/** * @since 1.0.0 */ public function verify_configuration_callback() { if (isset($_REQUEST['nonce']) && $this->wp_facade->wp_verify_nonce($_REQUEST['nonce'], static::VERIFIER_NONCE_KEY)) { $user = $this->wp_facade->wp_get_current_user(); $response = array('nonce' => $this->wp_facade->wp_create_nonce(static::VERIFIER_NONCE_KEY)); if (stripos($_SERVER['REQUEST_METHOD'], 'POST') !== false && isset($_POST['verify_action']) && 'pair' === $_POST['verify_action']) { try { $white_label_user = $this->launchkey_client->whiteLabel()->createUser($user->user_login); $response['qrcode_url'] = $white_label_user->getQrCodeUrl(); $response['manual_code'] = $white_label_user->getCode(); } catch (Exception $e) { $response['error'] = $e->getCode(); } } elseif (stripos($_SERVER['REQUEST_METHOD'], 'POST') !== false) { $response['completed'] = false; try { $username = empty($_POST['username']) ? $user->user_login : $_POST['username']; $auth_request = $this->launchkey_client->auth()->authorize($username); $this->wp_facade->update_user_meta($user->ID, 'launchkey_username', $username); $this->wp_facade->update_user_meta($user->ID, 'launchkey_auth', $auth_request->getAuthRequestId()); $this->wp_facade->update_user_meta($user->ID, 'launchkey_authorized', null); } catch (Exception $e) { $response['error'] = $e->getCode(); } } else { $db = $this->wp_facade->get_wpdb(); $value = $db->get_var($db->prepare("SELECT meta_value FROM {$db->usermeta} WHERE user_id = %s AND meta_key = 'launchkey_authorized' LIMIT 1", $user->ID)); $response['completed'] = !empty($value); } $this->wp_facade->wp_send_json($response); } }
/** * Create the settings page * * Renders the settings page to the screen as defined by {@see setup_launchkey_settings_page} * * @since 1.0.0 */ public function create_launchkey_settings_page() { $options = $this->get_launchkey_options(); $hasMcrypt = $this->wp_facade->extension_loaded('mcrypt'); $hasOpenSSL = $this->wp_facade->extension_loaded('openssl'); $hasCurl = $this->wp_facade->extension_loaded('curl'); $hasDOM = $this->wp_facade->extension_loaded('dom'); $hasPrerequisites = $hasCurl && $hasDOM && $hasMcrypt && $hasOpenSSL; $this->render_template('admin/settings', array('callback_url' => $this->wp_facade->admin_url('admin-ajax.php?action=' . LaunchKey_WP_Native_Client::CALLBACK_AJAX_ACTION), 'sso_post_url' => $this->wp_facade->wp_login_url(), 'domain' => $this->wp_facade->parse_url($this->wp_facade->admin_url(), PHP_URL_HOST), 'rocket_key' => $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY], 'app_display_name' => $options[LaunchKey_WP_Options::OPTION_APP_DISPLAY_NAME], 'ssl_verify_checked' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY] ? 'checked="checked"' : '', 'mcrypt_pass_fail' => $hasMcrypt ? 'pass' : 'fail', 'openssl_pass_fail' => $hasOpenSSL ? 'pass' : 'fail', 'curl_pass_fail' => $hasCurl ? 'pass' : 'fail', 'dom_pass_fail' => $hasDOM ? 'pass' : 'fail', 'show_sso_next' => $hasPrerequisites ? 'show' : 'hide', 'show_sso_back' => $hasPrerequisites ? 'hide' : 'show', 'wp_username' => $this->wp_facade->wp_get_current_user()->user_login, 'sso_entity_id' => $options[LaunchKey_WP_Options::OPTION_SSO_ENTITY_ID], 'sso_public_key' => $options[LaunchKey_WP_Options::OPTION_SSO_CERTIFICATE], 'sso_login_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGIN_URL], 'sso_logout_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGOUT_URL], 'sso_error_url' => $options[LaunchKey_WP_Options::OPTION_SSO_ERROR_URL], 'settings-sso-visible' => LaunchKey_WP_Implementation_Type::SSO === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] ? "" : "hide", 'settings-standard-visible' => LaunchKey_WP_Implementation_Type::SSO === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] ? "hide" : "")); }
