public static function getUser($jwt, $encodedJWT) { global $wpdb; $sql = 'SELECT u.* FROM ' . $wpdb->auth0_user . ' a JOIN ' . $wpdb->users . ' u ON a.wp_id = u.id WHERE a.auth0_id = %s;'; $userRow = $wpdb->get_row($wpdb->prepare($sql, $jwt->sub)); if (is_null($userRow)) { $domain = WP_Auth0_Options::get('domain'); $response = WP_Auth0_Api_Client::get_user($domain, $encodedJWT, $jwt->sub); if ($response['response']['code'] != 200) { return null; } $creator = new WP_Auth0_UserCreator(); if ($creator->tokenHasRequiredScopes($jwt)) { $auth0User = $jwt; } else { $auth0User = json_decode($response['body']); } try { $user_id = $creator->create($auth0User, $encodedJWT); do_action('auth0_user_login', $user_id, $response, true, $encodedJWT, null); return new WP_User($user_id); } catch (WP_Auth0_CouldNotCreateUserException $e) { return null; } catch (WP_Auth0_RegistrationNotEnabledException $e) { return null; } return null; } elseif ($userRow instanceof WP_Error) { self::insertAuth0Error('findAuth0User', $userRow); return null; } else { $user = new WP_User(); $user->init($userRow); do_action('auth0_user_login', $user->ID, $response, false, $encodedJWT, null); return $user; } }
public static function init_auth0() { global $wp_query; if (!isset($wp_query->query_vars['auth0'])) { return; } if ($wp_query->query_vars['auth0'] == 'implicit') { self::implicitLogin(); } if ($wp_query->query_vars['auth0'] != '1') { return; } if (isset($wp_query->query_vars['error_description']) && trim($wp_query->query_vars['error_description']) != '') { $msg = __('There was a problem with your log in:', WPA0_LANG); $msg .= ' ' . $wp_query->query_vars['error_description']; $msg .= '<br/><br/>'; $msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>'; wp_die($msg); } if (isset($wp_query->query_vars['error']) && trim($wp_query->query_vars['error']) != '') { $msg = __('There was a problem with your log in:', WPA0_LANG); $msg .= ' ' . $wp_query->query_vars['error']; $msg .= '<br/><br/>'; $msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>'; wp_die($msg); } $code = $wp_query->query_vars['code']; $state = $wp_query->query_vars['state']; $stateFromGet = json_decode(stripcslashes($state)); $domain = WP_Auth0_Options::get('domain'); $client_id = WP_Auth0_Options::get('client_id'); $client_secret = WP_Auth0_Options::get('client_secret'); if (empty($client_id)) { wp_die(__('Error: Your Auth0 Client ID has not been entered in the Auth0 SSO plugin settings.', WPA0_LANG)); } if (empty($client_secret)) { wp_die(__('Error: Your Auth0 Client Secret has not been entered in the Auth0 SSO plugin settings.', WPA0_LANG)); } if (empty($domain)) { wp_die(__('Error: No Domain defined in Wordpress Administration!', WPA0_LANG)); } $response = WP_Auth0_Api_Client::get_token($domain, $client_id, $client_secret, 'authorization_code', array('redirect_uri' => home_url(), 'code' => $code)); if ($response instanceof WP_Error) { self::insertAuth0Error('init_auth0_oauth/token', $response); error_log($response->get_error_message()); $msg = __('Sorry. There was a problem logging you in.', WPA0_LANG); $msg .= '<br/><br/>'; $msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>'; wp_die($msg); } $data = json_decode($response['body']); if (isset($data->access_token)) { // Get the user information $response = WP_Auth0_Api_Client::get_user_info($domain, $data->access_token); if ($response instanceof WP_Error) { self::insertAuth0Error('init_auth0_userinfo', $response); error_log($response->get_error_message()); $msg = __('There was a problem with your log in.', WPA0_LANG); $msg .= '<br/><br/>'; $msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>'; wp_die($msg); } $userinfo = json_decode($response['body']); if (self::login_user($userinfo, $data->id_token, $data->access_token)) { if ($stateFromGet !== null && isset($stateFromGet->interim) && $stateFromGet->interim) { include WPA0_PLUGIN_DIR . 'templates/login-interim.php'; exit; } else { if ($stateFromGet !