Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Release/3.8.3 (#290)

Browse Source 
* Feature/travis ci to GitHub actions (#282)

* Updates Composer/NPM Dependencies & Adds New GitHub Actions

* Moves All CI/CI Functionality to GitHub Actions

- Updates Composer & NPM dependencies to newer versions.
- Updates default development environment WordPress version to 5.6.x.
- Fixes missing updated to the language POT file.
- Moves to using a GitHub Release for WordPress.org deployment.
- Removes TravisCI configuration.

* Fixes Login Page XSS Issue (#283)

- Adds escaping to the errot output message.
- Adds escaping to the login button output.

* Fixes Broken Redirect URL Handling & Moves Away from Cookies (#289)

* Initial Changes to Move Away from Cookies for Redirects

* Add Redirection via State Transient Support

- Adds adding the login redirection to the state transient.
- Deprecates the use of cookies to handle login redirection.
- Fixes Login button shortcode authentication URL encoding.
- Fixes some broken wp-env local Docker environment issues.
- Fixes make_authentication_url attributes usage.
- Removes error_log calls used for debugging.

* Fixes Missed WordPress Coding Standards Issues

- Updates PHP_CodeSniffer configuration to properly support all checks.

* Fixes Login Button Output for Proper Escaping

* Preparation for Maintenance Release
isekai
Tim Nolte 4 years ago committed by GitHub
parent 14dbc06203
commit eac1c3b651
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 3686 additions and 3101 deletions
Show Stats Download Patch File Download Diff File

26
.wp-env.json
Unescape Escape View File

@ -1,9 +1,33 @@
{
"core": "./wordpress/build",
"plugins": [ "." ],
"plugins": [
"."
],
"mappings": {
"wp-content/mu-plugins": "./tools/local-env/mu-plugins"
},
"env": {
"development": {
"plugins": [
".",
"https://downloads.wordpress.org/plugin/debug-bar.zip",
"https://downloads.wordpress.org/plugin/query-monitor.zip",
"https://downloads.wordpress.org/plugin/debug-bar-post-meta.zip",
"https://downloads.wordpress.org/plugin/transients-manager.zip"
],
"mappings": {
"wp-config.php": "tools/local-env/wp-config.dev.php"
}
},
"tests": {
"plugins": [
"."
],
"mappings": {
"wp-config.php": "tools/local-env/wp-config.tests.php"
}
}
},
"config": {
"PHP_INI_MEMORY_LIMIT": "512M",
"WP_MEMORY_LIMIT": "512M",

6
CHANGELOG.md
Unescape Escape View File

@ -1,5 +1,11 @@
# OpenId Connect Generic Changelog
3.8.3
* Fix: @timnolte - Fixed problems with proper redirect handling.
* Improvement: @timnolte - Changes redirect handling to use State instead of cookies.
* Improvement: @timnolte - Refactored additional code to meet coding standards.
3.8.2
* Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.

8
README.md
Unescape Escape View File

@ -4,7 +4,7 @@
**Tags:** security, login, oauth2, openidconnect, apps, authentication, autologin, sso
**Requires at least:** 4.9
**Tested up to:** 5.6
**Stable tag:** 3.8.2
**Stable tag:** 3.8.3
**Requires PHP:** 7.1
**License:** GPLv2 or later
**License URI:** http://www.gnu.org/licenses/gpl-2.0.html
@ -51,6 +51,12 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
## Changelog ##
### 3.8.3 ###
* Fix: @timnolte - Fixed problems with proper redirect handling.
* Improvement: @timnolte - Changes redirect handling to use State instead of cookies.
* Improvement: @timnolte - Refactored additional code to meet coding standards.
### 3.8.2 ###
* Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.

32
css/styles-admin.css
Unescape Escape View File

@ -0,0 +1,32 @@
#logger-table .col-data {
width: 85%
}
#logger-table .col-data pre {
margin: 0;
white-space: pre; /* CSS 2.0 */
white-space: pre-wrap; /* CSS 2.1 */
white-space: pre-line; /* CSS 3.0 */
white-space: -pre-wrap; /* Opera 4-6 */
white-space: -o-pre-wrap; /* Opera 7 */
white-space: -moz-pre-wrap; /* Mozilla */
white-space: -hp-pre-wrap; /* HP Printers */
word-wrap: break-word; /* IE 5+ */
}
#logger-table .col-details {
width: 200px;
}
#logger-table .col-details div {
padding: 4px 0;
border-bottom: 1px solid #bbb;
}
#logger-table .col-details div:last-child {
border-bottom: none;
}
#logger-table .col-details label {
font-weight: bold;
}

71
includes/openid-connect-generic-client-wrapper.php
Unescape Escape View File

@ -9,6 +9,8 @@
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
*/
use \WP_Error as WP_Error;
/**
* OpenID_Connect_Generic_Client_Wrapper class.
*
@ -50,6 +52,8 @@ class OpenID_Connect_Generic_Client_Wrapper {
/**
* The user redirect cookie key.
*
* @deprecated Redirection should be done via state transient and not cookies.
*
* @var string
*/
public $cookie_redirect_key = 'openid-connect-generic-redirect';
@ -70,7 +74,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
* @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance.
* @param OpenID_Connect_Generic_Option_Logger $logger A plugin logger object instance.
*/
function __construct( OpenID_Connect_Generic_Client $client, OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
public function __construct( OpenID_Connect_Generic_Client $client, OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$this->client = $client;
$this->settings = $settings;
$this->logger = $logger;
@ -85,7 +89,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return \OpenID_Connect_Generic_Client_Wrapper
*/
static public function register( OpenID_Connect_Generic_Client $client, OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
public static function register( OpenID_Connect_Generic_Client $client, OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$client_wrapper = new self( $client, $settings, $logger );
// Integrated logout.
@ -128,7 +132,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return mixed
*/
function alternate_redirect_uri_parse_request( $query ) {
public function alternate_redirect_uri_parse_request( $query ) {
if ( isset( $query->query_vars['openid-connect-authorize'] ) &&
'1' === $query->query_vars['openid-connect-authorize'] ) {
$this->authentication_request_callback();
@ -145,14 +149,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return string
*/
function get_authentication_url( $atts = array() ) {
if ( ! empty( $atts['redirect_to'] ) ) {
// Set the request query parameter used to set the cookie redirect.
$_REQUEST['redirect_to'] = $atts['redirect_to'];
$login_form = new OpenID_Connect_Generic_Login_Form( $this->settings, $this );
$login_form->handle_redirect_cookie();
}
public function get_authentication_url( $atts = array() ) {
return $this->client->make_authentication_url( $atts );
@ -163,7 +160,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return void
*/
function ensure_tokens_still_fresh() {
public function ensure_tokens_still_fresh() {
if ( ! is_user_logged_in() ) {
return;
}
@ -225,7 +222,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return void
*/
function error_redirect( $error ) {
public function error_redirect( $error ) {
$this->logger->log( $error );
// Redirect user back to login page.
@ -242,7 +239,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return bool|WP_Error
*/
function get_error() {
public function get_error() {
return $this->error;
}
@ -253,7 +250,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return array<string>|bool
*/
function update_allowed_redirect_hosts( $allowed ) {
public function update_allowed_redirect_hosts( $allowed ) {
$host = parse_url( $this->settings->endpoint_end_session, PHP_URL_HOST );
if ( ! $host ) {
return false;
@ -272,7 +269,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return string
*/
function get_end_session_logout_redirect_url( $redirect_url, $requested_redirect_to, $user ) {
public function get_end_session_logout_redirect_url( $redirect_url, $requested_redirect_to, $user ) {
$url = $this->settings->endpoint_end_session;
$query = parse_url( $url, PHP_URL_QUERY );
$url .= $query ? '&' : '?';
@ -317,7 +314,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return mixed
*/
function alter_request( $request, $operation ) {
public function alter_request( $request, $operation ) {
if ( ! empty( $this->settings->http_request_timeout ) && is_numeric( $this->settings->http_request_timeout ) ) {
$request['timeout'] = intval( $this->settings->http_request_timeout );
}
@ -335,7 +332,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return void
*/
function authentication_request_callback() {
public function authentication_request_callback() {
$client = $this->client;
// Start the authentication flow.
@ -352,6 +349,13 @@ class OpenID_Connect_Generic_Client_Wrapper {
$this->error_redirect( $code );
}
// Retrieve the authentication state from the authentication request.
$state = $client->get_authentication_state( $authentication_request );
if ( is_wp_error( $state ) ) {
$this->error_redirect( $state );
}
// Attempting to exchange an authorization code for an authentication token.
$token_result = $client->request_authentication_token( $code );
@ -452,12 +456,22 @@ class OpenID_Connect_Generic_Client_Wrapper {
// Log our success.
$this->logger->log( "Successful login for: {$user->user_login} ({$user->ID})", 'login-success' );
// Redirect back to the origin page if enabled.
$redirect_url = isset( $_COOKIE[ $this->cookie_redirect_key ] ) ? esc_url_raw( $_COOKIE[ $this->cookie_redirect_key ] ) : false;
// Default redirect to the homepage.
$redirect_url = home_url();
// Redirect user according to redirect set in state.
$state_object = get_transient( 'openid-connect-generic-state--' . $state );
// Get the redirect URL stored with the corresponding authentication request state.
if ( ! empty( $state_object ) ) {
$redirect_url = $state_object['redirect_to'];
}
// Provide backwards compatibility for customization using the deprecated cookie method.
if ( ! empty( $_COOKIE[ $this->cookie_redirect_key ] ) ) {
$redirect_url = esc_url_raw( wp_unslash( $_COOKIE[ $this->cookie_redirect_key ] ) );
}
if ( $this->settings->redirect_user_back && ! empty( $redirect_url ) ) {
do_action( 'openid-connect-generic-redirect-user-back', $redirect_url, $user );
setcookie( $this->cookie_redirect_key, $redirect_url, 1, COOKIEPATH, COOKIE_DOMAIN, is_ssl() );
wp_redirect( $redirect_url );
} else { // Otherwise, go home!
wp_redirect( home_url() );
@ -473,7 +487,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return true|WP_Error
*/
function validate_user( $user ) {
public function validate_user( $user ) {
// Ensure the found user is a real WP_User.
if ( ! is_a( $user, 'WP_User' ) || ! $user->exists() ) {
return new WP_Error( 'invalid-user', __( 'Invalid user.', 'daggerhart-openid-connect-generic' ), $user );
@ -493,7 +507,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return void
*/
function login_user( $user, $token_response, $id_token_claim, $user_claim, $subject_identity ) {
public function login_user( $user, $token_response, $id_token_claim, $user_claim, $subject_identity ) {
// Store the tokens for future reference.
update_user_meta( $user->ID, 'openid-connect-generic-last-token-response', $token_response );
update_user_meta( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
@ -519,7 +533,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
* @param string $token The current users session token.
* @param array|WP_Error|null $token_response The authentication token response.
*/
function save_refresh_token( $manager, $token, $token_response ) {
public function save_refresh_token( $manager, $token, $token_response ) {
if ( ! $this->settings->token_refresh_enable ) {
return;
}
@ -549,7 +563,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return false|WP_User
*/
function get_user_by_identity( $subject_identity ) {
public function get_user_by_identity( $subject_identity ) {
// Look for user by their openid-connect-generic-subject-identity value.
$user_query = new WP_User_Query(
array(
@ -602,10 +616,12 @@ class OpenID_Connect_Generic_Client_Wrapper {
// @var string $transliterated_username The username converted to ASCII from UTF-8.
$transliterated_username = iconv( 'UTF-8', 'ASCII//TRANSLIT', $desired_username );
if ( empty( $transliterated_username ) ) {
// translators: $1$s is a username from the IDP.
return new WP_Error( 'username-transliteration-failed', sprintf( __( 'Username %1$s could not be transliterated.', 'daggerhart-openid-connect-generic' ), $desired_username ), $desired_username );
}
$normalized_username = strtolower( preg_replace( '/[^a-zA-Z0-9 _.\-@]/', '', $transliterated_username ) );
if ( empty( $normalized_username ) ) {
// translators: %1$s is the ASCII version of the username from the IDP.
return new WP_Error( 'username-normalization-failed', sprintf( __( 'Username %1$s could not be normalized.', 'daggerhart-openid-connect-generic' ), $transliterated_username ), $transliterated_username );
}
@ -639,6 +655,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
}
if ( empty( $desired_nickname ) ) {
// translators: %1$s is the configured User Claim nickname key.
return new WP_Error( 'no-nickname', sprintf( __( 'No nickname found in user claim using key: %1$s.', 'daggerhart-openid-connect-generic' ), $this->settings->nickname_key ), $this->settings->nickname_key );
}
@ -723,7 +740,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return \WP_Error | \WP_User
*/
function create_new_user( $subject_identity, $user_claim ) {
public function create_new_user( $subject_identity, $user_claim ) {
$user_claim = apply_filters( 'openid-connect-generic-alter-user-claim', $user_claim );
// Default username & email to the subject identity.
@ -868,7 +885,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
*
* @return WP_Error|WP_User
*/
function update_existing_user( $uid, $subject_identity ) {
public function update_existing_user( $uid, $subject_identity ) {
// Add the OpenID Connect meta data.
update_user_meta( $uid, 'openid-connect-generic-subject-identity', strval( $subject_identity ) );

