public function test_sync_callable_whitelist()
{
// $this->setSyncClientDefaults();
$callables = array('wp_max_upload_size' => wp_max_upload_size(), 'is_main_network' => Jetpack::is_multi_network(), 'is_multi_site' => is_multisite(), 'main_network_site' => Jetpack_Sync_Functions::main_network_site_url(), 'single_user_site' => Jetpack::is_single_user_site(), 'updates' => Jetpack::get_updates(), 'home_url' => Jetpack_Sync_Functions::home_url(), 'site_url' => Jetpack_Sync_Functions::site_url(), 'has_file_system_write_access' => Jetpack_Sync_Functions::file_system_write_access(), 'is_version_controlled' => Jetpack_Sync_Functions::is_version_controlled(), 'taxonomies' => Jetpack_Sync_Functions::get_taxonomies(), 'post_types' => Jetpack_Sync_Functions::get_post_types(), 'post_type_features' => Jetpack_Sync_Functions::get_post_type_features(), 'rest_api_allowed_post_types' => Jetpack_Sync_Functions::rest_api_allowed_post_types(), 'rest_api_allowed_public_metadata' => Jetpack_Sync_Functions::rest_api_allowed_public_metadata(), 'sso_is_two_step_required' => Jetpack_SSO_Helpers::is_two_step_required(), 'sso_should_hide_login_form' => Jetpack_SSO_Helpers::should_hide_login_form(), 'sso_match_by_email' => Jetpack_SSO_Helpers::match_by_email(), 'sso_new_user_override' => Jetpack_SSO_Helpers::new_user_override(), 'sso_bypass_default_login_form' => Jetpack_SSO_Helpers::bypass_login_forward_wpcom(), 'wp_version' => Jetpack_Sync_Functions::wp_version(), 'get_plugins' => Jetpack_Sync_Functions::get_plugins(), 'active_modules' => Jetpack::get_active_modules(), 'hosting_provider' => Jetpack_Sync_Functions::get_hosting_provider(), 'locale' => get_locale(), 'site_icon_url' => Jetpack_Sync_Functions::site_icon_url());
if (is_multisite()) {
$callables['network_name'] = Jetpack::network_name();
$callables['network_allow_new_registrations'] = Jetpack::network_allow_new_registrations();
$callables['network_add_new_users'] = Jetpack::network_add_new_users();
$callables['network_site_upload_space'] = Jetpack::network_site_upload_space();
$callables['network_upload_file_types'] = Jetpack::network_upload_file_types();
$callables['network_enable_administration_menus'] = Jetpack::network_enable_administration_menus();
}
$this->sender->do_sync();
foreach ($callables as $name => $value) {
// TODO: figure out why _sometimes_ the 'support' value of
// the post_types value is being removed from the output
if ($name === 'post_types') {
continue;
}
$this->assertCallableIsSynced($name, $value);
}
$whitelist_keys = array_keys($this->callable_module->get_callable_whitelist());
$callables_keys = array_keys($callables);
// Are we testing all the callables in the defaults?
$whitelist_and_callable_keys_difference = array_diff($whitelist_keys, $callables_keys);
$this->assertTrue(empty($whitelist_and_callable_keys_difference), 'Some whitelisted options don\'t have a test: ' . print_r($whitelist_and_callable_keys_difference, 1));
// Are there any duplicate keys?
$unique_whitelist = array_unique($whitelist_keys);
$this->assertEquals(count($unique_whitelist), count($whitelist_keys), 'The duplicate keys are: ' . print_r(array_diff_key($whitelist_keys, array_unique($whitelist_keys)), 1));
}
/**
* The function that actually handles the login!
*/
function handle_login()
{
$wpcom_nonce = sanitize_key($_GET['sso_nonce']);
$wpcom_user_id = (int) $_GET['user_id'];
Jetpack::load_xml_rpc_client();
$xml = new Jetpack_IXR_Client(array('user_id' => get_current_user_id()));
$xml->query('jetpack.sso.validateResult', $wpcom_nonce, $wpcom_user_id);
if ($xml->isError()) {
$error_message = sanitize_text_field(sprintf('%s: %s', $xml->getErrorCode(), $xml->getErrorMessage()));
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => $error_message));
wp_die($error_message);
}
$user_data = $xml->getResponse();
if (empty($user_data)) {
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'invalid_response_data'));
wp_die(__('Error, invalid response data.', 'jetpack'));
}
$user_data = (object) $user_data;
$user = null;
/**
* Fires before Jetpack's SSO modifies the log in form.
*
* @module sso
*
* @since 2.6.0
*
* @param object $user_data WordPress.com User information.