/** * Create the settings page * * Renders the settings page to the screen as defined by {@see setup_launchkey_settings_page} * * @since 1.0.0 */ public function create_launchkey_settings_page() { $options = $this->get_launchkey_options(); $hasMcrypt = $this->wp_facade->extension_loaded('mcrypt'); $hasOpenSSL = $this->wp_facade->extension_loaded('openssl'); $hasCurl = $this->wp_facade->extension_loaded('curl'); $hasDOM = $this->wp_facade->extension_loaded('dom'); $hasPrerequisites = $hasCurl && $hasDOM && $hasMcrypt && $hasOpenSSL; $this->render_template('admin/settings', array('callback_url' => $this->get_callback_url(), 'sso_post_url' => $this->wp_facade->site_url('wp-login.php', 'login_post'), 'domain' => $this->wp_facade->parse_url($this->wp_facade->admin_url(), PHP_URL_HOST), 'rocket_key' => $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY], 'app_display_name' => $options[LaunchKey_WP_Options::OPTION_APP_DISPLAY_NAME], 'ssl_verify_checked' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY] ? 'checked="checked"' : '', 'mcrypt_pass_fail' => $hasMcrypt ? 'pass' : 'fail', 'openssl_pass_fail' => $hasOpenSSL ? 'pass' : 'fail', 'curl_pass_fail' => $hasCurl ? 'pass' : 'fail', 'dom_pass_fail' => $hasDOM ? 'pass' : 'fail', 'show_sso_next' => $hasPrerequisites ? 'show' : 'hide', 'show_sso_back' => $hasPrerequisites ? 'hide' : 'show', 'wp_username' => $this->wp_facade->wp_get_current_user()->user_login, 'sso_entity_id' => $options[LaunchKey_WP_Options::OPTION_SSO_ENTITY_ID], 'sso_public_key' => $options[LaunchKey_WP_Options::OPTION_SSO_CERTIFICATE], 'sso_login_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGIN_URL], 'sso_logout_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGOUT_URL], 'sso_error_url' => $options[LaunchKey_WP_Options::OPTION_SSO_ERROR_URL])); }
/** * launchkey_admin_callback - performed during admin_init action * */ public function launchkey_admin_callback() { $options = $this->get_option(); if (isset($_GET['launchkey_admin_pair'])) { $user = $this->wp_facade->wp_get_current_user(); $this->launchkey_pair("", $user->data); } //check status of oauth access token if (isset($_COOKIE['launchkey_access_token'])) { $args = array('httpversion' => '1.1', 'headers' => array('Authorization' => 'Bearer ' . $_COOKIE['launchkey_access_token'], 'Connection' => 'close'), 'sslverify' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY], 'timeout' => $options[LaunchKey_WP_Options::OPTION_REQUEST_TIMEOUT]); $oauth_response = $this->wp_facade->wp_remote_post("{$this->base_url}/resource/ping", $args); $response_object = $oauth_response instanceof WP_Error ? null : json_decode($oauth_response['body'], true); if ($response_object && isset($response_object['message'])) { if ($response_object['message'] != 'valid') { //refresh_token if (isset($_COOKIE['launchkey_refresh_token'])) { //prepare data for access token $data = array('httpversion' => '1.1', 'body' => array('client_id' => $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY], 'client_secret' => $options[LaunchKey_WP_Options::OPTION_SECRET_KEY], 'redirect_uri' => $this->wp_facade->admin_url(), 'refresh_token' => $_COOKIE['launchkey_refresh_token'], 'grant_type' => "refresh_token"), 'sslverify' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY], 'timeout' => $options[LaunchKey_WP_Options::OPTION_REQUEST_TIMEOUT], 'headers' => array('Connection' => 'close')); //make oauth call $oauth_get = $this->wp_facade->wp_remote_post("{$this->base_url}/access_token", $data); if (!