Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

removing trailing whitespace

Browse Source
isekai
Jonathan Daggerhart 5 years ago
parent a0dfa7723d
commit bf2e517a89
5 changed files with 112 additions and 114 deletions
Show Stats Download Patch File Download Diff File

92
includes/openid-connect-generic-client-wrapper.php
Unescape Escape View File

@ -1,12 +1,12 @@
<?php
class OpenID_Connect_Generic_Client_Wrapper {
private $client;
// settings object
private $settings;
// logger object
private $logger;
@ -19,10 +19,9 @@ class OpenID_Connect_Generic_Client_Wrapper {
// WP_Error if there was a problem, or false if no error
private $error = false;
/**
* Inject necessary objects and services into the client
*
*
* @param \OpenID_Connect_Generic_Client $client
* @param \OpenID_Connect_Generic_Option_Settings $settings
* @param \OpenID_Connect_Generic_Option_Logger $logger
@ -44,7 +43,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*/
static public function register( OpenID_Connect_Generic_Client $client, OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ){
$client_wrapper = new self( $client, $settings, $logger );
// integrated logout
if ( $settings->endpoint_end_session ) {
add_filter( 'allowed_redirect_hosts', array( $client_wrapper, 'update_allowed_redirect_hosts' ), 99, 1 );
@ -72,13 +71,13 @@ class OpenID_Connect_Generic_Client_Wrapper {
if ( is_user_logged_in() ) {
add_action( 'wp_loaded', array($client_wrapper, 'ensure_tokens_still_fresh'));
}
return $client_wrapper;
}
/**
* Implements WP action - parse_request
*
*
* @param $query
*
* @return mixed
@ -96,7 +95,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
/**
* Get the authentication url from the client
*
*
* @return string
*/
function get_authentication_url(){
@ -144,7 +143,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
}
$token_result = $this->client->request_new_tokens( $refresh_token );
if ( is_wp_error( $token_result ) ) {
wp_logout();
$this->error_redirect( $token_result );
@ -168,10 +167,10 @@ class OpenID_Connect_Generic_Client_Wrapper {
*/
function error_redirect( $error ) {
$this->logger->log( $error );
// redirect user back to login page
wp_redirect(
wp_login_url() .
wp_redirect(
wp_login_url() .
'?login-error=' . $error->get_error_code() .
'&message=' . urlencode( $error->get_error_message() )
);
@ -186,7 +185,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
function get_error(){
return $this->error;
}
/**
* Add the end_session endpoint to WP core's whitelist of redirect hosts
*
@ -266,31 +265,31 @@ class OpenID_Connect_Generic_Client_Wrapper {
return $request;
}
/**
* Control the authentication and subsequent authorization of the user when
* returning from the IDP.
*/
function authentication_request_callback() {
$client = $this->client;
// start the authentication flow
$authentication_request = $client->validate_authentication_request( $_GET );
if ( is_wp_error( $authentication_request ) ){
$this->error_redirect( $authentication_request );
}
// retrieve the authentication code from the authentication request
$code = $client->get_authentication_code( $authentication_request );
if ( is_wp_error( $code ) ){
$this->error_redirect( $code );
}
// attempting to exchange an authorization code for an authentication token
$token_result = $client->request_authentication_token( $code );
if ( is_wp_error( $token_result ) ) {
$this->error_redirect( $token_result );
}
@ -307,7 +306,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
// ensure the that response contains required information
$valid = $client->validate_token_response( $token_response );
if ( is_wp_error( $valid ) ) {
$this->error_redirect( $valid );
}
@ -328,28 +327,28 @@ class OpenID_Connect_Generic_Client_Wrapper {
if ( is_wp_error( $id_token_claim ) ){
$this->error_redirect( $id_token_claim );
}
// validate our id_token has required values