== null && isset($stateFromGet->redirect_to)) { $redirectURL = $stateFromGet->redirect_to; } else { $redirectURL = WP_Auth0_Options::get('default_login_redirection'); } wp_safe_redirect($redirectURL); } } } elseif (is_array($response['response']) && $response['response']['code'] == 401) { $error = new WP_Error('401', 'auth/token response code: 401 Unauthorized'); self::insertAuth0Error('init_auth0_oauth/token', $error); $msg = __('Error: the Client Secret configured on the Auth0 plugin is wrong. Make sure to copy the right one from the Auth0 dashboard.', WPA0_LANG); $msg .= '<br/><br/>'; $msg .= '<a href="' . wp_login_url() . '">' . __('← Login', WPA0_LANG) . '</a>'; wp_die($msg); } else { $error = ''; $description = ''; if (isset($data->error)) { $error = $data->error; } if (isset($data->error_description)) { $description = $data->error_description; } if (!empty($error) || !empty($description)) { $error = new WP_Error($error, $description); self::insertAuth0Error('init_auth0_oauth/token', $error); } // Login failed! wp_redirect(home_url() . '?message=' . $data->error_description); //echo "Error logging in! Description received was:<br/>" . $data->error_description; } exit; }
public static function input_validator($input) { $input['client_id'] = sanitize_text_field($input['client_id']); $input['form_title'] = sanitize_text_field($input['form_title']); $input['icon_url'] = esc_url($input['icon_url'], array('http', 'https')); $input['sso'] = isset($input['sso']) ? $input['sso'] : 0; $input['requires_verified_email'] = isset($input['requires_verified_email']) ? 1 : 0; $input['wordpress_login_enabled'] = isset($input['wordpress_login_enabled']) ? 1 : 0; $input['jwt_auth_integration'] = isset($input['jwt_auth_integration']) ? 1 : 0; $input['allow_signup'] = isset($input['allow_signup']) ? 1 : 0; $input['auth0_implicit_workflow'] = isset($input['auth0_implicit_workflow']) ? $input['auth0_implicit_workflow'] : 0; $input['social_big_buttons'] = isset($input['social_big_buttons']) ? 1 : 0; $input['gravatar'] = isset($input['gravatar']) ? 1 : 0; $input['remember_last_login'] = isset($input['remember_last_login']) ? 1 : 0; //$input['auto_provisioning'] = (isset($input['auto_provisioning']) ? 1 : 0); $input['default_login_redirection'] = esc_url_raw($input['default_login_redirection']); $home_url = home_url(); if (empty($input['default_login_redirection'])) { $input['default_login_redirection'] = $home_url; } else { if (strpos($input['default_login_redirection'], $home_url) !== 0) { if (strpos($input['default_login_redirection'], 'http') === 0) { $input['default_login_redirection'] = $home_url; $error = __("The 'Login redirect URL' cannot point to a foreign page.", WPA0_LANG); self::add_validation_error($error); } } if (strpos($input['default_login_redirection'], 'action=logout') !== false) { $input['default_login_redirection'] = $home_url; $error = __("The 'Login redirect URL' cannot point to the logout page.", WPA0_LANG); self::add_validation_error($error); } } $error = ""; $completeBasicData = true; if (empty($input["domain"])) { $error = __("You need to specify domain", WPA0_LANG); self::add_validation_error($error); $completeBasicData = false; } if (empty($input["client_id"])) { $error = __("You need to specify a client id", WPA0_LANG); self::add_validation_error($error); $completeBasicData = false; } if (empty($input["client_secret"])) { $error = __("You need to specify a client secret", WPA0_LANG); self::add_validation_error($error); $completeBasicData = false; } if ($completeBasicData) { $response = WP_Auth0_Api_Client::get_token($input["domain"], $input["client_id"], $input["client_secret"]); if ($response instanceof WP_Error) { $error = $response->get_error_message(); self::add_validation_error($error); } elseif ($response['response']['code'] != 200) { $error = __("The client id or secret is not valid. ", WPA0_LANG); self::add_validation_error($error); } } if (trim($input["dict"]) != '') { if (strpos($input["dict"], '{') !== false && json_decode($input["dict"]) === null) { $error = __("The Translation parameter should be a valid json object", WPA0_LANG); self::add_validation_error($error); } } if (trim($input["extra_conf"]) != '') { if (json_decode($input["extra_conf"]) === null) { $error = __("The Extra settings parameter should be a valid json object", WPA0_LANG); self::add_validation_error($error); } } return $input; }