*/
do_action('jetpack_sso_pre_handle_login', $user_data);
if (Jetpack_SSO_Helpers::is_two_step_required() && 0 === (int) $user_data->two_step_enabled) {
$this->user_data = $user_data;
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'error_msg_enable_two_step'));
/** This filter is documented in core/src/wp-includes/pluggable.php */
do_action('wp_login_failed', $user_data->login);
add_filter('login_message', array($this, 'error_msg_enable_two_step'));
return;
}
$user_found_with = '';
if (empty($user) && isset($user_data->external_user_id)) {
$user_found_with = 'external_user_id';
$user = get_user_by('id', intval($user_data->external_user_id));
if ($user) {
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
}
}
// If we don't have one by wpcom_user_id, try by the email?
if (empty($user) && Jetpack_SSO_Helpers::match_by_email()) {
$user_found_with = 'match_by_email';
$user = get_user_by('email', $user_data->email);
if ($user) {
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
}
}
// If we've still got nothing, create the user.
if (empty($user) && (get_option('users_can_register') || Jetpack_SSO_Helpers::new_user_override())) {
// If not matching by email we still need to verify the email does not exist
// or this blows up
/**
* If match_by_email is true, we know the email doesn't exist, as it would have
* been found in the first pass. If get_user_by( 'email' ) doesn't find the
* user, then we know that email is unused, so it's safe to add.
*/
if (Jetpack_SSO_Helpers::match_by_email() || !get_user_by('email', $user_data->email)) {
$username = $user_data->login;
if (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID;
}
$tries = 0;
while (username_exists($username)) {
$username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
if ($tries++ >= 5) {
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'could_not_create_username'));
wp_die(__("Error: Couldn't create suitable username.", 'jetpack'));
}
}
$user_found_with = Jetpack_SSO_Helpers::new_user_override() ? 'user_created_new_user_override' : 'user_created_users_can_register';
$password = wp_generate_password(20);
$user_id = wp_create_user($username, $password, $user_data->email);
$user = get_userdata($user_id);
$user->display_name = $user_data->display_name;
$user->first_name = $user_data->first_name;
$user->last_name = $user_data->last_name;
$user->url = $user_data->url;
$user->description = $user_data->description;
wp_update_user($user);
update_user_meta($user->ID, 'wpcom_user_id', $user_data->ID);
} else {
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'error_msg_email_already_exists'));
$this->user_data = $user_data;
add_action('login_message', array($this, 'error_msg_email_already_exists'));
return;
}
}
/**
* Fires after we got login information from WordPress.com.
*
* @module sso
*
* @since 2.6.0
*
* @param array $user Local User information.
* @param object $user_data WordPress.com User Login information.
*/
do_action('jetpack_sso_handle_login', $user, $user_data);
if ($user) {
// Cache the user's details, so we can present it back to them on their user screen
update_user_meta($user->ID, 'wpcom_user_data', $user_data);
$remember = false;
if (!empty($_COOKIE['jetpack_sso_remember_me'])) {
$remember = true;
// And then purge it
setcookie('jetpack_sso_remember_me', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
}
/**
* Filter the remember me value.
*
* @module sso
*
* @since 2.8.0
*
* @param bool $remember Is the remember me option checked?
*/
$remember = apply_filters('jetpack_remember_login', $remember);
wp_set_auth_cookie($user->ID, $remember);
/** This filter is documented in core/src/wp-includes/user.php */
do_action('wp_login', $user->user_login, $user);
wp_set_current_user($user->ID);
$_request_redirect_to = isset($_REQUEST['redirect_to']) ? esc_url_raw($_REQUEST['redirect_to']) : '';
$redirect_to = user_can($user, 'edit_posts') ? admin_url() : self::profile_page_url();
// If we have a saved redirect to request in a cookie
if (!empty($_COOKIE['jetpack_sso_redirect_to'])) {
// Set that as the requested redirect to
$redirect_to = $_request_redirect_to = esc_url_raw($_COOKIE['jetpack_sso_redirect_to']);
// And then purge it
setcookie('jetpack_sso_redirect_to', ' ', time() - YEAR_IN_SECONDS, COOKIEPATH, COOKIE_DOMAIN);
}
$is_user_connected = Jetpack::is_user_connected($user->ID);
JetpackTracking::record_user_event('sso_user_logged_in', array('user_found_with' => $user_found_with, 'user_connected' => (bool) $is_user_connected, 'user_role' => Jetpack::translate_current_user_to_role()));
if (!$is_user_connected) {
$calypso_env = !empty($_GET['calypso_env']) ? sanitize_key($_GET['calypso_env']) : '';
wp_safe_redirect(add_query_arg(array('redirect_to' => $redirect_to, 'request_redirect_to' => $_request_redirect_to, 'calypso_env' => $calypso_env, 'jetpack-sso-auth-redirect' => '1'), admin_url()));
exit;
}
wp_safe_redirect(apply_filters('login_redirect', $redirect_to, $_request_redirect_to, $user));
exit;
}
add_filter('jetpack_sso_default_to_sso_login', '__return_false');
JetpackTracking::record_user_event('sso_login_failed', array('error_message' => 'cant_find_user'));
$this->user_data = $user_data;
/** This filter is documented in core/src/wp-includes/pluggable.php */
do_action('wp_login_failed', $user_data->login);
add_filter('login_message', array($this, 'cant_find_user'));
}
function test_extend_auth_cookie_default_value_greater_than_default()
{
$this->assertGreaterThan(2 * DAY_IN_SECONDS, Jetpack_SSO_Helpers::extend_auth_cookie_expiration_for_sso());
}
function test_sso_helpers_sso_bypass_default_login_form_filter_false()
{
add_filter('jetpack_sso_bypass_login_forward_wpcom', '__return_false');
$this->assertFalse(Jetpack_SSO_Helpers::bypass_login_forward_wpcom());
remove_filter('jetpack_sso_bypass_login_forward_wpcom', '__return_false');
}