$valid = $client->validate_id_token_claim( $id_token_claim );
if ( is_wp_error( $valid ) ){
$this->error_redirect( $valid );
}
// if userinfo endpoint is set, exchange the token_response for a user_claim
if ( !empty( $this->settings->endpoint_userinfo ) && isset( $token_response['access_token'] )) {
$user_claim = $client->get_user_claim( $token_response );
} else {
$user_claim = $id_token_claim;
}
if ( is_wp_error( $user_claim ) ){
$this->error_redirect( $user_claim );
}
// validate our user_claim has required values
$valid = $client->validate_user_claim( $user_claim, $id_token_claim );
if ( is_wp_error( $valid ) ){
$this->error_redirect( $valid );
}
@ -380,7 +379,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
// validate the found / created user
$valid = $this->validate_user( $user );
if ( is_wp_error( $valid ) ){
$this->error_redirect( $valid );
}
@ -405,13 +404,13 @@ class OpenID_Connect_Generic_Client_Wrapper {
else {
wp_redirect( home_url() );
}
exit;
}
/**
* Validate the potential WP_User
*
* Validate the potential WP_User
*
* @param $user
*
* @return true|\WP_Error
@ -421,13 +420,13 @@ class OpenID_Connect_Generic_Client_Wrapper {
if ( ! is_a( $user, 'WP_User' ) || ! $user->exists() ) {
return new WP_Error( 'invalid-user', __( 'Invalid user' ), $user );
}
return true;
}
/**
* Record user meta data, and provide an authorization cookie
*
*
* @param $user
*/
function login_user( $user, $token_response, $id_token_claim, $user_claim, $subject_identity ){
@ -478,8 +477,8 @@ class OpenID_Connect_Generic_Client_Wrapper {
}
/**
* Get the user that has meta data matching a
*
* Get the user that has meta data matching a
*
* @param $subject_identity
*
* @return false|\WP_User
@ -500,7 +499,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
$users = $user_query->get_results();
return $users[0];
}
return false;
}
@ -592,7 +591,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
$string .= substr( $format, $i, $match[ 1 ] - $i );
if ( ! isset( $user_claim[ $key ] ) ) {
if ( $error_on_missing_key ) {
return new WP_Error( 'incomplete-user-claim', __( 'User claim incomplete' ),
return new WP_Error( 'incomplete-user-claim', __( 'User claim incomplete' ),
array('message'=>'Unable to find key: '.$key.' in user_claim',
'hint'=>'Verify OpenID Scope includes a scope with the attributes you need',
'user_claim'=>$user_claim,
@ -638,7 +637,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
/**
* Create a new user from details in a user_claim
*
*
* @param $subject_identity
* @param $user_claim
*
@ -738,14 +737,14 @@ class OpenID_Connect_Generic_Client_Wrapper {
}
}
// allow other plugins / themes to determine authorization
// allow other plugins / themes to determine authorization
// of new accounts based on the returned user claim
$create_user = apply_filters( 'openid-connect-generic-user-creation-test', true, $user_claim );
if ( ! $create_user ) {
return new WP_Error( 'cannot-authorize', __( 'Can not authorize.' ), $create_user );
}
$user_data = array(
'user_login' => $username,
'user_pass' => wp_generate_password( 32, true, true ),
@ -776,26 +775,25 @@ class OpenID_Connect_Generic_Client_Wrapper {
// allow plugins / themes to take action on new user creation
do_action( 'openid-connect-generic-user-create', $user, $user_claim );
return $user;
}
/**
* Update an existing user with OpenID Connect meta data
*
*
* @param $uid
* @param $subject_identity
*
* @return \WP_Error | \WP_User
*/
function update_existing_user( $uid, $subject_identity ) {
// add the OpenID Connect meta data
// add the OpenID Connect meta data
update_user_meta( $uid, 'openid-connect-generic-subject-identity', (string) $subject_identity );
// allow plugins / themes to take action on user update
do_action( 'openid-connect-generic-user-update', $uid );
// return our updated user
return get_user_by( 'id', $uid );
}

