {
@ -222,6 +261,8 @@ class OpenID_Connect_Generic {
/**
* Activation hook.
*
* @return void
*/
static public function activation() {
self::setup_cron_jobs();
@ -229,31 +270,34 @@ class OpenID_Connect_Generic {
/**
* Deactivation hook.
*
* @return void
*/
static public function deactivation() {
wp_clear_scheduled_hook( 'openid-connect-generic-cron-daily' );
}
/**
* Simple autoloader
* Simple autoloader.
*
* @param string $class The class name.
*
* @param $class
* @return void
*/
static public function autoload( $class ) {
$prefix = 'OpenID_Connect_Generic_';
if ( stripos($class, $prefix) !== 0 ) {
if ( stripos( $class, $prefix ) !== 0 ) {
return;
}
$filename = $class . '.php';
// internal files are all lowercase and use dashes in filenames
// Internal files are all lowercase and use dashes in filenames.
if ( false === strpos( $filename, '\\' ) ) {
$filename = strtolower( str_replace( '_', '-', $filename ) );
}
else {
$filename = str_replace('\\', DIRECTORY_SEPARATOR, $filename);
} else {
$filename = str_replace( '\\', DIRECTORY_SEPARATOR, $filename );
}
$filepath = dirname( __FILE__ ) . '/includes/' . $filename;
@ -264,26 +308,33 @@ class OpenID_Connect_Generic {
}
/**
* Instantiate the plugin and hook into WP
* Instantiate the plugin and hook into WordPress.
*
* @return void
*/
static public function bootstrap(){
static public function bootstrap() {
/**
* This is a documented valid call for spl_autoload_register.
*
* @link https://www.php.net/manual/en/function.spl-autoload-register.php#71155
*/
spl_autoload_register( array( 'OpenID_Connect_Generic', 'autoload' ) );
$settings = new OpenID_Connect_Generic_Option_Settings(
'openid_connect_generic_settings',
// default settings values
// Default settings values.
array(
// oauth client settings
'login_type' => 'button',
'client_id' => '',
'client_secret' => '',
'scope' => '',
'endpoint_login' => '',
'endpoint_userinfo' => '',
'endpoint_token' => '',
'endpoint_end_session' => '',
// non-standard settings
// OAuth client settings.
'login_type' => 'button',
'client_id' => defined( 'OIDC_CLIENT_ID' ) ? OIDC_CLIENT_ID : '',
'client_secret' => defined( 'OIDC_CLIENT_SECRET' ) ? OIDC_CLIENT_SECRET : '',
'scope' => '',
'endpoint_login' => defined( 'OIDC_ENDPOINT_LOGIN_URL' ) ? OIDC_ENDPOINT_LOGIN_URL : '',
'endpoint_userinfo' => defined( 'OIDC_ENDPOINT_USERINFO_URL' ) ? OIDC_ENDPOINT_USERINFO_URL : '',
'endpoint_token' => defined( 'OIDC_ENDPOINT_TOKEN_URL' ) ? OIDC_ENDPOINT_TOKEN_URL : '',
'endpoint_end_session' => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ) ? OIDC_ENDPOINT_LOGOUT_URL : '',
// Non-standard settings.
'no_sslverify' => 0,
'http_request_timeout' => 5,
'identity_key' => 'preferred_username',
@ -292,7 +343,7 @@ class OpenID_Connect_Generic {
'displayname_format' => '',
'identify_with_username' => false,
// plugin settings
// Plugin settings.
'enforce_privacy' => 0,
'alternate_redirect_uri' => 0,
'token_refresh_enable' => 1,
@ -311,15 +362,15 @@ class OpenID_Connect_Generic {
add_action( 'init', array( $plugin, 'init' ) );
// privacy hooks
// Privacy hooks.
add_action( 'template_redirect', array( $plugin, 'enforce_privacy_redirect' ), 0 );
add_filter( 'the_content_feed', array( $plugin, 'enforce_privacy_feeds' ), 999 );
add_filter( 'the_excerpt_rss', array( $plugin, 'enforce_privacy_feeds' ), 999 );
add_filter( 'the_excerpt_rss', array( $plugin, 'enforce_privacy_feeds' ), 999 );
add_filter( 'comment_text_rss', array( $plugin, 'enforce_privacy_feeds' ), 999 );
}
}
OpenID_Connect_Generic::bootstrap();
register_activation_hook( __FILE__, [ 'OpenID_Connect_Generic', 'activation' ] );
register_deactivation_hook( __FILE__, [ 'OpenID_Connect_Generic', 'deactivation' ] );
register_activation_hook( __FILE__, array( 'OpenID_Connect_Generic', 'activation' ) );
register_deactivation_hook( __FILE__, array( 'OpenID_Connect_Generic', 'deactivation' ) );