88
includes/openid-connect-generic-client.php
Unescape Escape View File

@ -111,7 +111,7 @@ class OpenID_Connect_Generic_Client {
* @param int $state_time_limit @see OpenID_Connect_Generic_Option_Settings::state_time_limit for description.
* @param OpenID_Connect_Generic_Option_Logger $logger The plugin logging object instance.
*/
function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri, $state_time_limit, $logger ) {
public function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri, $state_time_limit, $logger ) {
$this->client_id = $client_id;
$this->client_secret = $client_secret;
$this->scope = $scope;
@ -130,12 +130,24 @@ class OpenID_Connect_Generic_Client {
*
* @return string
*/
function make_authentication_url( $atts = array() ) {
public function make_authentication_url( $atts = array() ) {
$atts = shortcode_atts(
array(
'endpoint_login' => $this->endpoint_login,
'scope' => $this->scope,
'client_id' => $this->client_id,
'redirect_uri' => $this->redirect_uri,
'redirect_to' => home_url(), // Default redirect to the homepage.
),
$atts,
'openid_connect_generic_auth_url'
);
$endpoint_login = ( ! empty( $atts['endpoint_login'] ) ) ? $atts['endpoint_login'] : $this->endpoint_login;
$scope = ( ! empty( $atts['scope'] ) ) ? $atts['scope'] : $this->scope;
$client_id = ( ! empty( $atts['client_id'] ) ) ? $atts['client_id'] : $this->client_id;
$redirect_uri = ( ! empty( $atts['redirect_uri'] ) ) ? $atts['redirect_uri'] : $this->redirect_uri;
// Validate the redirect to value to prevent a redirection attack.
if ( ! empty( $atts['redirect_to'] ) ) {
$atts['redirect_to'] = wp_validate_redirect( $atts['redirect_to'], home_url() );
}
$separator = '?';
if ( stripos( $this->endpoint_login, '?' ) !== false ) {
@ -143,12 +155,12 @@ class OpenID_Connect_Generic_Client {
}
$url = sprintf(
'%1$s%2$sresponse_type=code&scope=%3$s&client_id=%4$s&state=%5$s&redirect_uri=%6$s',
$endpoint_login,
$atts['endpoint_login'],
$separator,
rawurlencode( $scope ),
rawurlencode( $client_id ),
$this->new_state(),
rawurlencode( $redirect_uri )
rawurlencode( $atts['scope'] ),
rawurlencode( $atts['client_id'] ),
$this->new_state( $atts['redirect_to'] ),
rawurlencode( $atts['redirect_uri'] )
);
$this->logger->log( apply_filters( 'openid-connect-generic-auth-url', $url ), 'make_authentication_url' );
@ -162,7 +174,7 @@ class OpenID_Connect_Generic_Client {
*
* @return array<string>|WP_Error
*/
function validate_authentication_request( $request ) {
public function validate_authentication_request( $request ) {
// Look for an existing error of some kind.
if ( isset( $request['error'] ) ) {
return new WP_Error( 'unknown-error', 'An unknown error occurred.', $request );
@ -193,7 +205,7 @@ class OpenID_Connect_Generic_Client {
*
* @return string|WP_Error
*/
function get_authentication_code( $request ) {
public function get_authentication_code( $request ) {
if ( ! isset( $request['code'] ) ) {
return new WP_Error( 'missing-authentication-code', __( 'Missing authentication code.', 'daggerhart-openid-connect-generic' ), $request );
}
@ -208,7 +220,7 @@ class OpenID_Connect_Generic_Client {
*
* @return array<mixed>|WP_Error
*/
function request_authentication_token( $code ) {
public function request_authentication_token( $code ) {
// Add Host header - required for when the openid-connect endpoint is behind a reverse-proxy.
$parsed_url = parse_url( $this->endpoint_token );
@ -247,7 +259,7 @@ class OpenID_Connect_Generic_Client {
*
* @return array|WP_Error
*/
function request_new_tokens( $refresh_token ) {
public function request_new_tokens( $refresh_token ) {
$request = array(
'body' => array(
'refresh_token' => $refresh_token,
@ -278,7 +290,7 @@ class OpenID_Connect_Generic_Client {
*
* @return array<mixed>|WP_Error|null
*/
function get_token_response( $token_result ) {
public function get_token_response( $token_result ) {
if ( ! isset( $token_result['body'] ) ) {
return new WP_Error( 'missing-token-body', __( 'Missing token body.', 'daggerhart-openid-connect-generic' ), $token_result );
}
@ -310,7 +322,7 @@ class OpenID_Connect_Generic_Client {
*
* @return array|WP_Error
*/
function request_userinfo( $access_token ) {
public function request_userinfo( $access_token ) {
// Allow modifications to the request.
$request = apply_filters( 'openid-connect-generic-alter-request', array(), 'get-userinfo' );
@ -348,12 +360,19 @@ class OpenID_Connect_Generic_Client {
/**
* Generate a new state, save it as a transient, and return the state hash.
*
* @param string $redirect_to The redirect URL to be used after IDP authentication.
*
* @return string
*/
function new_state() {
public function new_state( $redirect_to ) {
// New state w/ timestamp.
$state = md5( mt_rand() . microtime( true ) );
set_transient( 'openid-connect-generic-state--' . $state, $state, $this->state_time_limit );
$state_value = array(
$state => array(
'redirect_to' => $redirect_to,
),
);
set_transient( 'openid-connect-generic-state--' . $state, $state_value, $this->state_time_limit );
return $state;
}
@ -365,7 +384,7 @@ class OpenID_Connect_Generic_Client {
*
* @return bool
*/
function check_state( $state ) {
public function check_state( $state ) {
$state_found = true;
@ -380,7 +399,22 @@ class OpenID_Connect_Generic_Client {
do_action( 'openid-connect-generic-state-expired', $state );
}
return ! ! $valid;
return boolval( $valid );
}
/**
* Get the authorization state from the request
*
* @param array<string>|WP_Error $request The authentication request results.
*
* @return string|WP_Error
*/
public function get_authentication_state( $request ) {
if ( ! isset( $request['state'] ) ) {
return new WP_Error( 'missing-authentication-state', __( 'Missing authentication state.', 'daggerhart-openid-connect-generic' ), $request );
}
return $request['state'];
}
/**
@ -390,7 +424,7 @@ class OpenID_Connect_Generic_Client {
*
* @return bool|WP_Error
*/
function validate_token_response( $token_response ) {
public function validate_token_response( $token_response ) {
/*
* Ensure 2 specific items exist with the token response in order
* to proceed with confidence: id_token and token_type == 'Bearer'
@ -411,7 +445,7 @@ class OpenID_Connect_Generic_Client {
*
* @return array|WP_Error
*/
function get_id_token_claim( $token_response ) {
public function get_id_token_claim( $token_response ) {
// Validate there is an id_token.
if ( ! isset( $token_response['id_token'] ) ) {
return new WP_Error( 'no-identity-token', __( 'No identity token.', 'daggerhart-openid-connect-generic' ), $token_response );
@ -446,7 +480,7 @@ class OpenID_Connect_Generic_Client {
*
* @return bool|WP_Error
*/
function validate_id_token_claim( $id_token_claim ) {
public function validate_id_token_claim( $id_token_claim ) {
if ( ! is_array( $id_token_claim ) ) {
return new WP_Error( 'bad-id-token-claim', __( 'Bad ID token claim.', 'daggerhart-openid-connect-generic' ), $id_token_claim );
}
@ -466,7 +500,7 @@ class OpenID_Connect_Generic_Client {
*
* @return array|WP_Error|null
*/
function get_user_claim( $token_response ) {
public function get_user_claim( $token_response ) {
// Send a userinfo request to get user claim.
$user_claim_result = $this->request_userinfo( $token_response['access_token'] );
@ -489,7 +523,7 @@ class OpenID_Connect_Generic_Client {
*
* @return bool|WP_Error
*/
function validate_user_claim( $user_claim, $id_token_claim ) {
public function validate_user_claim( $user_claim, $id_token_claim ) {
// Validate the user claim.
if ( ! is_array( $user_claim ) ) {
return new WP_Error( 'invalid-user-claim', __( 'Invalid user claim.', 'daggerhart-openid-connect-generic' ), $user_claim );
@ -526,7 +560,7 @@ class OpenID_Connect_Generic_Client {
*
* @return mixed
*/
function get_subject_identity( $id_token_claim ) {
public function get_subject_identity( $id_token_claim ) {
return $id_token_claim['sub'];
}

