/**
* launchkey_form - login form for wp-login.php
*
* @since 1.1.0
*
* @param string $class A space separated list of classes to set on the "class" attribute of a containing DIV for the login button
* @param string $id The value to set on the "id" attribute of a containing DIV for the login button
* @param string $style A string of HTML style code tto set on the "style" attribute of a containing DIV for the login button
*/
public function launchkey_form($class = '', $id = '', $style = '')
{
if (isset($_GET['launchkey_error'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'The LaunchKey request was denied or an issue was detected during authentication. Please try again.')));
} elseif (isset($_GET['launchkey_ssl_error'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was an error trying to request the LaunchKey servers. If this persists you may need to disable SSL verification.')));
} elseif (isset($_GET['launchkey_security'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was a security issue detected and you have been logged out for your safety. Log back in to ensure a secure session.')));
}
$container = SAML2_Utils::getContainer();
$request = new SAML2_AuthnRequest();
$request->setId($container->generateId());
$request->setDestination($this->login_url);
$request->setIssuer($this->entity_id);
$request->setRelayState($this->wp_facade->admin_url());
$request->setAssertionConsumerServiceURL($this->wp_facade->wp_login_url());
$request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$request->setIsPassive(false);
$request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true));
// Send it off using the HTTP-Redirect binding
$binding = new SAML2_HTTPRedirect();
$binding->setDestination($this->login_url);
$options = $this->is_multi_site ? $this->wp_facade->get_site_option(LaunchKey_WP_Admin::OPTION_KEY) : $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY);
$this->wp_facade->_echo($this->template->render_template('launchkey-form', array('class' => $class, 'id' => $id, 'style' => $style, 'login_url' => $binding->getRedirectURL($request), 'login_text' => 'Log in with', 'login_with_app_name' => $options[LaunchKey_WP_Options::OPTION_APP_DISPLAY_NAME], 'size' => in_array($this->wp_facade->get_locale(), array('fr_FR', 'es_ES')) ? 'small' : 'medium')));
}
/**
* handler for LaunchKey authentication
* @since 1.0.0
*/
public function launchkey_callback()
{
// Get an SDK auth client
$auth = $this->launchkey_client->auth();
try {
// We are going to modify the query parameters, so copy the global $_GET
$query = $_GET;
// If deorbit is present, strip slashes as they being added by WordPress to "sanitize" request data
if (isset($query['deorbit'])) {
$query['deorbit'] = stripslashes($query['deorbit']);
}
// Have the SDK client handle the callback
$response = $auth->handleCallback($query);
if ($response instanceof \LaunchKey\SDK\Domain\AuthResponse) {
// If this is an auth response
// Find the user by the auth_request provided in the response
$users = $this->wp_facade->get_users(array('meta_key' => 'launchkey_auth', 'meta_value' => $response->getAuthRequestId()));
if (count($users) > 1) {
throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError('Too many users found for user hash ' . $response->getUserHash());
} elseif (count($users) < 1) {
throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError('No user found for user hash ' . $response->getUserHash());
}
$user = array_pop($users);
// Update the auth value and the user hash in the user metadata based on response data
$this->wp_facade->update_user_meta($user->ID, "launchkey_authorized", $response->isAuthorized() ? 'true' : 'false');
$this->wp_facade->update_user_meta($user->ID, "launchkey_user", $response->getUserHash());
// If this is a native implementation and we have a valid User Push ID in the response, replace the username with that to prevent exposure of the username
$options = $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY);
$user_push_id = $response->getUserPushId();
if ($user_push_id && LaunchKey_WP_Implementation_Type::NATIVE === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE]) {
$this->wp_facade->update_user_meta($user->ID, "launchkey_username", $user_push_id);
}
} elseif ($response instanceof \LaunchKey\SDK\Domain\DeOrbitCallback) {
// If it's a de-orbit request
// Find the user by the provided user hash
$users = $this->wp_facade->get_users(array('meta_key' => 'launchkey_user', 'meta_value' => $response->getUserHash()));
if (count($users) !== 1) {
throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError('Too many users found for user hash ' . $response->getUserHash());
}
$user = array_pop($users);
// Set authorized to false in the user metadata
$this->wp_facade->update_user_meta($user->ID, "launchkey_authorized", 'false');
$auth->deOrbit($user->launchkey_auth);
}
} catch (\Exception $e) {
if ($e instanceof \LaunchKey\SDK\Service\Exception\InvalidRequestError || $e instanceof \LaunchKey\SDK\Service\Exception\UnknownCallbackActionError) {
$this->wp_facade->wp_die('Invalid Request', 400);
} else {
// Otherwise, return 500
if ($this->wp_facade->is_debug_log()) {
$this->wp_facade->error_log('Callback Exception: ' . $e->getMessage());
}
$this->wp_facade->wp_die('Server Error', 500);
}
}
}
/**
* Exchange a valid OAuth response code for a token object
*
* @param $response_code
*
* @return array|WP_Error
*/
private function get_token_for_code($response_code)
{
$options = $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY);
//prepare request data for access token
$data = array();
$data['client_id'] = $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY];
$data['client_secret'] = $options[LaunchKey_WP_Options::OPTION_SECRET_KEY];
$data['redirect_uri'] = $this->wp_facade->admin_url();
$data['code'] = $response_code;
$data['grant_type'] = "authorization_code";
//make oauth call
$params = http_build_query($data);
// Attempt to get an access token from the resposne code
$oauth_get = $this->wp_facade->wp_remote_get("https://oauth.launchkey.com/access_token?" . $params, array('httpversion' => '1.1', 'sslverify' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY], 'timeout' => $options[LaunchKey_WP_Options::OPTION_REQUEST_TIMEOUT], 'headers' => array('Connection' => 'close')));
if ($this->wp_facade->is_wp_error($oauth_get)) {
// If the response is an error, return the error
$response = $oauth_get;
} else {
// Otherwise, decode the response
$response = json_decode($oauth_get['body'], true);
}
return $response;
}
/**
* @return array
*/
private function get_launchkey_options()
{
$options = $this->wp_facade->get_option(static::OPTION_KEY);
return $options;
}
/**
* @return mixed
*/
private function get_option()
{
return $this->is_multi_site ? $this->wp_facade->get_site_option(LaunchKey_WP_Admin::OPTION_KEY) : $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY);
}
private function get_option($key)
{
return $this->is_multi_site ? $this->wp_facade->get_site_option($key) : $this->wp_facade->get_option($key);
}
/**
* @since 1.0.0
*/
public function enqueue_wizard_script()
{
$options = $this->wp_facade->get_option(LaunchKey_WP_Admin::OPTION_KEY);
$this->wp_facade->wp_enqueue_script('launchkey-wizard-script', $this->wp_facade->plugins_url('/public/launchkey-wizard.js', dirname(__FILE__)), array('jquery'), '1.0.0', true);
$this->wp_facade->wp_localize_script('launchkey-wizard-script', 'launchkey_wizard_config', array('nonce' => $this->wp_facade->wp_create_nonce(static::WIZARD_NONCE_KEY), 'is_configured' => $this->is_plugin_configured($options), 'implementation_type' => $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE], 'url' => $this->wp_facade->admin_url('admin-ajax.php?action=' . static::DATA_SUBMIT_AJAX_ACTION)));
}
