public static function getUser($jwt, $encodedJWT)
{
global $wpdb;
$sql = 'SELECT u.*
FROM ' . $wpdb->auth0_user . ' a
JOIN ' . $wpdb->users . ' u ON a.wp_id = u.id
WHERE a.auth0_id = %s;';
$userRow = $wpdb->get_row($wpdb->prepare($sql, $jwt->sub));
if (is_null($userRow)) {
$domain = WP_Auth0_Options::get('domain');
$response = WP_Auth0_Api_Client::get_user($domain, $encodedJWT, $jwt->sub);
if ($response['response']['code'] != 200) {
return null;
}
$creator = new WP_Auth0_UserCreator();
if ($creator->tokenHasRequiredScopes($jwt)) {
$auth0User = $jwt;
} else {
$auth0User = json_decode($response['body']);
}
try {
$user_id = $creator->create($auth0User, $encodedJWT);
do_action('auth0_user_login', $user_id, $response, true, $encodedJWT, null);
return new WP_User($user_id);
} catch (WP_Auth0_CouldNotCreateUserException $e) {
return null;
} catch (WP_Auth0_RegistrationNotEnabledException $e) {
return null;
}
return null;
} elseif ($userRow instanceof WP_Error) {
self::insertAuth0Error('findAuth0User', $userRow);
return null;
} else {
$user = new WP_User();
$user->init($userRow);
do_action('auth0_user_login', $user->ID, $response, false, $encodedJWT, null);
return $user;
}
}
public static function init_auth0()
{
global $wp_query;
if (!isset($wp_query->query_vars['auth0'])) {
return;
}
if ($wp_query->query_vars['auth0'] == 'implicit') {
self::implicitLogin();
}
if ($wp_query->query_vars['auth0'] != '1') {
return;
}
if (isset($wp_query->query_vars['error_description']) && trim($wp_query->query_vars['error_description']) != '') {
$msg = __('There was a problem with your log in:', WPA0_LANG);
$msg .= ' ' . $wp_query->query_vars['error_description'];
$msg .= '<br/><br/>';
$msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>';
wp_die($msg);
}
if (isset($wp_query->query_vars['error']) && trim($wp_query->query_vars['error']) != '') {
$msg = __('There was a problem with your log in:', WPA0_LANG);
$msg .= ' ' . $wp_query->query_vars['error'];
$msg .= '<br/><br/>';
$msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>';
wp_die($msg);
}
$code = $wp_query->query_vars['code'];
$state = $wp_query->query_vars['state'];
$stateFromGet = json_decode(stripcslashes($state));
$domain = WP_Auth0_Options::get('domain');
$client_id = WP_Auth0_Options::get('client_id');
$client_secret = WP_Auth0_Options::get('client_secret');
if (empty($client_id)) {
wp_die(__('Error: Your Auth0 Client ID has not been entered in the Auth0 SSO plugin settings.', WPA0_LANG));
}
if (empty($client_secret)) {
wp_die(__('Error: Your Auth0 Client Secret has not been entered in the Auth0 SSO plugin settings.', WPA0_LANG));
}
if (empty($domain)) {
wp_die(__('Error: No Domain defined in Wordpress Administration!', WPA0_LANG));
}
$response = WP_Auth0_Api_Client::get_token($domain, $client_id, $client_secret, 'authorization_code', array('redirect_uri' => home_url(), 'code' => $code));
if ($response instanceof WP_Error) {
self::insertAuth0Error('init_auth0_oauth/token', $response);
error_log($response->get_error_message());
$msg = __('Sorry. There was a problem logging you in.', WPA0_LANG);
$msg .= '<br/><br/>';
$msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>';
wp_die($msg);
}
$data = json_decode($response['body']);
if (isset($data->access_token)) {
// Get the user information
$response = WP_Auth0_Api_Client::get_user_info($domain, $data->access_token);
if ($response instanceof WP_Error) {
self::insertAuth0Error('init_auth0_userinfo', $response);
error_log($response->get_error_message());
$msg = __('There was a problem with your log in.', WPA0_LANG);
$msg .= '<br/><br/>';
$msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>';
wp_die($msg);
}
$userinfo = json_decode($response['body']);
if (self::login_user($userinfo, $data->id_token, $data->access_token)) {
if ($stateFromGet !== null && isset($stateFromGet->interim) && $stateFromGet->interim) {
include WPA0_PLUGIN_DIR . 'templates/login-interim.php';
exit;
} else {
if ($stateFromGet !== null && isset($stateFromGet->redirect_to)) {
$redirectURL = $stateFromGet->redirect_to;
} else {
$redirectURL = WP_Auth0_Options::get('default_login_redirection');
}
wp_safe_redirect($redirectURL);
}
}
} elseif (is_array($response['response']) && $response['response']['code'] == 401) {
$error = new WP_Error('401', 'auth/token response code: 401 Unauthorized');
self::insertAuth0Error('init_auth0_oauth/token', $error);
$msg = __('Error: the Client Secret configured on the Auth0 plugin is wrong. Make sure to copy the right one from the Auth0 dashboard.', WPA0_LANG);
$msg .= '<br/><br/>';
$msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>';
wp_die($msg);
} else {
$error = '';
$description = '';
if (isset($data->error)) {
$error = $data->error;
}
if (isset($data->error_description)) {
$description = $data->error_description;
}
if (!empty($error) || !empty($description)) {
$error = new WP_Error($error, $description);
self::insertAuth0Error('init_auth0_oauth/token', $error);
}
// Login failed!