114
includes/openid-connect-generic-login-form.php
Unescape Escape View File

@ -39,12 +39,9 @@ class OpenID_Connect_Generic_Login_Form {
* @param OpenID_Connect_Generic_Option_Settings $settings A plugin settings object instance.
* @param OpenID_Connect_Generic_Client_Wrapper $client_wrapper A plugin client wrapper object instance.
*/
function __construct( $settings, $client_wrapper ) {
public function __construct( $settings, $client_wrapper ) {
$this->settings = $settings;
$this->client_wrapper = $client_wrapper;
// Handle setting the redirect cookie on a formu page.
add_action( 'login_form_login', array( $this, 'handle_redirect_cookie' ) );
}
/**
@ -55,7 +52,7 @@ class OpenID_Connect_Generic_Login_Form {
*
* @return void
*/
static public function register( $settings, $client_wrapper ) {
public static function register( $settings, $client_wrapper ) {
$login_form = new self( $settings, $client_wrapper );
// Alter the login form as dictated by settings.
@ -72,16 +69,20 @@ class OpenID_Connect_Generic_Login_Form {
*
* @return void
*/
function handle_redirect_login_type_auto() {
public function handle_redirect_login_type_auto() {
if ( 'wp-login.php' == $GLOBALS['pagenow']
&& ( 'auto' == $this->settings->login_type || ! empty( $_GET['force_redirect'] ) )
// Don't send users to the IDP on logout or post password protected authentication.
&& ( ! isset( $_GET['action'] ) || ! in_array( $_GET['action'], array( 'logout', 'postpass' ) ) )
// phpcs:ignore WordPress.Security.NonceVerification.Missing -- WP Login Form doesn't have a nonce.
&& ! isset( $_POST['wp-submit'] ) ) {
if ( ! isset( $_GET['login-error'] ) ) {
$this->handle_redirect_cookie();
wp_redirect( $this->client_wrapper->get_authentication_url() );
$redirect_to = $this->get_redirect_to();
if ( empty( $redirect_to ) ) {
return;
}
wp_redirect( $this->client_wrapper->get_authentication_url( array( 'redirect_to' => $redirect_to ) ) );
exit;
} else {
add_action( 'login_footer', array( $this, 'remove_login_form' ), 99 );
@ -91,35 +92,45 @@ class OpenID_Connect_Generic_Login_Form {
}
/**
* Handle login related redirects.
* Get the client login redirect.
*
* @return void
* @return string
*/
function handle_redirect_cookie() {
public function get_redirect_to() {
global $wp;
if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' == $GLOBALS['pagenow'] && isset( $_GET['action'] ) && 'logout' === $_GET['action'] ) {
return;
return '';
}
// Record the URL of this page if set to redirect back to origin page.
if ( $this->settings->redirect_user_back ) {
$redirect_expiry = current_time( 'timestamp' ) + DAY_IN_SECONDS;
// Default redirect to the homepage.
$redirect_url = home_url();
// Default redirect to the homepage.
$redirect_url = home_url( esc_url( add_query_arg( null, null ) ) );
// If using the login form, default redirect to the admin dashboard.
if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' == $GLOBALS['pagenow'] ) {
$redirect_url = admin_url();
}
if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' == $GLOBALS['pagenow'] ) {
// If using the login form, default redirect to the admin dashboard.
$redirect_url = admin_url();
// Honor Core WordPress & other plugin redirects.
if ( isset( $_REQUEST['redirect_to'] ) ) {
$redirect_url = esc_url_raw( wp_unslash( $_REQUEST['redirect_to'] ) );
}
if ( isset( $_REQUEST['redirect_to'] ) ) {
$redirect_url = esc_url_raw( $_REQUEST['redirect_to'] );
}
}
// Record the URL of the redirect_to if set to redirect back to origin page.
if ( $this->settings->redirect_user_back ) {
$redirect_url = home_url( add_query_arg( $wp->request ) );
}
$redirect_url = apply_filters( 'openid-connect-generic-cookie-redirect-url', $redirect_url );
// This hook is being deprecated with the move away from cookies.
$redirect_url = apply_filters_deprecated(
'openid-connect-generic-cookie-redirect-url',
array( $redirect_url ),
'3.8.2',
'openid-connect-generic-client-redirect-to'
);
setcookie( $this->client_wrapper->cookie_redirect_key, $redirect_url, $redirect_expiry, COOKIEPATH, COOKIE_DOMAIN, is_ssl() );
}
// This is the new hook to use with the transients version of redirection.
return apply_filters( 'openid-connect-generic-client-redirect-to', $redirect_url );
}
/**
@ -129,11 +140,11 @@ class OpenID_Connect_Generic_Login_Form {
*
* @return string
*/
function handle_login_page( $message ) {
public function handle_login_page( $message ) {
if ( isset( $_GET['login-error'] ) ) {
$error_message = ! empty( $_GET['message'] ) ? $_GET['message'] : 'Unknown error.';
$message .= $this->make_error_output( $_GET['login-error'], $error_message );
$error_message = ! empty( $_GET['message'] ) ? sanitize_text_field( wp_unslash( $_GET['message'] ) ) : 'Unknown error.';
$message .= $this->make_error_output( sanitize_text_field( wp_unslash( $_GET['login-error'] ) ), $error_message );
}
// Login button is appended to existing messages in case of error.
@ -150,12 +161,12 @@ class OpenID_Connect_Generic_Login_Form {
*
* @return string
*/
function make_error_output( $error_code, $error_message ) {
public function make_error_output( $error_code, $error_message ) {
ob_start();
?>
<div id="login_error">
<strong><?php printf( __( 'ERROR (%1$s)', 'daggerhart-openid-connect-generic' ), $error_code ); ?>: </strong>
<div id="login_error"><?php // translators: %1$s is the error code from the IDP. ?>
<strong><?php printf( esc_html__( 'ERROR (%1$s)', 'daggerhart-openid-connect-generic' ), esc_html( $error_code ) ); ?>: </strong>
<?php print esc_html( $error_message ); ?>
</div>
<?php
@ -170,22 +181,31 @@ class OpenID_Connect_Generic_Login_Form {
*
* @return string
*/
function make_login_button( $atts = array() ) {
$button_text = __( 'Login with OpenID Connect', 'daggerhart-openid-connect-generic' );
if ( ! empty( $atts['button_text'] ) ) {
$button_text = $atts['button_text'];
}
public function make_login_button( $atts = array() ) {
$atts = shortcode_atts(
array(
'button_text' => __( 'Login with OpenID Connect', 'daggerhart-openid-connect-generic' ),
'redirect_to' => $this->get_redirect_to(),
),
$atts,
'openid_connect_generic_login_button'
);
$text = apply_filters( 'openid-connect-generic-login-button-text', $atts['button_text'] );
$text = esc_html( $text );
$text = apply_filters( 'openid-connect-generic-login-button-text', $button_text );
$href = $this->client_wrapper->get_authentication_url( $atts );
$href = esc_url_raw( $href );
$login_button = <<<HTML
<div class="openid-connect-login-button" style="margin: 1em 0; text-align: center;">
<a class="button button-large" href="{$href}">{$text}</a>
</div>
HTML;
return $login_button;
ob_start();
?>
<div class="openid-connect-login-button" style="margin: 1em 0; text-align: center;">
<a class="button button-large" href="<?php print esc_url( $href ); ?>"><?php print $text; ?></a>
</div>
<?php
return wp_kses_post( ob_get_clean() );
}
/**
@ -193,7 +213,7 @@ class OpenID_Connect_Generic_Login_Form {
*
* @return void
*/
function remove_login_form() {
public function remove_login_form() {
?>
<script type="text/javascript">
(function() {