22793
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

79
package.json
Unescape Escape View File

@ -0,0 +1,79 @@
{
"name": "openid-connect-generic",
"version": "3.8.0",
"description": "OpenID Connect generic WordPress plugin.",
"main": "Gruntfile.js",
"repository": {
"type": "git",
"url": "https://github.com/daggerhart/openid-connect-generic"
},
"keywords": [
"wordpress",
"openid"
],
"author": "Jonathan Daggerhart",
"license": "GPL-2.0-only",
"bugs": {
"url": "https://github.com/daggerhart/openid-connect-generic/issues"
},
"homepage": "https://github.com/daggerhart/openid-connect-generic#readme",
"dependencies": {
"dev-require": "^0.1.0"
},
"engines": {
"node": "12.18.3",
"npm": "6.14.8"
},
"devDependencies": {
"@floatwork/grunt-po2mo": "^0.3.0",
"@ndigitals/grunt-checkrepo": "^0.2.0",
"@wordpress/env": "^1.6.0",
"@wordpress/scripts": "12.2.0",
"check-node-version": "^4.0.3",
"grunt": "1.3.0",
"grunt-checkbranch": "^1.0.4",
"grunt-checktextdomain": "^1.0.1",
"grunt-cli": "^1.3.2",
"grunt-contrib-clean": "^2.0.0",
"grunt-contrib-copy": "^1.0.0",
"grunt-gitinfo": "^0.1.9",
"grunt-shell": "^2.1.0",
"grunt-version": "2.0.0",
"grunt-wp-i18n": "^1.0.3",
"grunt-wp-readme-to-markdown": "^2.0.0",
"load-grunt-tasks": "^3.5",
"node": "^12.18.3",
"npm": "^6.14.8",
"puppeteer": "^1.20.0",
"typescript": "^3.9.7"
},
"wp-env": {
"plugin-dir": "daggerhart-openid-connect-generic",
"plugin-name": "OpenID Connect Generic",
"docker-template": "./docker-compose.override.yml",
"welcome-build-command": "npm start"
},
"scripts": {
"setup": "composer install && npm install && cd wordpress && npm install && npm run build && cd .. && composer install --optimize-autoloader",
"start": "wp-env start",
"stop": "wp-env stop",
"restart": "npm run wp-env stop && npm run wp-env start",
"grunt": "node_modules/.bin/grunt",
"test": "npm run grunt test",
"build": "npm run grunt build",
"version": "npm run grunt version",
"version:bump": "npm version --no-git-tag-version",
"check:engines": "wp-scripts check-engines",
"check:licenses": "wp-scripts check-licenses",
"wp-env": "wp-env",
"wp": "wp-env run cli wp",
"i18n:check": "npm run grunt checktextdomain",
"i18n:make": "npm run grunt i18n",
"i18n:make:cli": "wp-env run cli wp i18n make-pot . languages/ --slug=daggerhart-openid-connect-generic --include=openid-connect-generic.php,includes",
"lint": "npm run lint:php",
"lint:php": "vendor/bin/phpcs --report=full .",
"lint:php:fix": "vendor/bin/phpcbf .",
"analyze": "npm run analyze:php",
"analyze:php": "vendor/bin/phpstan analyze ."
}
}