wp_redirect(home_url() . '?message=' . $data->error_description);
//echo "Error logging in! Description received was:<br/>" . $data->error_description;
}
exit;
}
public static function input_validator($input)
{
$input['client_id'] = sanitize_text_field($input['client_id']);
$input['form_title'] = sanitize_text_field($input['form_title']);
$input['icon_url'] = esc_url($input['icon_url'], array('http', 'https'));
$input['sso'] = isset($input['sso']) ? $input['sso'] : 0;
$input['requires_verified_email'] = isset($input['requires_verified_email']) ? 1 : 0;
$input['wordpress_login_enabled'] = isset($input['wordpress_login_enabled']) ? 1 : 0;
$input['jwt_auth_integration'] = isset($input['jwt_auth_integration']) ? 1 : 0;
$input['allow_signup'] = isset($input['allow_signup']) ? 1 : 0;
$input['auth0_implicit_workflow'] = isset($input['auth0_implicit_workflow']) ? $input['auth0_implicit_workflow'] : 0;
$input['social_big_buttons'] = isset($input['social_big_buttons']) ? 1 : 0;
$input['gravatar'] = isset($input['gravatar']) ? 1 : 0;
$input['remember_last_login'] = isset($input['remember_last_login']) ? 1 : 0;
//$input['auto_provisioning'] = (isset($input['auto_provisioning']) ? 1 : 0);
$input['default_login_redirection'] = esc_url_raw($input['default_login_redirection']);
$home_url = home_url();
if (empty($input['default_login_redirection'])) {
$input['default_login_redirection'] = $home_url;
} else {
if (strpos($input['default_login_redirection'], $home_url) !== 0) {
if (strpos($input['default_login_redirection'], 'http') === 0) {
$input['default_login_redirection'] = $home_url;
$error = __("The 'Login redirect URL' cannot point to a foreign page.", WPA0_LANG);
self::add_validation_error($error);
}
}
if (strpos($input['default_login_redirection'], 'action=logout') !== false) {
$input['default_login_redirection'] = $home_url;
$error = __("The 'Login redirect URL' cannot point to the logout page.", WPA0_LANG);
self::add_validation_error($error);
}
}
$error = "";
$completeBasicData = true;
if (empty($input["domain"])) {
$error = __("You need to specify domain", WPA0_LANG);
self::add_validation_error($error);
$completeBasicData = false;
}
if (empty($input["client_id"])) {
$error = __("You need to specify a client id", WPA0_LANG);
self::add_validation_error($error);
$completeBasicData = false;
}
if (empty($input["client_secret"])) {
$error = __("You need to specify a client secret", WPA0_LANG);
self::add_validation_error($error);
$completeBasicData = false;
}
if ($completeBasicData) {
$response = WP_Auth0_Api_Client::get_token($input["domain"], $input["client_id"], $input["client_secret"]);
if ($response instanceof WP_Error) {
$error = $response->get_error_message();
self::add_validation_error($error);
} elseif ($response['response']['code'] != 200) {
$error = __("The client id or secret is not valid. ", WPA0_LANG);
self::add_validation_error($error);
}
}
if (trim($input["dict"]) != '') {
if (strpos($input["dict"], '{') !== false && json_decode($input["dict"]) === null) {
$error = __("The Translation parameter should be a valid json object", WPA0_LANG);
self::add_validation_error($error);
}
}
if (trim($input["extra_conf"]) != '') {
if (json_decode($input["extra_conf"]) === null) {
$error = __("The Extra settings parameter should be a valid json object", WPA0_LANG);
self::add_validation_error($error);
}
}
return $input;
}