33
includes/openid-connect-generic-option-logger.php
Unescape Escape View File

@ -62,7 +62,7 @@ class OpenID_Connect_Generic_Option_Logger {
* @param bool|TRUE $logging_enabled Whether logging is enabled.
* @param int $log_limit The log entry limit.
*/
function __construct( $option_name, $default_message_type = 'none', $logging_enabled = true, $log_limit = 1000 ) {
public function __construct( $option_name, $default_message_type = 'none', $logging_enabled = true, $log_limit = 1000 ) {
$this->option_name = $option_name;
$this->default_message_type = $default_message_type;
$this->logging_enabled = boolval( $logging_enabled );
@ -77,7 +77,7 @@ class OpenID_Connect_Generic_Option_Logger {
*
* @return void
*/
function log_filters( $filter_names, $priority = 10 ) {
public function log_filters( $filter_names, $priority = 10 ) {
if ( ! is_array( $filter_names ) ) {
$filter_names = array( $filter_names );
}
@ -95,7 +95,7 @@ class OpenID_Connect_Generic_Option_Logger {
*
* @return void
*/
function log_actions( $action_names, $priority ) {
public function log_actions( $action_names, $priority ) {
if ( ! is_array( $action_names ) ) {
$action_names = array( $action_names );
}
@ -112,7 +112,7 @@ class OpenID_Connect_Generic_Option_Logger {
*
* @return mixed
*/
function log_hook( $arg1 = null ) {
public function log_hook( $arg1 = null ) {
$this->log( func_get_args(), current_filter() );
return $arg1;
}
@ -178,12 +178,14 @@ class OpenID_Connect_Generic_Option_Logger {
}
}
$request_uri = ( ! empty( $_SERVER['REQUEST_URI'] ) ) ? esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : 'Unknown';
// Construct the message.
$message = array(
'type' => $type,
'time' => time(),
'user_ID' => get_current_user_id(),
'uri' => preg_replace( '/code=([^&]+)/i', 'code=', $_SERVER['REQUEST_URI'] ),
'uri' => preg_replace( '/code=([^&]+)/i', 'code=', $request_uri ),
'data' => $data,
);
@ -247,11 +249,6 @@ class OpenID_Connect_Generic_Option_Logger {
ob_start();
?>
<style type="text/css">
#logger-table .col-data { width: 85% }
#logger-table .col-details div { padding: 4px 0; border-bottom: 1px solid #bbb; }
#logger-table .col-details label { font-weight: bold; }
</style>
<table id="logger-table" class="wp-list-table widefat fixed striped posts">
<thead>
<th class="col-details">Details</th>
@ -262,20 +259,20 @@ class OpenID_Connect_Generic_Option_Logger {
<tr>
<td class="col-details">
<div>
<label><?php _e( 'Type', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print $log['type']; ?>
<label><?php esc_html_e( 'Type', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print esc_html( $log['type'] ); ?>
</div>
<div>
<label><?php _e( 'Date', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print gmdate( 'Y-m-d H:i:s', $log['time'] ); ?>
<label><?php esc_html_e( 'Date', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print esc_html( gmdate( 'Y-m-d H:i:s', $log['time'] ) ); ?>
</div>
<div>
<label><?php _e( 'User', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print ( get_userdata( $log['user_ID'] ) ) ? get_userdata( $log['user_ID'] )->user_login : '0'; ?>
<label><?php esc_html_e( 'User', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print esc_html( ( get_userdata( $log['user_ID'] ) ) ? get_userdata( $log['user_ID'] )->user_login : '0' ); ?>
</div>
<div>
<label><?php _e( 'URI ', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print $log['uri']; ?>
<label><?php esc_html_e( 'URI ', 'daggerhart-openid-connect-generic' ); ?>: </label>
<?php print esc_url( $log['uri'] ); ?>
</div>
</td>

16
includes/openid-connect-generic-option-settings.php
Unescape Escape View File

@ -101,7 +101,7 @@ class OpenID_Connect_Generic_Option_Settings {
* @param array<mixed> $default_settings The default plugin settings values.
* @param bool $granular_defaults The granular defaults.
*/
function __construct( $option_name, $default_settings = array(), $granular_defaults = true ) {
public function __construct( $option_name, $default_settings = array(), $granular_defaults = true ) {
$this->option_name = $option_name;
$this->default_settings = $default_settings;
$this->values = array();
@ -129,7 +129,7 @@ class OpenID_Connect_Generic_Option_Settings {
*
* @return mixed
*/
function __get( $key ) {
public function __get( $key ) {
if ( isset( $this->values[ $key ] ) ) {
return $this->values[ $key ];
}
@ -143,7 +143,7 @@ class OpenID_Connect_Generic_Option_Settings {
*
* @return void
*/
function __set( $key, $value ) {
public function __set( $key, $value ) {
$this->values[ $key ] = $value;
}
@ -154,7 +154,7 @@ class OpenID_Connect_Generic_Option_Settings {
*
* @return bool
*/
function __isset( $key ) {
public function __isset( $key ) {
return isset( $this->values[ $key ] );
}
@ -165,7 +165,7 @@ class OpenID_Connect_Generic_Option_Settings {
*
* @return void
*/
function __unset( $key ) {
public function __unset( $key ) {
unset( $this->values[ $key ] );
}
@ -174,7 +174,7 @@ class OpenID_Connect_Generic_Option_Settings {
*
* @return array
*/
function get_values() {
public function get_values() {
return $this->values;
}
@ -183,7 +183,7 @@ class OpenID_Connect_Generic_Option_Settings {
*
* @return string
*/
function get_option_name() {
public function get_option_name() {
return $this->option_name;
}
@ -192,7 +192,7 @@ class OpenID_Connect_Generic_Option_Settings {
*
* @return void
*/
function save() {
public function save() {
// For each defined environment variable/constant be sure it isn't saved to the database.
foreach ( $this->environment_settings as $key => $constant ) {