32
phpcs.xml.dist
Unescape Escape View File

@ -0,0 +1,32 @@
<?xml version="1.0"?>
<ruleset name="WordPress Coding Standards for Plugins">
<description>Generally-applicable sniffs for WordPress plugins</description>
<rule ref="WordPress-Core">
<exclude name="WordPress.Files.FileName.NotHyphenatedLowercase" />
<exclude name="WordPress.Files.FileName.InvalidClassFileName" />
</rule>
<rule ref="WordPress-Docs" />
<!-- Check all PHP files in directory tree by default. -->
<arg name="basepath" value="." />
<arg name="extensions" value="php" />
<arg name="report" value="summary" />
<!-- Show colors. -->
<arg name="colors" />
<!-- Show progress. -->
<arg value="p" />
<arg value="n" />
<file>.</file>
<!-- Show sniff codes in all reports -->
<arg value="s"/>
<exclude-pattern>*/dist/*</exclude-pattern>
<exclude-pattern>*/node_modules/*</exclude-pattern>
<exclude-pattern>*/tests/*</exclude-pattern>
<exclude-pattern>*/tools/*</exclude-pattern>
<exclude-pattern>*/vendor/*</exclude-pattern>
<exclude-pattern>*/wordpress/*</exclude-pattern>
</ruleset>

51
phpstan.neon.dist
Unescape Escape View File

@ -0,0 +1,51 @@
#$ composer update --optimize-autoloader
#$ vendor/bin/phpstan analyze
includes:
# @see https://github.com/phpstan/phpstan-src/blob/master/conf/bleedingEdge.neon
- phar://phpstan.phar/conf/bleedingEdge.neon
# Include this extension
# - vendor/szepeviktor/phpstan-wordpress/extension.neon
parameters:
level: 5
inferPrivatePropertyTypeFromConstructor: true
bootstrapFiles:
- tests/phpstan-bootstrap.php
# autoload_files:
# Missing constants, function and class stubs
# - tests/phpstan/bootstrap.php
# Plugin stubs
# - tests/phpstan/PLUGIN-stubs.php
# Procedural code
# - myplugin-functions.php
# autoload_directories:
# - inc/
paths:
- includes/
- ./
excludes_analyse:
- node_modules/
- scripts/
- tests/
- tools/
- vendor/
- wordpress/
# scanFiles:
# - includes/class.php
scanDirectories:
- wordpress/src/
ignoreErrors:
# Uses func_get_args()
- '#^Function apply_filters(_ref_array)? invoked with [34567] parameters, 2 required\.$#'
# Fixed in WordPress 5.3
# - '#^Function do_action(_ref_array)? invoked with [3456] parameters, 1-2 required\.$#'
# - '#^Function current_user_can invoked with 2 parameters, 1 required\.$#'
# - '#^Function add_query_arg invoked with [123] parameters?, 0 required\.$#'
# - '#^Function wp_sprintf invoked with [23456] parameters, 1 required\.$#'
# - '#^Function add_post_type_support invoked with [345] parameters, 2 required\.$#'
# - '#^Function ((get|add)_theme_support|current_theme_supports) invoked with [2345] parameters, 1 required\.$#'
# https://core.trac.wordpress.org/ticket/43304
# - '/^Parameter #2 \$deprecated of function load_plugin_textdomain expects string, false given\.$/'
# WP-CLI accepts a class as callable
# - '/^Parameter #2 \$callable of static method WP_CLI::add_command\(\) expects callable\(\): mixed, \S+ given\.$/'
# Please consider commenting ignores: issue URL or reason for ignoring

28
phpunit.xml.dist
Unescape Escape View File

@ -0,0 +1,28 @@
<?xml version="1.0"?>
<phpunit
bootstrap="tests/bootstrap.php"
backupGlobals="false"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
>
<testsuites>
<testsuite name="Includes">
<directory suffix="_test.php">./tests/phpunit/includes/</directory>
</testsuite>
</testsuites>
<filter>
<whitelist processUncoveredFilesFromWhitelist="true">
<directory suffix=".php">src/</directory>
<!-- <file>/path/to/file</file> -->
<exclude>
<directory suffix=".php">src/views</directory>
<!-- <file>/path/to/file</file> -->
</exclude>
</whitelist>
</filter>
<logging>
<log type="coverage-clover" target="clover.xml"/>
</logging>
</phpunit>