$this->wp_facade->is_wp_error($oauth_get)) { $oauth_response = json_decode($oauth_get['body'], true); } else { $this->wp_facade->wp_logout(); $this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?launchkey_ssl_error=1"); return; } if (isset($oauth_response['refresh_token']) && isset($oauth_response['access_token'])) { $launchkey_access_token = $oauth_response['access_token']; $launchkey_refresh_token = $oauth_response['refresh_token']; $timestamp = $this->wp_facade->current_time('timestamp', true); $launchkey_expires = $timestamp + $oauth_response['expires_in']; $cookie_expires = $timestamp + 86400 * 30; $this->wp_facade->setcookie('launchkey_access_token', $launchkey_access_token, $cookie_expires, COOKIEPATH, COOKIE_DOMAIN); $this->wp_facade->setcookie('launchkey_refresh_token', $launchkey_refresh_token, $cookie_expires, COOKIEPATH, COOKIE_DOMAIN); $this->wp_facade->setcookie('launchkey_expires', $launchkey_expires, $cookie_expires, COOKIEPATH, COOKIE_DOMAIN); } else { $this->wp_facade->wp_logout(); $this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?loggedout=1"); return; } } else { $this->wp_facade->wp_logout(); $this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?loggedout=1"); return; } } } else { $this->wp_facade->wp_logout(); $this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?launchkey_ssl_error=1"); return; } } }
/** * Method to handle redirects for logout of the LaunchKey SSO service * * '@since 1.1.0 */ public function logout() { if ($user = $this->wp_facade->wp_get_current_user()) { // And that user has logged in with LaunchKey SSO if (!empty($user->launchkey_sso_session)) { // Reset the SSO session $this->wp_facade->update_user_meta($user->ID, 'launchkey_sso_session', null); // Redirect to SSO logout $this->wp_facade->wp_redirect($this->logout_url); exit; } } }
/** * Compile the data that will be used by the front end to generate a QR Code for WordPress auto-config. * @since 1.4.0 */ public function wizard_easy_setup_qr_code() { if (isset($_POST['nonce'])) { if ($this->wp_facade->wp_verify_nonce($_POST['nonce'], static::WIZARD_NONCE_KEY) && $this->wp_facade->current_user_can('manage_options')) { $lk_nonce = $this->launchkey_client->auth()->nonce(); $this->update_option(static::EASY_SETUP_OPTION, array('nonce' => $lk_nonce, 'username' => $this->wp_facade->wp_get_current_user()->user_login)); $payload = json_encode(array('nonce' => $lk_nonce->getNonce(), 'payload' => array('callback_url' => $this->admin->get_callback_url(), 'rocket_name' => $this->wp_facade->get_bloginfo('name')))); $qr_data = base64_encode($payload); $response['nonce'] = $this->wp_facade->wp_create_nonce(static::WIZARD_NONCE_KEY); $response['qr_code'] = $qr_data; } else { $response['errors'] = $this->wp_facade->__("An error occurred submitting the page. Please refresh the page and submit again."); } $this->wp_facade->wp_send_json($response); } }
/** * Hearbeat filter to see if a LaunchKey authenticated user has been de-orbited and log them out if that is the case * * @since 1.0.0 */ public function launchkey_still_authenticated_heartbeat() { /** * If the current session */ if ($this->wp_facade->is_user_logged_in()) { // Get the current user $user = $this->wp_facade->wp_get_current_user(); // If they have been de-authorized if (false === $this->get_user_authorized($user->ID)) { // Log out the user $this->wp_facade->wp_logout(); // Reset the LaunchKey auth properties $this->reset_auth($user->ID); } } }