35
includes/openid-connect-generic-settings-page.php
Unescape Escape View File

@ -61,7 +61,7 @@ class OpenID_Connect_Generic_Settings_Page {
* @param OpenID_Connect_Generic_Option_Settings $settings The plugin settings object.
* @param OpenID_Connect_Generic_Option_Logger $logger The plugin logging class object.
*/
function __construct( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
public function __construct( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$this->settings = $settings;
$this->logger = $logger;
@ -87,7 +87,7 @@ class OpenID_Connect_Generic_Settings_Page {
*
* @return void
*/
static public function register( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
public static function register( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$settings_page = new self( $settings, $logger );
// Add our options page the the admin menu.
@ -281,6 +281,7 @@ class OpenID_Connect_Generic_Settings_Page {
),
'no_sslverify' => array(
'title' => __( 'Disable SSL Verify', 'daggerhart-openid-connect-generic' ),
// translators: %1$s HTML tags for layout/styles, %2$s closing HTML tag for styles.
'description' => sprintf( __( 'Do not require SSL verification during authorization. The OAuth extension uses curl to make the request. By default CURL will generally verify the SSL certificate to see if its valid an issued by an accepted CA. This setting disabled that verification.%1$sNot recommended for production sites.%2$s', 'daggerhart-openid-connect-generic' ), '<br><strong>', '</strong>' ),
'type' => 'checkbox',
'section' => 'client_settings',
@ -435,25 +436,25 @@ class OpenID_Connect_Generic_Settings_Page {
?>
</form>
<h4><?php _e( 'Notes', 'daggerhart-openid-connect-generic' ); ?></h4>
<h4><?php esc_html_e( 'Notes', 'daggerhart-openid-connect-generic' ); ?></h4>
<p class="description">
<strong><?php _e( 'Redirect URI', 'daggerhart-openid-connect-generic' ); ?></strong>
<code><?php print $redirect_uri; ?></code>
<strong><?php esc_html_e( 'Redirect URI', 'daggerhart-openid-connect-generic' ); ?></strong>
<code><?php print esc_url( $redirect_uri ); ?></code>
</p>
<p class="description">
<strong><?php _e( 'Login Button Shortcode', 'daggerhart-openid-connect-generic' ); ?></strong>
<strong><?php esc_html_e( 'Login Button Shortcode', 'daggerhart-openid-connect-generic' ); ?></strong>
<code>[openid_connect_generic_login_button]</code>
</p>
<p class="description">
<strong><?php _e( 'Authentication URL Shortcode', 'daggerhart-openid-connect-generic' ); ?></strong>
<strong><?php esc_html_e( 'Authentication URL Shortcode', 'daggerhart-openid-connect-generic' ); ?></strong>
<code>[openid_connect_generic_auth_url]</code>
</p>
<?php if ( $this->settings->enable_logging ) { ?>
<h2><?php _e( 'Logs', 'daggerhart-openid-connect-generic' ); ?></h2>
<h2><?php esc_html_e( 'Logs', 'daggerhart-openid-connect-generic' ); ?></h2>
<div id="logger-table-wrapper">
<?php print $this->logger->get_logs_table(); ?>
<?php print wp_kses_post( $this->logger->get_logs_table() ); ?>
</div>
<?php } ?>
@ -507,7 +508,7 @@ class OpenID_Connect_Generic_Settings_Page {
*
* @return void
*/
function do_select( $field ) {
public function do_select( $field ) {
$current_value = isset( $this->settings->{ $field['key'] } ) ? $this->settings->{ $field['key'] } : '';
?>
<select name="<?php print esc_attr( $field['name'] ); ?>">
@ -529,10 +530,10 @@ class OpenID_Connect_Generic_Settings_Page {
public function do_field_description( $field ) {
?>
<p class="description">
<?php print $field['description']; ?>
<?php print esc_html( $field['description'] ); ?>
<?php if ( isset( $field['example'] ) ) : ?>
<br/><strong><?php _e( 'Example', 'daggerhart-openid-connect-generic' ); ?>: </strong>
<code><?php print $field['example']; ?></code>
<br/><strong><?php esc_html_e( 'Example', 'daggerhart-openid-connect-generic' ); ?>: </strong>
<code><?php print esc_html( $field['example'] ); ?></code>
<?php endif; ?>
</p>
<?php
@ -544,7 +545,7 @@ class OpenID_Connect_Generic_Settings_Page {
* @return void
*/
public function client_settings_description() {
_e( 'Enter your OpenID Connect identity provider settings.', 'daggerhart-openid-connect-generic' );
esc_html_e( 'Enter your OpenID Connect identity provider settings.', 'daggerhart-openid-connect-generic' );
}
/**
@ -553,7 +554,7 @@ class OpenID_Connect_Generic_Settings_Page {
* @return void
*/
public function user_settings_description() {
_e( 'Modify the interaction between OpenID Connect and WordPress users.', 'daggerhart-openid-connect-generic' );
esc_html_e( 'Modify the interaction between OpenID Connect and WordPress users.', 'daggerhart-openid-connect-generic' );
}
/**
@ -562,7 +563,7 @@ class OpenID_Connect_Generic_Settings_Page {
* @return void
*/
public function authorization_settings_description() {
_e( 'Control the authorization mechanics of the site.', 'daggerhart-openid-connect-generic' );
esc_html_e( 'Control the authorization mechanics of the site.', 'daggerhart-openid-connect-generic' );
}
/**
@ -571,6 +572,6 @@ class OpenID_Connect_Generic_Settings_Page {
* @return void
*/
public function log_settings_description() {
_e( 'Log information about login attempts through OpenID Connect Generic.', 'daggerhart-openid-connect-generic' );
esc_html_e( 'Log information about login attempts through OpenID Connect Generic.', 'daggerhart-openid-connect-generic' );
}
}

166
languages/openid-connect-generic.pot
Unescape Escape View File

@ -2,10 +2,10 @@
# This file is distributed under the GPL-2.0+.
msgid ""
msgstr ""
"Project-Id-Version: OpenID Connect Generic 3.8.2\n"
"Project-Id-Version: OpenID Connect Generic 3.8.3\n"
"Report-Msgid-Bugs-To: "
"https://github.com/daggerhart/openid-connect-generic/issues\n"
"POT-Creation-Date: 2021-03-24 13:50:19+00:00\n"
"POT-Creation-Date: 2021-04-08 12:27:16+00:00\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
@ -25,139 +25,147 @@ msgstr ""
"X-Textdomain-Support: yes\n"
"X-Generator: grunt-wp-i18n 1.0.3\n"
#: includes/openid-connect-generic-client-wrapper.php:197
#: includes/openid-connect-generic-client-wrapper.php:194
msgid "Session expired. Please login again."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:433
#: includes/openid-connect-generic-client-wrapper.php:437
msgid "User identity is not linked to an existing WordPress user."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:479
#: includes/openid-connect-generic-client-wrapper.php:493
msgid "Invalid user."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:598
#: includes/openid-connect-generic-client-wrapper.php:612
msgid "No appropriate username found."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:605
#: includes/openid-connect-generic-client-wrapper.php:620
#. translators: $1$s is a username from the IDP.
msgid "Username %1$s could not be transliterated."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:609
#: includes/openid-connect-generic-client-wrapper.php:625
#. translators: %1$s is the ASCII version of the username from the IDP.
msgid "Username %1$s could not be normalized."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:642
#: includes/openid-connect-generic-client-wrapper.php:659
#. translators: %1$s is the configured User Claim nickname key.
msgid "No nickname found in user claim using key: %1$s."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:669
#: includes/openid-connect-generic-client-wrapper.php:686
msgid "User claim incomplete."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:771
#: includes/openid-connect-generic-client-wrapper.php:788
msgid "Bad user claim result."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:826
#: includes/openid-connect-generic-client-wrapper.php:843
msgid "Can not authorize."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:845
#: includes/openid-connect-generic-client-wrapper.php:862
msgid "Failed user creation."
msgstr ""
#: includes/openid-connect-generic-client.php:179
#: includes/openid-connect-generic-client.php:191
msgid "Missing state."
msgstr ""
#: includes/openid-connect-generic-client.php:183
#: includes/openid-connect-generic-client.php:195
msgid "Invalid state."
msgstr ""
#: includes/openid-connect-generic-client.php:198
#: includes/openid-connect-generic-client.php:210
msgid "Missing authentication code."
msgstr ""
#: includes/openid-connect-generic-client.php:237
#: includes/openid-connect-generic-client.php:249
msgid "Request for authentication token failed."
msgstr ""
#: includes/openid-connect-generic-client.php:268
#: includes/openid-connect-generic-client.php:280
msgid "Refresh token failed."
msgstr ""
#: includes/openid-connect-generic-client.php:283
#: includes/openid-connect-generic-client.php:295
msgid "Missing token body."
msgstr ""
#: includes/openid-connect-generic-client.php:291
#: includes/openid-connect-generic-client.php:303
msgid "Invalid token."
msgstr ""
#: includes/openid-connect-generic-client.php:342
#: includes/openid-connect-generic-client.php:354
msgid "Request for userinfo failed."
msgstr ""
#: includes/openid-connect-generic-client.php:417
#: includes/openid-connect-generic-client.php:414
msgid "Missing authentication state."
msgstr ""
#: includes/openid-connect-generic-client.php:451
msgid "No identity token."
msgstr ""
#: includes/openid-connect-generic-client.php:424
#: includes/openid-connect-generic-client.php:458
msgid "Missing identity token."
msgstr ""
#: includes/openid-connect-generic-client.php:451
#: includes/openid-connect-generic-client.php:485
msgid "Bad ID token claim."
msgstr ""
#: includes/openid-connect-generic-client.php:456
#: includes/openid-connect-generic-client.php:490
msgid "No subject identity."
msgstr ""
#: includes/openid-connect-generic-client.php:475
#: includes/openid-connect-generic-client.php:509
msgid "Bad user claim."
msgstr ""
#: includes/openid-connect-generic-client.php:495
#: includes/openid-connect-generic-client.php:529
msgid "Invalid user claim."
msgstr ""
#: includes/openid-connect-generic-client.php:500
#: includes/openid-connect-generic-client.php:534
msgid "Error from the IDP."
msgstr ""
#: includes/openid-connect-generic-client.php:509
#: includes/openid-connect-generic-client.php:543
msgid "Incorrect user claim."
msgstr ""
#: includes/openid-connect-generic-client.php:516
#: includes/openid-connect-generic-client.php:550
msgid "Unauthorized access."
msgstr ""
#: includes/openid-connect-generic-login-form.php:158
#: includes/openid-connect-generic-login-form.php:169
#. translators: %1$s is the error code from the IDP.
msgid "ERROR (%1$s)"
msgstr ""
#: includes/openid-connect-generic-login-form.php:174
#: includes/openid-connect-generic-login-form.php:188
msgid "Login with OpenID Connect"
msgstr ""
#: includes/openid-connect-generic-option-logger.php:265
#: includes/openid-connect-generic-option-logger.php:262
msgid "Type"
msgstr ""
#: includes/openid-connect-generic-option-logger.php:269
#: includes/openid-connect-generic-option-logger.php:266
msgid "Date"
msgstr ""
#: includes/openid-connect-generic-option-logger.php:273
#: includes/openid-connect-generic-option-logger.php:270
msgid "User"
msgstr ""
#: includes/openid-connect-generic-option-logger.php:277
#: includes/openid-connect-generic-option-logger.php:274
msgid "URI "
msgstr ""
@ -276,7 +284,9 @@ msgstr ""
msgid "Disable SSL Verify"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:284
#: includes/openid-connect-generic-settings-page.php:285
#. translators: %1$s HTML tags for layout/styles, %2$s closing HTML tag for
#. styles.
msgid ""
"Do not require SSL verification during authorization. The OAuth extension "
"uses curl to make the request. By default CURL will generally verify the "
@ -285,27 +295,27 @@ msgid ""
"sites.%2$s"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:289
#: includes/openid-connect-generic-settings-page.php:290
msgid "HTTP Request Timeout"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:290
#: includes/openid-connect-generic-settings-page.php:291
msgid "Set the timeout for requests made to the IDP. Default value is 5."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:296
#: includes/openid-connect-generic-settings-page.php:297
msgid "Enforce Privacy"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:297
#: includes/openid-connect-generic-settings-page.php:298
msgid "Require users be logged in to see the site."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:302
#: includes/openid-connect-generic-settings-page.php:303
msgid "Alternate Redirect URI"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:303
#: includes/openid-connect-generic-settings-page.php:304
msgid ""
"Provide an alternative redirect route. Useful if your server is causing "
"issues with the default admin-ajax method. You must flush rewrite rules "
@ -313,78 +323,78 @@ msgid ""
"settings page."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:308
#: includes/openid-connect-generic-settings-page.php:309
msgid "Nickname Key"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:309
#: includes/openid-connect-generic-settings-page.php:310
msgid ""
"Where in the user claim array to find the user's nickname. Possible "
"standard values: preferred_username, name, or sub."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:315
#: includes/openid-connect-generic-settings-page.php:316
msgid "Email Formatting"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:316
#: includes/openid-connect-generic-settings-page.php:317
msgid ""
"String from which the user's email address is built. Specify \"{email}\" as "
"long as the user claim contains an email claim."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:322
#: includes/openid-connect-generic-settings-page.php:323
msgid "Display Name Formatting"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:323
#: includes/openid-connect-generic-settings-page.php:324
msgid "String from which the user's display name is built."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:329
#: includes/openid-connect-generic-settings-page.php:330
msgid "Identify with User Name"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:330
#: includes/openid-connect-generic-settings-page.php:331
msgid ""
"If checked, the user's identity will be determined by the user name instead "
"of the email address."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:335
#: includes/openid-connect-generic-settings-page.php:336
msgid "State time limit"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:336
#: includes/openid-connect-generic-settings-page.php:337
msgid "State valid time in seconds. Defaults to 180"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:341
#: includes/openid-connect-generic-settings-page.php:342
msgid "Enable Refresh Token"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:342
#: includes/openid-connect-generic-settings-page.php:343
msgid ""
"If checked, support refresh tokens used to obtain access tokens from "
"supported IDPs."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:347
#: includes/openid-connect-generic-settings-page.php:348
msgid "Link Existing Users"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:348
#: includes/openid-connect-generic-settings-page.php:349
msgid ""
"If a WordPress account already exists with the same identity as a "
"newly-authenticated user over OpenID Connect, login as that user instead of "
"generating an error."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:353
#: includes/openid-connect-generic-settings-page.php:354
msgid "Create user if does not exist"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:354
#: includes/openid-connect-generic-settings-page.php:355
msgid ""
"If the user identity is not link to an existing Wordpress user, it is "
"created. If this setting is not enabled and if the user authenticates with "
@ -392,11 +402,11 @@ msgid ""
"authentication failed"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:359
#: includes/openid-connect-generic-settings-page.php:360
msgid "Redirect Back to Origin Page"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:360
#: includes/openid-connect-generic-settings-page.php:361
msgid ""
"After a successful OpenID Connect authentication, this will redirect the "
"user back to the page on which they clicked the OpenID Connect login "
@ -407,75 +417,75 @@ msgid ""
"account page."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:365
#: includes/openid-connect-generic-settings-page.php:366
msgid "Redirect to the login screen when session is expired"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:366
#: includes/openid-connect-generic-settings-page.php:367
msgid ""
"When enabled, this will automatically redirect the user back to the "
"WordPress login page if their access token has expired."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:371
#: includes/openid-connect-generic-settings-page.php:372
msgid "Enable Logging"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:372
#: includes/openid-connect-generic-settings-page.php:373
msgid "Very simple log messages for debugging purposes."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:377
#: includes/openid-connect-generic-settings-page.php:378
msgid "Log Limit"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:378
#: includes/openid-connect-generic-settings-page.php:379
msgid ""
"Number of items to keep in the log. These logs are stored as an option in "
"the database, so space is limited."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:438
#: includes/openid-connect-generic-settings-page.php:439
msgid "Notes"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:441
#: includes/openid-connect-generic-settings-page.php:442
msgid "Redirect URI"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:445
#: includes/openid-connect-generic-settings-page.php:446
msgid "Login Button Shortcode"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:449
#: includes/openid-connect-generic-settings-page.php:450
msgid "Authentication URL Shortcode"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:454
#: includes/openid-connect-generic-settings-page.php:455
msgid "Logs"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:534
#: includes/openid-connect-generic-settings-page.php:535
msgid "Example"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:547
#: includes/openid-connect-generic-settings-page.php:548
msgid "Enter your OpenID Connect identity provider settings."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:556
#: includes/openid-connect-generic-settings-page.php:557
msgid "Modify the interaction between OpenID Connect and WordPress users."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:565
#: includes/openid-connect-generic-settings-page.php:566
msgid "Control the authorization mechanics of the site."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:574
#: includes/openid-connect-generic-settings-page.php:575
msgid "Log information about login attempts through OpenID Connect Generic."
msgstr ""
#: openid-connect-generic.php:200
#: openid-connect-generic.php:202
msgid "Private site"
msgstr ""