10
readme.md
Unescape Escape View File

@ -21,6 +21,7 @@ Much of the documentation can be found on the Settings > OpenID Connect Generic
- [Frequently Asked Questions](#frequently-asked-questions)
- [What is the client's Redirect URI?](#what-is-the-clients-redirect-uri)
- [Can I change the client's Redirect URI?](#can-i-change-the-clients-redirect-uri)
- [Configuration Environment Variables/Constants](#configuration-environment-variables-constants)
- [Hooks](#hooks)
- [Filters](#filters)
- [openid-connect-generic-alter-request](#openid-connect-generic-alter-request)
@ -73,6 +74,15 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
**Alternate Redirect URI**. When checked, the plugin will use the Redirect URI
`https://example.com/openid-connect-authorize`.
## Configuration Environment Variables/Constants
- Client ID: `OIDC_CLIENT_ID`
- Client Secret Key: `OIDC_CLIENT_SECRET`
- Login Endpoint URL: `OIDC_ENDPOINT_LOGIN_URL`
- Userinfo Endpoint URL: `OIDC_ENDPOINT_USERINFO_URL`
- Token Validation Endpoint URL: `OIDC_ENDPOINT_TOKEN_URL`
- End Session Endpoint URL: `OIDC_ENDPOINT_LOGOUT_URL`
## Hooks
This plugin provides a number of hooks to allow for a significant amount of customization of the plugin operations from

19
readme.txt
Unescape Escape View File

@ -1,10 +1,10 @@
=== OpenID Connect Generic Client ===
Contributors: daggerhart, tnolte
Donate link: http://www.daggerhart.com/
Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso
Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso
Requires at least: 4.9
Tested up to: 5.4.2
Stable tag: trunk
Stable tag: 3.8.0
Requires PHP: 5.6
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
@ -15,7 +15,7 @@ A simple client that provides SSO or opt-in authentication against a generic OAu
This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.
Once installed, it can be configured to automatically authenticate users (SSO), or provide a "Login with OpenID Connect"
button on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while
button on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while
new users are created in WordPress database.
Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.
@ -51,6 +51,13 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
== Changelog ==
= 3.8.0 =
* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
* Improvement: @timnolte - Plugin development & contribution updates.
* Improvement: @timnolte - Refactored to meet WordPress coding standards.
* Improvement: @timnolte - Refactored to provide localization.
= 3.7.1 =
* Fix: Release Version Number.
@ -119,7 +126,7 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
= 3.1.0 =
* Feature: @rwasef1830 - Refresh tokens
* Feature: @rwasef1830 - Refresh tokens
* Feature: @rwasef1830 - Integrated logout support with end_session endpoint
* Feature: May use an alternate redirect_uri that doesn't rely on admin-ajax
* Feature: @ahatherly - Support for IDP behind reverse proxy
@ -136,8 +143,8 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
= 3.0.7 =
* Bug fix: @wgengarelly - When requesting userinfo, send the access token using the Authorization header field as recommended in
section 5.3.1 of the specs.
* Bug fix: @wgengarelly - When requesting userinfo, send the access token using the Authorization header field as recommended in
section 5.3.1 of the specs.
= 3.0.6 =

