/** * launchkey_form - login form for wp-login.php * * @since 1.1.0 * * @param string $class A space separated list of classes to set on the "class" attribute of a containing DIV for the login button * @param string $id The value to set on the "id" attribute of a containing DIV for the login button * @param string $style A string of HTML style code tto set on the "style" attribute of a containing DIV for the login button */ public function launchkey_form($class = '', $id = '', $style = '') { if (isset($_GET['launchkey_error'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'The LaunchKey request was denied or an issue was detected during authentication. Please try again.'))); } elseif (isset($_GET['launchkey_ssl_error'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was an error trying to request the LaunchKey servers. If this persists you may need to disable SSL verification.'))); } elseif (isset($_GET['launchkey_security'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was a security issue detected and you have been logged out for your safety. Log back in to ensure a secure session.'))); } $container = SAML2_Utils::getContainer(); $request = new SAML2_AuthnRequest(); $request->setId($container->generateId()); $request->setDestination($this->login_url); $request->setIssuer($this->entity_id); $request->setRelayState($this->wp_facade->admin_url()); $request->setAssertionConsumerServiceURL($this->wp_facade->wp_login_url()); $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST); $request->setIsPassive(false); $request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true)); // Send it off using the HTTP-Redirect binding $binding = new SAML2_HTTPRedirect(); $binding->setDestination($this->login_url); $options = $this->is_multi_site ? $this->wp_facade->get_site_option(LaunchKey_WP_Admin::OPTION_KEY) : $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY); $this->wp_facade->_echo($this->template->render_template('launchkey-form', array('class' => $class, 'id' => $id, 'style' => $style, 'login_url' => $binding->getRedirectURL($request), 'login_text' => 'Log in with', 'login_with_app_name' => $options[LaunchKey_WP_Options::OPTION_APP_DISPLAY_NAME], 'size' => in_array($this->wp_facade->get_locale(), array('fr_FR', 'es_ES')) ? 'small' : 'medium'))); }
/** * handler for LaunchKey authentication * @since 1.0.0 */ public function launchkey_callback() { // Get an SDK auth client $auth = $this->launchkey_client->auth(); try { // We are going to modify the query parameters, so copy the global $_GET $query = $_GET; // If deorbit is present, strip slashes as they being added by WordPress to "sanitize" request data if (isset($query['deorbit'])) { $query['deorbit'] = stripslashes($query['deorbit']); } // Have the SDK client handle the callback $response = $auth->handleCallback($query); if ($response instanceof \LaunchKey\SDK\Domain\AuthResponse) { // If this is an auth response // Find the user by the auth_request provided in the response $users = $this->wp_facade->get_users(array('meta_key' => 'launchkey_auth', 'meta_value' => $response->getAuthRequestId())); if (count($users) > 1) { throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError('Too many users found for user hash ' . $response->getUserHash()); } elseif (count($users) < 1) { throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError('No user found for user hash ' . $response->getUserHash()); } $user = array_pop($users); // Update the auth value and the user hash in the user metadata based on response data $this->wp_facade->update_user_meta($user->ID, "launchkey_authorized", $response->isAuthorized() ? 'true' : 'false'); $this->wp_facade->update_user_meta($user->ID, "launchkey_user", $response->getUserHash()); // If this is a native implementation and we have a valid User Push ID in the response, replace the username with that to prevent exposure of the username $options = $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY); $user_push_id = $response->getUserPushId(); if ($user_push_id && LaunchKey_WP_Implementation_Type::NATIVE === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE]) { $this->wp_facade->update_user_meta($user->ID, "launchkey_username", $user_push_id); } } elseif ($response instanceof \LaunchKey\SDK\Domain\DeOrbitCallback) { // If it's a de-orbit request // Find the user by the provided user hash $users = $this->wp_facade->get_users(array('meta_key' => 'launchkey_user', 'meta_value' => $response->getUserHash())); if (count($users) !== 1) { throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError('Too many users found for user hash ' . $response->getUserHash()); } $user = array_pop($users); // Set authorized to false in the user metadata $this->wp_facade->update_user_meta($user->ID, "launchkey_authorized", 'false'); $auth->deOrbit($user->launchkey_auth); } } catch (\Exception $e) { if ($e instanceof \LaunchKey\SDK\Service\Exception\InvalidRequestError || $e instanceof \LaunchKey\SDK\Service\Exception\UnknownCallbackActionError) { $this->wp_facade->wp_die('Invalid Request', 400); } else { // Otherwise, return 500 if ($this->wp_facade->is_debug_log()) { $this->wp_facade->error_log('Callback Exception: ' . $e->getMessage()); } $this->wp_facade->wp_die('Server Error', 500); } } }
/** * Exchange a valid OAuth response code for a token object * * @param $response_code * * @return array|WP_Error */ private function get_token_for_code($response_code) { $options = $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY); //prepare request data for access token $data = array(); $data['client_id'] = $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY]; $data['client_secret'] = $options[LaunchKey_WP_Options::OPTION_SECRET_KEY]; $data['redirect_uri'] = $this->wp_facade->admin_url(); $data['code'] = $response_code; $data['grant_type'] = "authorization_code"; //make oauth call $params = http_build_query($data); // Attempt to get an access token from the resposne code $oauth_get = $this->wp_facade->wp_remote_get("https://oauth.launchkey.com/access_token?" . $params, array('httpversion' => '1.1', 'sslverify' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY], 'timeout' => $options[LaunchKey_WP_Options::OPTION_REQUEST_TIMEOUT], 'headers' => array('Connection' => 'close'))); if ($this->wp_facade->is_wp_error($oauth_get)) { // If the response is an error, return the error $response = $oauth_get; } else { // Otherwise, decode the response $response = json_decode($oauth_get['body'], true); } return $response; }
/** * @return array */ private function get_launchkey_options() { $options = $this->wp_facade->get_option(static::OPTION_KEY); return $options; }
/** * @return mixed */ private function get_option() { return $this->is_multi_site ? $this->wp_facade->get_site_option(LaunchKey_WP_Admin::OPTION_KEY) : $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY); }
private function get_option($key) { return $this->is_multi_site ? $this->wp_facade->get_site_option($key) : $this->wp_facade->get_option($key); }
/** * @since 1.0.0 */ public function enqueue_wizard_script() { $options = $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY); $this->wp_facade->wp_enqueue_script('launchkey-wizard-script', $this->wp_facade->plugins_url('/public/launchkey-wizard.js', dirname(__FILE__)), array('jquery'), '1.0.0', true); $this->wp_facade->wp_localize_script('launchkey-wizard-script', 'launchkey_wizard_config', array('nonce' => $this->wp_facade->wp_create_nonce(static::WIZARD_NONCE_KEY), 'is_configured' => $this->is_plugin_configured($options), 'implementation_type' => $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE], 'url' => $this->wp_facade->admin_url('admin-ajax.php?action=' . static::DATA_SUBMIT_AJAX_ACTION))); }