public function onMasterRequest(MWP_Event_MasterRequest $event) { $request = $event->getRequest(); if ($request->getAction() !== 'add_site') { return; } $data = $request->getData(); if (empty($data['add_site_signature']) || empty($data['add_site_signature_id'])) { throw new MWP_Worker_Exception(MWP_Worker_Exception::CONNECTION_SIGNATURE_EMPTY); } $connectionSignature = base64_decode($data['add_site_signature']); $publicKeyId = $data['add_site_signature_id']; $publicKeyId = preg_replace('{[^a-z0-9_]}i', '', $publicKeyId); $publicKeyLocation = dirname(__FILE__) . '/../../../../publickeys/' . $publicKeyId . '.pub'; if (!file_exists($publicKeyLocation)) { throw new MWP_Worker_Exception(MWP_Worker_Exception::CONNECTION_PUBLIC_KEY_NOT_FOUND, null, array('publicKeyId' => $publicKeyId)); } $publicKey = file_get_contents($publicKeyLocation); $message = json_encode(array('setting' => $request->getSetting(), 'params' => $request->getParams())); $verify = $this->signer->verify($message, $connectionSignature, $publicKey); if (!$verify) { throw new MWP_Worker_Exception(MWP_Worker_Exception::CONNECTION_SIGNATURE_NOT_VALID, "Invalid message signature. Deactivate and activate the ManageWP Worker plugin on this site, then re-add it to your ManageWP account."); } $request->setAuthenticated(true); }
public function onMasterRequest(MWP_Event_MasterRequest $event) { $request = $event->getRequest(); $secureKey = $this->configuration->getSecureKey(); $params = $event->getParams(); $givenPublicKey = isset($params['public_key']) ? base64_decode($params['public_key']) : null; $existingPublicKey = $this->configuration->getPublicKey(); if ($request->getAction() === 'add_site') { if ($secureKey && (!$existingPublicKey || $givenPublicKey !== $existingPublicKey)) { // Secure key exists, and public key either doesn't exist, or doesn't match. throw new MWP_Worker_Exception(MWP_Worker_Exception::LEGACY_AUTHENTICATION_KEY_EXISTS, "Sorry, the site appears to be already added to a ManageWP account. Please deactivate, then activate ManageWP Worker plugin on your website and try again or contact our support."); } return; } if (!$secureKey) { // The site is relying on public key. return; } $messageId = $request->getAction() . $request->getNonce(); $signature = $request->getSignature(); if (md5($messageId . $secureKey) !== $signature) { throw new MWP_Worker_Exception(MWP_Worker_Exception::LEGACY_AUTHENTICATION_INVALID_SIGNATURE, "Invalid message signature. Deactivate and activate the ManageWP Worker plugin on this site, then re-add it to your ManageWP account."); } $request->setAuthenticated(true); // Skip verification test because the signature is not an SSL signature. $params = $event->getParams(); $params['skipVerificationTest'] = true; $event->setParams($params); }
public function onMasterRequest(MWP_Event_MasterRequest $event) { $params = $event->getParams(); if (!array_key_exists('username', $params)) { return; } unset($params['username']); $event->setParams($params); }
public function onMasterRequest(MWP_Event_MasterRequest $event) { if (!$event->getRequest()->isAuthenticated()) { return; } if (strpos($event->getRequest()->getHeader('ACCEPT'), 'application/ldjson') === false) { return; } $this->logger->pushHandler($this->handler); }
public function onMasterRequest(MWP_Event_MasterRequest $event) { if (!$event->getRequest()->isAuthenticated()) { return; } $data = $event->getRequest()->getData(); $this->defineWpAdmin($data); $this->defineWpAjax($data); $this->setWpPage($data); // Master should never get redirected by the worker, since it expects worker response. $this->context->addFilter('wp_redirect', array($this, 'disableRedirect')); // Alternate WP cron can run on 'init' hook. $this->context->removeAction('init', 'wp_cron'); $this->context->set('_wp_using_ext_object_cache', false); }
public function setCurrentUserFromEvent(MWP_Event_MasterRequest $event) { $user = null; $usernameUsed = $event->getRequest()->getUsername(); if ($usernameUsed) { $user = $this->context->getUserByUsername($usernameUsed); } if ($user === null) { // No user provided, find one instead. $users = $this->context->getUsers(array('role' => 'administrator', 'number' => 1, 'orderby' => 'ID')); if (count($users) === 0) { throw new MWP_Worker_Exception(MWP_Worker_Exception::AUTHENTICATION_NO_ADMIN_USER, "We could not find an administrator user to use. Please contact support."); } $user = $users[0]; } $this->context->setCurrentUser($user); }
public function onMasterRequest(MWP_Event_MasterRequest $event) { $request = $event->getRequest(); if ($request->isAuthenticated()) { return; } if ($request->getAction() === 'add_site') { return; } $publicKey = $this->configuration->getPublicKey(); if (!$publicKey) { throw new MWP_Worker_Exception(MWP_Worker_Exception::AUTHENTICATION_PUBLIC_KEY_EMPTY, "Authentication failed. Deactivate and activate the ManageWP Worker plugin on this site, then re-add it to your ManageWP account."); } $messageId = $request->getAction() . $request->getNonce(); $signature = $request->getSignature(); if (!$messageId) { throw new MWP_Worker_Exception(MWP_Worker_Exception::AUTHENTICATION_MESSAGE_ID_EMPTY, null, array('messageId' => $messageId, 'signature' => base64_encode($signature))); } $verify = $this->signer->verify($messageId, $signature, $publicKey); if (!$verify) { throw new MWP_Worker_Exception(MWP_Worker_Exception::AUTHENTICATION_INVALID_SIGNATURE, "Invalid message signature. Deactivate and activate the ManageWP Worker plugin on this site, then re-add it to your ManageWP account."); } $request->setAuthenticated(true); }
public function onMasterRequest(MWP_Event_MasterRequest $event) { if (!$event->getRequest()->isAuthenticated()) { return; } $this->logger->pushHandler($this); $this->errorHandler->registerFatalHandler(null, $this->reservedMemorySize); $this->errorHandler->registerExceptionHandler(); if ($this->logErrors) { error_reporting(E_ALL); ini_set('display_errors', false); $this->errorHandler->registerErrorHandler(); } }