127
scripts/install-wp-tests.sh
Unescape Escape View File

@ -0,0 +1,127 @@
#!/usr/bin/env bash
if [ $# -lt 3 ]; then
echo "usage: $0 <db-name> <db-user> <db-pass> [db-host] [wp-version] [skip-database-creation]"
exit 1
fi
DB_NAME=$1
DB_USER=$2
DB_PASS=$3
DB_HOST=${4-localhost}
WP_VERSION=${5-latest}
SKIP_DB_CREATE=${6-false}
WP_TESTS_DIR=${WP_TESTS_DIR-${TMPDIR-/tmp}/wordpress-tests-lib}
WP_CORE_DIR=${WP_CORE_DIR-${TMPDIR-/tmp}/wordpress/}
download() {
if [ `which curl` ]; then
curl -s "$1" > "$2";
elif [ `which wget` ]; then
wget -nv -O "$2" "$1"
fi
}
if [[ $WP_VERSION =~ [0-9]+\.[0-9]+(\.[0-9]+)? ]]; then
WP_TESTS_TAG="tags/$WP_VERSION"
elif [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then
WP_TESTS_TAG="trunk"
else
# http serves a single offer, whereas https serves multiple. we only want one
download http://api.wordpress.org/core/version-check/1.7/ /tmp/wp-latest.json
grep '[0-9]+\.[0-9]+(\.[0-9]+)?' /tmp/wp-latest.json
LATEST_VERSION=$(grep -o '"version":"[^"]*' /tmp/wp-latest.json | sed 's/"version":"//')
if [[ -z "$LATEST_VERSION" ]]; then
echo "Latest WordPress version could not be found"
exit 1
fi
WP_TESTS_TAG="tags/$LATEST_VERSION"
fi
set -ex
install_wp() {
if [ -d $WP_CORE_DIR ]; then
return;
fi
mkdir -p $WP_CORE_DIR
if [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then
mkdir -p /tmp/wordpress-nightly
download https://wordpress.org/nightly-builds/wordpress-latest.zip /tmp/wordpress-nightly/wordpress-nightly.zip
unzip -q /tmp/wordpress-nightly/wordpress-nightly.zip -d /tmp/wordpress-nightly/
mv /tmp/wordpress-nightly/wordpress/* $WP_CORE_DIR
else
if [ $WP_VERSION == 'latest' ]; then
local ARCHIVE_NAME='latest'
else
local ARCHIVE_NAME="wordpress-$WP_VERSION"
fi
download https://wordpress.org/${ARCHIVE_NAME}.tar.gz /tmp/wordpress.tar.gz
tar --strip-components=1 -zxmf /tmp/wordpress.tar.gz -C $WP_CORE_DIR
fi
download https://raw.github.com/markoheijnen/wp-mysqli/master/db.php $WP_CORE_DIR/wp-content/db.php
}
install_test_suite() {
# portable in-place argument for both GNU sed and Mac OSX sed
if [[ $(uname -s) == 'Darwin' ]]; then
local ioption='-i .bak'
else
local ioption='-i'
fi
# set up testing suite if it doesn't yet exist
if [ ! -d $WP_TESTS_DIR ]; then
# set up testing suite
mkdir -p $WP_TESTS_DIR
svn co --quiet https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/includes/ $WP_TESTS_DIR/includes
svn co --quiet https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/data/ $WP_TESTS_DIR/data
fi
if [ ! -f wp-tests-config.php ]; then
download https://develop.svn.wordpress.org/${WP_TESTS_TAG}/wp-tests-config-sample.php "$WP_TESTS_DIR"/wp-tests-config.php
# remove all forward slashes in the end
WP_CORE_DIR=$(echo $WP_CORE_DIR | sed "s:/\+$::")
sed $ioption "s:dirname( __FILE__ ) . '/src/':'$WP_CORE_DIR/':" "$WP_TESTS_DIR"/wp-tests-config.php
sed $ioption "s/youremptytestdbnamehere/$DB_NAME/" "$WP_TESTS_DIR"/wp-tests-config.php
sed $ioption "s/yourusernamehere/$DB_USER/" "$WP_TESTS_DIR"/wp-tests-config.php
sed $ioption "s/yourpasswordhere/$DB_PASS/" "$WP_TESTS_DIR"/wp-tests-config.php
sed $ioption "s|localhost|${DB_HOST}|" "$WP_TESTS_DIR"/wp-tests-config.php
fi
}
install_db() {
if [ ${SKIP_DB_CREATE} = "true" ]; then
return 0
fi
# parse DB_HOST for port or socket references
local PARTS=(${DB_HOST//\:/ })
local DB_HOSTNAME=${PARTS[0]};
local DB_SOCK_OR_PORT=${PARTS[1]};
local EXTRA=""
if ! [ -z $DB_HOSTNAME ] ; then
if [ $(echo $DB_SOCK_OR_PORT | grep -e '^[0-9]\{1,\}$') ]; then
EXTRA=" --host=$DB_HOSTNAME --port=$DB_SOCK_OR_PORT --protocol=tcp"
elif ! [ -z $DB_SOCK_OR_PORT ] ; then
EXTRA=" --socket=$DB_SOCK_OR_PORT"
elif ! [ -z $DB_HOSTNAME ] ; then
EXTRA=" --host=$DB_HOSTNAME --protocol=tcp"
fi
fi
# create database
mysqladmin create $DB_NAME --user="$DB_USER" --password="$DB_PASS"$EXTRA
}
install_wp
install_test_suite
install_db