42
includes/openid-connect-generic-client.php
Unescape Escape View File

@ -67,9 +67,9 @@ class OpenID_Connect_Generic_Client {
/**
* Validate the request for login authentication
*
*
* @param $request
*
*
* @return array|\WP_Error
*/
function validate_authentication_request( $request ){
@ -111,7 +111,7 @@ class OpenID_Connect_Generic_Client {
* Using the authorization_code, request an authentication token from the idp
*
* @param $code - authorization_code
*
*
* @return array|\WP_Error
*/
function request_authentication_token( $code ) {
@ -142,7 +142,7 @@ class OpenID_Connect_Generic_Client {
if ( is_wp_error( $response ) ){
$response->add( 'request_authentication_token' , __( 'Request for authentication token failed.' ) );
}
return $response;
}
@ -203,12 +203,12 @@ class OpenID_Connect_Generic_Client {
return $token_response;
}
/**
* Exchange an access_token for a user_claim from the userinfo endpoint
*
* @param $access_token
*
*
* @return array|\WP_Error
*/
function request_userinfo( $access_token ) {
@ -240,7 +240,7 @@ class OpenID_Connect_Generic_Client {
if ( is_wp_error( $response ) ){
$response->add( 'request_userinfo' , __( 'Request for userinfo failed.' ) );
}
return $response;
}
@ -293,18 +293,18 @@ class OpenID_Connect_Generic_Client {
function validate_token_response( $token_response ){
// we need to ensure 2 specific items exist with the token response in order
// to proceed with confidence: id_token and token_type == 'Bearer'
if ( ! isset( $token_response['id_token'] ) ||
if ( ! isset( $token_response['id_token'] ) ||
! isset( $token_response['token_type'] ) || strcasecmp( $token_response['token_type'], 'Bearer' )
) {
return new WP_Error( 'invalid-token-response', 'Invalid token response', $token_response );
}
return true;
}
/**
* Extract the id_token_claim from the token_response
*
*
* @param $token_response
*
* @return array|\WP_Error
@ -333,13 +333,13 @@ class OpenID_Connect_Generic_Client {
)
, true
);
return $id_token_claim;
}
/**
* Ensure the id_token_claim contains the required values
*
*
* @param $id_token_claim
*
* @return bool|\WP_Error
@ -348,20 +348,20 @@ class OpenID_Connect_Generic_Client {
if ( ! is_array( $id_token_claim ) ) {
return new WP_Error( 'bad-id-token-claim', __( 'Bad ID token claim' ), $id_token_claim );
}
// make sure we can find our identification data and that it has a value
if ( ! isset( $id_token_claim['sub'] ) || empty( $id_token_claim['sub'] ) ) {
return new WP_Error( 'no-subject-identity', __( 'No subject identity' ), $id_token_claim );
}
return true;
}
/**
* Attempt to exchange the access_token for a user_claim
*
*
* @param $token_response
*
*
* @return array|mixed|object|\WP_Error
*/
function get_user_claim( $token_response ){
@ -377,11 +377,11 @@ class OpenID_Connect_Generic_Client {
return $user_claim;
}
/**
* Make sure the user_claim has all required values, and that the subject
* identity matches of the id_token matches that of the user_claim.
*
*
* @param $user_claim
* @param $id_token_claim
*
@ -409,17 +409,17 @@ class OpenID_Connect_Generic_Client {
// allow for other plugins to alter the login success
$login_user = apply_filters( 'openid-connect-generic-user-login-test', true, $user_claim );
if ( ! $login_user ) {
return new WP_Error( 'unauthorized', __( 'Unauthorized access' ), $login_user );
}
return true;
}
/**
* Retrieve the subject identity from the id_token
*
*
* @param $id_token_claim array
*
* @return mixed

54
includes/openid-connect-generic-option-logger.php
Unescape Escape View File

@ -3,25 +3,25 @@
* Simple class for logging messages to the options table
*/
class OpenID_Connect_Generic_Option_Logger {
// wp option name/key
private $option_name;
// default message type
private $default_message_type;
// the number of items to keep in the log
private $log_limit;
// whether or not the
// whether or not the
private $logging_enabled;
// internal cache of logs
private $logs;
/**
* Setup the logger according to the needs of the instance
*
*
* @param string $option_name
* @param string $default_message_type
* @param bool|TRUE $logging_enabled
@ -36,7 +36,7 @@ class OpenID_Connect_Generic_Option_Logger {
/**
* Subscribe logger to a set of filters
*
*
* @param $filter_names
* @param int $priority
*/
@ -44,7 +44,7 @@ class OpenID_Connect_Generic_Option_Logger {
if ( ! is_array( $filter_names ) ) {
$filter_names = array( $filter_names );
}
foreach ( $filter_names as $filter ){
add_filter( $filter, array( $this, 'log_hook' ), $priority );
}
@ -52,7 +52,7 @@ class OpenID_Connect_Generic_Option_Logger {
/**
* Subscribe logger to a set of actions
*
*
* @param $action_names
* @param $priority
*/
@ -67,8 +67,8 @@ class OpenID_Connect_Generic_Option_Logger {
}
/**
* Log the data
*
* Log the data
*
* @param null $arg1
* @return null
*/
@ -76,10 +76,10 @@ class OpenID_Connect_Generic_Option_Logger {
$this->log( func_get_args(), current_filter() );
return $arg1;
}
/**
* Save an array of data to the logs
*
*
* @param $data mixed
* @return bool
*/
@ -90,13 +90,13 @@ class OpenID_Connect_Generic_Option_Logger {
$logs = $this->upkeep_logs( $logs );
return $this->save_logs( $logs );
}
return false;
}
/**
* Retrieve all log messages
*
*
* @return array
*/
public function get_logs() {
@ -109,7 +109,7 @@ class OpenID_Connect_Generic_Option_Logger {
/**
* Get the name of the option where this log is stored
*
*
* @return string
*/
public function get_option_name(){
@ -128,7 +128,7 @@ class OpenID_Connect_Generic_Option_Logger {
// determine the type of message
if ( empty( $type ) ) {
$this->default_message_type;
if ( is_array( $data ) && isset( $data['type'] ) ){
$type = $data['type'];
}
@ -148,7 +148,7 @@ class OpenID_Connect_Generic_Option_Logger {
return $message;
}
/**
* Keep our log count under the limit
*
@ -161,14 +161,14 @@ class OpenID_Connect_Generic_Option_Logger {
if ( $items_to_remove > 0 ){
// keep only the last $log_limit messages from the end
$logs = array_slice( $logs, ( $items_to_remove * -1) );
}
}
return $logs;
}
/**
* Save the log messages
*
*
* @param $logs
* @return bool
*/
@ -187,7 +187,7 @@ class OpenID_Connect_Generic_Option_Logger {
/**
* Get a simple html table of all the logs
*
*
* @param array $logs
* @return string
*/
@ -196,9 +196,9 @@ class OpenID_Connect_Generic_Option_Logger {
$logs = $this->get_logs();
}
$logs = array_reverse( $logs );
ini_set( 'xdebug.var_display_max_depth', -1 );
ob_start();
?>
<style type="text/css">
@ -232,7 +232,7 @@ class OpenID_Connect_Generic_Option_Logger {
<?php print $log['uri']; ?>
</div>
</td>
<td class="col-data"><pre><?php var_dump( $log['data'] ); ?></pre></td>
</tr>
<?php } ?>
@ -240,7 +240,7 @@ class OpenID_Connect_Generic_Option_Logger {
</table>
<?php
$output = ob_get_clean();
return $output;
}
}