28
openid-connect-generic.php
Unescape Escape View File

@ -16,7 +16,7 @@
* Plugin Name: OpenID Connect Generic
* Plugin URI: https://github.com/daggerhart/openid-connect-generic
* Description: Connect to an OpenID Connect generic client using Authorization Code Flow.
* Version: 3.8.2
* Version: 3.8.3
* Author: daggerhart
* Author URI: http://www.daggerhart.com
* Text Domain: daggerhart-openid-connect-generic
@ -80,7 +80,7 @@ class OpenID_Connect_Generic {
*
* @var
*/
const VERSION = '3.8.2';
const VERSION = '3.8.3';
/**
* Plugin settings.
@ -118,7 +118,7 @@ class OpenID_Connect_Generic {
*
* @return void
*/
function __construct( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
public function __construct( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
$this->settings = $settings;
$this->logger = $logger;
}
@ -128,7 +128,9 @@ class OpenID_Connect_Generic {
*
* @return void
*/
function init() {
public function init() {
wp_enqueue_style( 'daggerhart-openid-connect-generic-admin', plugin_dir_url( __FILE__ ) . 'css/styles-admin.css', array(), self::VERSION, 'all' );
$redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
@ -179,7 +181,7 @@ class OpenID_Connect_Generic {
*
* @return void
*/
function enforce_privacy_redirect() {
public function enforce_privacy_redirect() {
if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
// The client endpoint relies on the wp admind ajax endpoint.
if ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX || ! isset( $_GET['action'] ) || 'openid-connect-authorize' != $_GET['action'] ) {
@ -195,7 +197,7 @@ class OpenID_Connect_Generic {
*
* @return mixed
*/
function enforce_privacy_feeds( $content ) {
public function enforce_privacy_feeds( $content ) {
if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
$content = __( 'Private site', 'daggerhart-openid-connect-generic' );
}
@ -207,7 +209,7 @@ class OpenID_Connect_Generic {
*
* @return void
*/
function upgrade() {
public function upgrade() {
$last_version = get_option( 'openid-connect-generic-plugin-version', 0 );
$settings = $this->settings;
@ -236,7 +238,7 @@ class OpenID_Connect_Generic {
*
* @return void
*/
function cron_states_garbage_collection() {
public function cron_states_garbage_collection() {
global $wpdb;
$states = $wpdb->get_col( "SELECT `option_name` FROM {$wpdb->options} WHERE `option_name` LIKE '_transient_openid-connect-generic-state--%'" );
@ -253,7 +255,7 @@ class OpenID_Connect_Generic {
*
* @return void
*/
static public function setup_cron_jobs() {
public static function setup_cron_jobs() {
if ( ! wp_next_scheduled( 'openid-connect-generic-cron-daily' ) ) {
wp_schedule_event( time(), 'daily', 'openid-connect-generic-cron-daily' );
}
@ -264,7 +266,7 @@ class OpenID_Connect_Generic {
*
* @return void
*/
static public function activation() {
public static function activation() {
self::setup_cron_jobs();
}
@ -273,7 +275,7 @@ class OpenID_Connect_Generic {
*
* @return void
*/
static public function deactivation() {
public static function deactivation() {
wp_clear_scheduled_hook( 'openid-connect-generic-cron-daily' );
}
@ -284,7 +286,7 @@ class OpenID_Connect_Generic {
*
* @return void
*/
static public function autoload( $class ) {
public static function autoload( $class ) {
$prefix = 'OpenID_Connect_Generic_';
if ( stripos( $class, $prefix ) !== 0 ) {
@ -312,7 +314,7 @@ class OpenID_Connect_Generic {
*
* @return void
*/
static public function bootstrap() {
public static function bootstrap() {
/**
* This is a documented valid call for spl_autoload_register.
*

5519
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

11
package.json
Unescape Escape View File

@ -1,6 +1,6 @@
{
"name": "openid-connect-generic",
"version": "3.8.2",
"version": "3.8.3",
"description": "OpenID Connect generic WordPress plugin.",
"main": "Gruntfile.js",
"repository": {
@ -27,13 +27,13 @@
"devDependencies": {
"@floatwork/grunt-po2mo": "^0.3.0",
"@ndigitals/grunt-checkrepo": "^0.2.0",
"@wordpress/env": "^1.6.0",
"@wordpress/scripts": "12.2.1",
"@wordpress/env": "~2.0.0",
"@wordpress/scripts": "12.6.1",
"check-node-version": "~4.1.0",
"grunt": "1.3.0",
"grunt-checkbranch": "^1.0.4",
"grunt-checktextdomain": "^1.0.1",
"grunt-cli": "^1.3.2",
"grunt-cli": "1.4.1",
"grunt-contrib-clean": "^2.0.0",
"grunt-contrib-copy": "^1.0.0",
"grunt-gitinfo": "^0.1.9",
@ -43,7 +43,7 @@
"grunt-wp-readme-to-markdown": "^2.0.0",
"load-grunt-tasks": "^3.5",
"node": "^12.21.0",
"npm": "^6.14.11",
"npm": "6.14.12",
"puppeteer": "^1.20.0",
"typescript": "~3.9.9"
},
@ -70,6 +70,7 @@
"check:licenses": "wp-scripts check-licenses",
"wp-env": "wp-env",
"wp": "wp-env run cli wp",
"wp:tests": "wp-env run tests-cli wp",
"test": "npm run grunt test",
"i18n:check": "npm run grunt checktextdomain",
"i18n:make": "npm run grunt i18n",