25
tests/phpstan-bootstrap.php
Unescape Escape View File

@ -0,0 +1,25 @@
<?php
/**
* Phpstan bootstrap file.
*
* @package OpenID_Connect_Generic
* @author Jonathan Daggerhart <jonathan@daggerhart.com>
* @author Tim Nolte <tim.nolte@ndigitals.com>
* @copyright 2015-2020 daggerhart
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
* @link https://github.com/daggerhart
*/
// Define WordPress language directory.
defined( 'WP_LANG_DIR' ) || define( 'WP_LANG_DIR', 'wordpress/src/wp-includes/languages/' );
defined( 'COOKIE_DOMAIN' ) || define( 'COOKIE_DOMAIN', 'localhost' );
defined( 'COOKIEPATH' ) || define( 'COOKIEPATH', '/');
// Define Plugin Globals.
defined( 'OIDC_CLIENT_ID' ) || define( 'OIDC_CLIENT_ID', bin2hex( random_bytes( 32 ) ) );
defined( 'OIDC_CLIENT_SECRET' ) || define( 'OIDC_CLIENT_SECRET', bin2hex( random_bytes( 16 ) ) );
defined( 'OIDC_ENDPOINT_LOGIN_URL' ) || define( 'OIDC_ENDPOINT_LOGIN_URL', 'https://oidc/oauth2/authorize' );
defined( 'OIDC_ENDPOINT_USERINFO_URL' ) || define( 'OIDC_ENDPOINT_USERINFO_URL', 'https://oidc/oauth2/userinfo' );
defined( 'OIDC_ENDPOINT_TOKEN_URL' ) || define( 'OIDC_ENDPOINT_TOKEN_URL', 'https://oidc/oauth2/token' );
defined( 'OIDC_ENDPOINT_LOGOUT_URL' ) || define( 'OIDC_ENDPOINT_LOGOUT_URL', 'https://oidc/oauth2/logout' );

30
tools/local-env/default.template
Unescape Escape View File

@ -0,0 +1,30 @@
server {
index index.php index.html;
listen 80 default_server;
server_name localhost penguin.linux.test ${LOCAL_HOSTNAME};
client_max_body_size 1g;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/${LOCAL_DIR};
absolute_redirect off;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}

37
tools/local-env/mu-plugins/phpmailer-mailhog.php
Unescape Escape View File

@ -0,0 +1,37 @@
<?php
/**
* Plugin Name: MailHog PhpMailer Setup
* Description: Establishes a connection between the PhpMailer library and the MailHog local-dev Docker container.
*
* @package OpenID_Connect_Generic_MuPlugins
*/
// If this file is called directly, abort.
if ( ! defined( 'WPINC' ) ) {
die;
}
/**
* Provides the configuration for PhpMailer to use MailHog.
*
* @param PHPMailer $phpmailer The PHPMailer instance.
*
* @return void
*/
function mailhog_phpmailer_setup( PHPMailer $phpmailer ) {
defined( 'SMTP_HOST' ) || define( 'SMTP_HOST', 'mailhog' );
// PHPMailer doesn't follow WordPress naming conventions so this can be ignored.
// phpcs:ignore WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase
$phpmailer->Host = SMTP_HOST;
defined( 'SMTP_PORT' ) || define( 'SMTP_PORT', 1025 );
// PHPMailer doesn't follow WordPress naming conventions so this can be ignored.
// phpcs:ignore WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase
$phpmailer->Port = SMTP_PORT;
$phpmailer->IsSMTP();
}
add_action( 'phpmailer_init', 'mailhog_phpmailer_setup', 10, 2 );
Write Preview
Loading…
Cancel
Save