22
includes/openid-connect-generic-option-settings.php
Unescape Escape View File

@ -3,13 +3,13 @@
* Class OpenId_Connect_Generic_Option_Settings
*/
class OpenID_Connect_Generic_Option_Settings {
// wp option name/key
private $option_name;
// stored option values array
private $values;
// default plugin settings values
private $default_settings;
@ -22,38 +22,38 @@ class OpenID_Connect_Generic_Option_Settings {
$this->option_name = $option_name;
$this->default_settings = $default_settings;
$this->values = get_option( $this->option_name, $this->default_settings );
if ( $granular_defaults ) {
$this->values = array_replace_recursive( $this->default_settings, $this->values );
}
}
function __get( $key ){
if ( isset( $this->values[ $key ] ) ) {
return $this->values[ $key ];
}
}
function __set( $key, $value ){
$this->values[ $key ] = $value;
}
function __isset( $key ){
return isset( $this->values[ $key ] );
}
function __unset( $key ){
unset( $this->values[ $key ]);
}
function get_values(){
return $this->values;
}
function get_option_name() {
return $this->option_name;
}
function save(){
update_option( $this->option_name, $this->values );
}

16
includes/openid-connect-generic-settings-page.php
Unescape Escape View File

@ -27,10 +27,10 @@ class OpenID_Connect_Generic_Settings_Page {
$this->settings = $settings;
$this->logger = $logger;
$this->settings_field_group = $this->settings->get_option_name() . '-group';
/*
* Simple settings fields simply have:
*
*
* - title
* - description
* - type ( checkbox | text | select )
@ -225,7 +225,7 @@ class OpenID_Connect_Generic_Settings_Page {
// register our settings
add_action( 'admin_init', array( $settings_page, 'admin_init' ) );
return $settings_page;
}
@ -262,7 +262,7 @@ class OpenID_Connect_Generic_Settings_Page {
array( $this, 'user_settings_description' ),
$this->options_page_name
);
add_settings_section( 'authorization_settings',
__( 'Authorization Settings' ),
array( $this, 'authorization_settings_description' ),
@ -322,7 +322,7 @@ class OpenID_Connect_Generic_Settings_Page {
foreach ( $this->settings_fields as $key => $field ) {
if ( isset( $input[ $key ] ) ) {
$options[ $key ] = sanitize_text_field( trim( $input[ $key ] ) );
}
}
else {
$options[ $key ] = '';
}
@ -349,7 +349,7 @@ class OpenID_Connect_Generic_Settings_Page {
settings_fields( $this->settings_field_group );
do_settings_sections( $this->options_page_name );
submit_button();
// simple debug to view settings array
if ( isset( $_GET['debug'] ) ) {
var_dump( $this->settings->get_values() );
@ -452,11 +452,11 @@ class OpenID_Connect_Generic_Settings_Page {
public function client_settings_description() {
_e( 'Enter your OpenID Connect identity provider settings' );
}
public function user_settings_description() {
_e( 'Modify the interaction between OpenID Connect and WordPress users' );
}
public function authorization_settings_description() {
_e( 'Control the authorization mechanics of the site' );
}

Write Preview
Loading…
Cancel
Save