104
phpcs.xml.dist
Unescape Escape View File

@ -1,32 +1,118 @@
<?xml version="1.0"?>
<ruleset name="WordPress Coding Standards for Plugins">
<!-- See https://github.com/squizlabs/PHP_CodeSniffer/wiki/Annotated-ruleset.xml -->
<!-- See https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards -->
<!-- See https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki -->
<!-- Set a description for this ruleset. -->
<description>Generally-applicable sniffs for WordPress plugins</description>
<rule ref="WordPress-Core">
<exclude name="WordPress.Files.FileName.NotHyphenatedLowercase" />
<exclude name="WordPress.Files.FileName.InvalidClassFileName" />
</rule>
<rule ref="WordPress-Docs" />
<!--
#############################################################################
COMMAND LINE ARGUMENTS
https://github.com/squizlabs/PHP_CodeSniffer/wiki/Annotated-ruleset.xml
#############################################################################
-->
<!-- Pass some flags to PHPCS:
p flag: Show progress of the run.
s flag: Show sniff codes in all reports.
v flag: Print verbose output.
n flag: Do not print warnings.
-->
<!-- Check up to 8 files simultanously. -->
<arg name="parallel" value="8"/>
<!-- Check all PHP files in directory tree by default. -->
<arg name="basepath" value="." />
<!-- Check all PHP files in directory tree by default. -->
<arg name="extensions" value="php" />
<arg name="report" value="summary" />
<!-- Show colors. -->
<arg name="colors" />
<!-- Show progress. -->
<arg value="p" />
<!-- Show sniff codes in all reports -->
<arg value="s"/>
<arg value="n" />
<!-- Check all files in this directory and the directories below it. -->
<file>.</file>
<!-- Show sniff codes in all reports -->
<arg value="s"/>
<exclude-pattern>*/dist/*</exclude-pattern>
<exclude-pattern>*/node_modules/*</exclude-pattern>
<exclude-pattern>*/tests/*</exclude-pattern>
<exclude-pattern>*/tools/*</exclude-pattern>
<exclude-pattern>*/vendor/*</exclude-pattern>
<exclude-pattern>*/wordpress/*</exclude-pattern>
<!--
#############################################################################
USE THE WordPress-Coding-Standards RULESET
#############################################################################
-->
<rule ref="WordPress"/>
<rule ref="WordPress-Core" />
<rule ref="WordPress-Docs" />
<rule ref="WordPress-Extra" />
<!--
#############################################################################
SNIFF SPECIFIC CONFIGURATION
#############################################################################
-->
<!-- Set the minimum supported WP version. This is used by several sniffs.
The minimum version set here should be in line with the minimum WP version
as set in the "Requires at least" tag in the readme.txt file. -->
<config name="minimum_supported_wp_version" value="5.0"/>
<!-- Verify that the text_domain is set to the desired text-domain.
Multiple valid text domains can be provided as a comma-delimited list. -->
<rule ref="WordPress.WP.I18n">
<properties>
<property name="text_domain" type="array" value="daggerhart-openid-connect-generic"/>
</properties>
</rule>
<!-- Allow for plugin specific exceptions to the file name rules based
on the plugin hierarchy and ensure PSR-4 autoloading compatibility. -->
<rule ref="WordPress.Files.FileName">
<properties>
<property name="strict_class_file_names" value="false" />
<property name="is_plugin" value="true"/>
</properties>
<exclude name="WordPress.Files.FileName.NotHyphenatedLowercase" />
<exclude name="WordPress.Files.FileName.InvalidClassFileName" />
</rule>
<rule ref="WordPress.Arrays.MultipleStatementAlignment">
<properties>
<!-- No need to adjust alignment of large arrays when the item with the largest key is removed. -->
<property name="exact" value="false"/>
<!-- Don't align multi-line items if ALL items in the array are multi-line. -->
<property name="alignMultilineItems" value="!=100"/>
<!-- Array assignment operator should always be on the same line as the array key. -->
<property name="ignoreNewlines" value="false"/>
</properties>
</rule>
<!-- Exclude test from Commenting Rules. -->
<rule ref="Squiz.Commenting">
<exclude-pattern>tests/</exclude-pattern>
<exclude name="Squiz.Commenting.LongConditionClosingComment" />
<exclude name="Squiz.Commenting.PostStatementComment" />
<exclude name="Squiz.Commenting.FunctionComment.MissingParamComment" />
<exclude-pattern>tests/*</exclude-pattern>
</rule>
<!--
#############################################################################
USE THE PHPCompatibility RULESET
#############################################################################
-->
<config name="testVersion" value="7.3-"/>
<rule ref="PHPCompatibilityWP" />
</ruleset>

2
phpstan.neon.dist
Unescape Escape View File

@ -49,3 +49,5 @@ parameters:
# WP-CLI accepts a class as callable
# - '/^Parameter #2 \$callable of static method WP_CLI::add_command\(\) expects callable\(\): mixed, \S+ given\.$/'
# Please consider commenting ignores: issue URL or reason for ignoring
# Ignore cookie_redirect_key deprecation errors.
- '/.*Access to deprecated property \$cookie_redirect_key.*/'

8
readme.txt
Unescape Escape View File

@ -4,7 +4,7 @@ Donate link: http://www.daggerhart.com/
Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso
Requires at least: 4.9
Tested up to: 5.6
Stable tag: 3.8.2
Stable tag: 3.8.3
Requires PHP: 7.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
@ -51,6 +51,12 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
== Changelog ==
= 3.8.3 =
* Fix: @timnolte - Fixed problems with proper redirect handling.
* Improvement: @timnolte - Changes redirect handling to use State instead of cookies.
* Improvement: @timnolte - Refactored additional code to meet coding standards.
= 3.8.2 =
* Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.

133
tools/local-env/phpunit-wp-config.php
Unescape Escape View File

@ -0,0 +1,133 @@
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* This has been slightly modified (to read environment variables) for use in Docker.
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/
// IMPORTANT: this file needs to stay in-sync with https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
// (it gets parsed by the upstream wizard in https://github.com/WordPress/WordPress/blob/f27cb65e1ef25d11b535695a660e7282b98eb742/wp-admin/setup-config.php#L356-L392)
// a helper function to lookup "env_FILE", "env", then fallback
function getenv_docker($env, $default) {
if ($fileEnv = getenv($env . '_FILE')) {
return rtrim(file_get_contents($fileEnv), "\r\n");
}
else if (($val = getenv($env)) !== false) {
return $val;
}
else {
return $default;
}
}
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', getenv_docker('WORDPRESS_DB_NAME', 'wordpress') );
/** MySQL database username */
define( 'DB_USER', getenv_docker('WORDPRESS_DB_USER', 'root') );
/** MySQL database password */
define( 'DB_PASSWORD', getenv_docker('WORDPRESS_DB_PASSWORD', '') );
/**
* Docker image fallback values above are sourced from the official WordPress installation wizard:
* https://github.com/WordPress/WordPress/blob/f9cc35ebad82753e9c86de322ea5c76a9001c7e2/wp-admin/setup-config.php#L216-L230
* (However, using "example username" and "example password" in your database is strongly discouraged. Please use strong, random credentials!)
*/
/** MySQL hostname */
define( 'DB_HOST', getenv_docker('WORDPRESS_DB_HOST', 'mysql') );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', getenv_docker('WORDPRESS_DB_CHARSET', 'utf8') );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', getenv_docker('WORDPRESS_DB_COLLATE', '') );
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', getenv_docker('WORDPRESS_AUTH_KEY', '96f6bcee44eacbd3e9a5c3c78f52d615bbe550f1') );
define( 'SECURE_AUTH_KEY', getenv_docker('WORDPRESS_SECURE_AUTH_KEY', 'cd0555ee6a32c91e064a499ebb3fd5ceea62e2a3') );
define( 'LOGGED_IN_KEY', getenv_docker('WORDPRESS_LOGGED_IN_KEY', '34b7c03618d67a8d626cd5c78508adfe542e6349') );
define( 'NONCE_KEY', getenv_docker('WORDPRESS_NONCE_KEY', '848d7098eb38eca67857d6e0ee5b3fba5962c7c1') );
define( 'AUTH_SALT', getenv_docker('WORDPRESS_AUTH_SALT', '881a5f5689e7c265b8dd8c6ae4fdff54888e06fa') );
define( 'SECURE_AUTH_SALT', getenv_docker('WORDPRESS_SECURE_AUTH_SALT', '2275b260e683602a91c8d19f6a05a6362bd5a91f') );
define( 'LOGGED_IN_SALT', getenv_docker('WORDPRESS_LOGGED_IN_SALT', '7cf0086a484ed4eabd1ce1b09a6a59a11297c61f') );
define( 'NONCE_SALT', getenv_docker('WORDPRESS_NONCE_SALT', '2fc8e8507b204f6e69e2c750a5ceaed9f5951736') );
// (See also https://wordpress.stackexchange.com/a/152905/199287)
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = getenv_docker('WORDPRESS_TABLE_PREFIX', 'wp_');
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/
define( 'WP_DEBUG', true );
// If we're behind a proxy server and using HTTPS, we need to alert WordPress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
// (we include this by default because reverse proxying is extremely common in container environments)
if ($configExtra = getenv_docker('WORDPRESS_CONFIG_EXTRA', '')) {
eval($configExtra);
}
define( 'PHP_INI_MEMORY_LIMIT', '512M' );
define( 'WP_MEMORY_LIMIT', '512M' );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', true );
define( 'SCRIPT_DEBUG', true );
define( 'SMTP_HOST', 'mailhog' );
define( 'SMTP_PORT', 1025 );
define( 'WP_TESTS_DOMAIN', 'localhost:8889' );
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */

140
tools/local-env/wp-config.dev.php
Unescape Escape View File

@ -0,0 +1,140 @@
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* This has been slightly modified (to read environment variables) for use in Docker.
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/
// IMPORTANT: this file needs to stay in-sync with https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
// (it gets parsed by the upstream wizard in https://github.com/WordPress/WordPress/blob/f27cb65e1ef25d11b535695a660e7282b98eb742/wp-admin/setup-config.php#L356-L392)
// a helper function to lookup "env_FILE", "env", then fallback
function getenv_docker($env, $default) {
if ($fileEnv = getenv($env . '_FILE')) {
return rtrim(file_get_contents($fileEnv), "\r\n");
}
else if (($val = getenv($env)) !== false) {
return $val;
}
else {
return $default;
}
}
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', getenv_docker('WORDPRESS_DB_NAME', 'wordpress') );
/** MySQL database username */
define( 'DB_USER', getenv_docker('WORDPRESS_DB_USER', 'root') );
/** MySQL database password */
define( 'DB_PASSWORD', getenv_docker('WORDPRESS_DB_PASSWORD', '') );
/**
* Docker image fallback values above are sourced from the official WordPress installation wizard:
* https://github.com/WordPress/WordPress/blob/f9cc35ebad82753e9c86de322ea5c76a9001c7e2/wp-admin/setup-config.php#L216-L230
* (However, using "example username" and "example password" in your database is strongly discouraged. Please use strong, random credentials!)
*/
/** MySQL hostname */
define( 'DB_HOST', getenv_docker('WORDPRESS_DB_HOST', 'mysql') );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', getenv_docker('WORDPRESS_DB_CHARSET', 'utf8') );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', getenv_docker('WORDPRESS_DB_COLLATE', '') );
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', getenv_docker('WORDPRESS_AUTH_KEY', '96f6bcee44eacbd3e9a5c3c78f52d615bbe550f1') );
define( 'SECURE_AUTH_KEY', getenv_docker('WORDPRESS_SECURE_AUTH_KEY', 'cd0555ee6a32c91e064a499ebb3fd5ceea62e2a3') );
define( 'LOGGED_IN_KEY', getenv_docker('WORDPRESS_LOGGED_IN_KEY', '34b7c03618d67a8d626cd5c78508adfe542e6349') );
define( 'NONCE_KEY', getenv_docker('WORDPRESS_NONCE_KEY', '848d7098eb38eca67857d6e0ee5b3fba5962c7c1') );
define( 'AUTH_SALT', getenv_docker('WORDPRESS_AUTH_SALT', '881a5f5689e7c265b8dd8c6ae4fdff54888e06fa') );
define( 'SECURE_AUTH_SALT', getenv_docker('WORDPRESS_SECURE_AUTH_SALT', '2275b260e683602a91c8d19f6a05a6362bd5a91f') );
define( 'LOGGED_IN_SALT', getenv_docker('WORDPRESS_LOGGED_IN_SALT', '7cf0086a484ed4eabd1ce1b09a6a59a11297c61f') );
define( 'NONCE_SALT', getenv_docker('WORDPRESS_NONCE_SALT', '2fc8e8507b204f6e69e2c750a5ceaed9f5951736') );
// (See also https://wordpress.stackexchange.com/a/152905/199287)
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = getenv_docker('WORDPRESS_TABLE_PREFIX', 'wp_');
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/
define( 'WP_PHP_BINARY', 'php' );
define( 'WP_TESTS_EMAIL', 'admin@example.org' );
define( 'WP_TESTS_TITLE', 'Test Blog' );
define( 'WP_SITEURL', 'http://localhost:8888/' );
define( 'WP_HOME', 'http://localhost:8888/' );
define( 'WP_DEBUG', true );
// If we're behind a proxy server and using HTTPS, we need to alert WordPress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
// (we include this by default because reverse proxying is extremely common in container environments)
if ($configExtra = getenv_docker('WORDPRESS_CONFIG_EXTRA', '')) {
eval($configExtra);
}
define( 'WP_LOCAL_DEV', true );
define( 'PHP_INI_MEMORY_LIMIT', '512M' );
define( 'WP_MEMORY_LIMIT', '512M' );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', false );
define( 'SCRIPT_DEBUG', true );
define( 'SMTP_HOST', 'mailhog' );
define( 'SMTP_PORT', 1025 );
define( 'WP_TESTS_DOMAIN', 'http://localhost:8888/' );
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

247
tools/local-env/wp-config.tests.php
Unescape Escape View File

@ -0,0 +1,247 @@
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* This has been slightly modified (to read environment variables) for use in Docker.
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/
// IMPORTANT: this file needs to stay in-sync with https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
// (it gets parsed by the upstream wizard in https://github.com/WordPress/WordPress/blob/f27cb65e1ef25d11b535695a660e7282b98eb742/wp-admin/setup-config.php#L356-L392)
// a helper function to lookup "env_FILE", "env", then fallback
function getenv_docker($env, $default) {
if ($fileEnv = getenv($env . '_FILE')) {
return rtrim(file_get_contents($fileEnv), "\r\n");
}
else if (($val = getenv($env)) !== false) {
return $val;
}
else {
return $default;
}
}
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', getenv_docker('WORDPRESS_DB_NAME', 'tests-wordpress') );
/** MySQL database username */
define( 'DB_USER', getenv_docker('WORDPRESS_DB_USER', 'root') );
/** MySQL database password */
define( 'DB_PASSWORD', getenv_docker('WORDPRESS_DB_PASSWORD', '') );
/**
* Docker image fallback values above are sourced from the official WordPress installation wizard:
* https://github.com/WordPress/WordPress/blob/f9cc35ebad82753e9c86de322ea5c76a9001c7e2/wp-admin/setup-config.php#L216-L230
* (However, using "example username" and "example password" in your database is strongly discouraged. Please use strong, random credentials!)
*/
/** MySQL hostname */
define( 'DB_HOST', getenv_docker('WORDPRESS_DB_HOST', 'mysql') );
/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', getenv_docker('WORDPRESS_DB_CHARSET', 'utf8') );
/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', getenv_docker('WORDPRESS_DB_COLLATE', '') );
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', getenv_docker('WORDPRESS_AUTH_KEY', '755ef358c5a27ed0dc746d9787d4921218514caf') );
define( 'SECURE_AUTH_KEY', getenv_docker('WORDPRESS_SECURE_AUTH_KEY', '2ab5c46490b1f076010c19e6d2f13e5af9357ee9') );
define( 'LOGGED_IN_KEY', getenv_docker('WORDPRESS_LOGGED_IN_KEY', 'f7701c9a21f9f13dde7f0098325050c3a5cb8265') );
define( 'NONCE_KEY', getenv_docker('WORDPRESS_NONCE_KEY', 'f6b4c843e5d2c4b8d9d9c68d0509d6da03b79986') );
define( 'AUTH_SALT', getenv_docker('WORDPRESS_AUTH_SALT', '93b47cee7f7afb7d6a91ec224e705b0eac0fc9f0') );
define( 'SECURE_AUTH_SALT', getenv_docker('WORDPRESS_SECURE_AUTH_SALT', '59c8f022ed0da0fe3cb9e33090f11d4d141d6031') );
define( 'LOGGED_IN_SALT', getenv_docker('WORDPRESS_LOGGED_IN_SALT', 'c30efb00b0252d2fd709d212792a27bc6a279f73') );
define( 'NONCE_SALT', getenv_docker('WORDPRESS_NONCE_SALT', '4e56339167a14453a3b4044f9eaa3735a1a368f0') );
// (See also https://wordpress.stackexchange.com/a/152905/199287)
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = getenv_docker('WORDPRESS_TABLE_PREFIX', 'wp_');
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/
define( 'WP_PHP_BINARY', 'php' );
define( 'WP_TESTS_EMAIL', 'admin@example.org' );
define( 'WP_TESTS_TITLE', 'Test Blog' );
define( 'WP_SITEURL', 'http://localhost:8889/' );
define( 'WP_HOME', 'http://localhost:8889/' );
define( 'WP_DEBUG', true );
// If we're behind a proxy server and using HTTPS, we need to alert WordPress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
// (we include this by default because reverse proxying is extremely common in container environments)
if ($configExtra = getenv_docker('WORDPRESS_CONFIG_EXTRA', '')) {
eval($configExtra);
}
define( 'PHP_INI_MEMORY_LIMIT', '512M' );
define( 'WP_MEMORY_LIMIT', '512M' );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', true );
define( 'SCRIPT_DEBUG', true );
define( 'SMTP_HOST', 'mailhog' );
define( 'SMTP_PORT', 1025 );
define( 'WP_TESTS_DOMAIN', 'http://localhost:8889/' );
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
Write Preview
Loading…
Cancel
Save