public static function init()
{
if (!WP_Auth0_Options::get('redirect_referer')) {
return;
}
new WP_Auth0_Referer_Check();
}
public static function set($key, $value)
{
$options = self::get_options();
$options[$key] = $value;
self::$_opt = $options;
update_option(self::OPTIONS_NAME, $options);
}
protected static function setupjwt()
{
if (WP_Auth0::isJWTAuthEnabled()) {
JWT_AUTH_Options::set('aud', WP_Auth0_Options::get('client_id'));
JWT_AUTH_Options::set('secret', WP_Auth0_Options::get('client_secret'));
JWT_AUTH_Options::set('secret_base64_encoded', true);
JWT_AUTH_Options::set('override_user_repo', 'WP_Auth0_UsersRepo');
WP_Auth0_Options::set('jwt_auth_integration', true);
}
}
function renderAuth0Form($canShowLegacyLogin = true, $specialSettings = array())
{
if (is_user_logged_in()) {
return;
}
$wordpress_login_enabled = WP_Auth0_Options::get('wordpress_login_enabled') == 1;
if (!$canShowLegacyLogin || !$wordpress_login_enabled || !isset($_GET['wle'])) {
require_once 'auth0-login-form.php';
} else {
add_action('login_footer', array('WP_Auth0', 'render_back_to_auth0'));
}
}
private static function get_options()
{
if (empty(self::$_opt)) {
$options = get_option(self::OPTIONS_NAME, array());
if (!is_array($options)) {
$options = self::defaults();
}
$options = array_merge(self::defaults(), $options);
self::$_opt = $options;
}
return self::$_opt;
}
public function widget($args, $instance)
{
$client_id = WP_Auth0_Options::get('client_id');
if (trim($client_id) != "") {
echo $args['before_widget'];
$settings = WP_Auth0::buildSettings($instance);
$settings['show_as_modal'] = $this->showAsModal();
$settings['modal_trigger_name'] = isset($instance['modal_trigger_name']) ? $instance['modal_trigger_name'] : 'Login';
require_once WPA0_PLUGIN_DIR . 'templates/login-form.php';
renderAuth0Form(false, $settings);
echo $args['after_widget'];
}
}
private function get_ranges()
{
$data = WP_Auth0_Options::get('ip_ranges');
$data = str_replace("\r\n", "\n", $data);
$raw = explode("\n", $data);
$ranges = array();
foreach ($raw as $r) {
$d = explode('-', $r);
if (count($d) < 2) {
continue;
}
$ranges[] = array('from' => trim($d[0]), 'to' => trim($d[1]));
}
return $ranges;
}
public function create($userinfo, $token)
{
// If the user doesn't exist we need to either create a new one, or asign him to an existing one
$isDatabaseUser = false;
foreach ($userinfo->identities as $identity) {
if ($identity->provider == "auth0") {
$isDatabaseUser = true;
}
}
$joinUser = null;
// If the user has a verified email or is a database user try to see if there is
// a user to join with. The isDatabase is because we don't want to allow database
// user creation if there is an existing one with no verified email
if (isset($userinfo->email) && (isset($userinfo->email_verified) && $userinfo->email_verified || $isDatabaseUser)) {
$joinUser = get_user_by('email', $userinfo->email);
}
// $auto_provisioning = WP_Auth0_Options::get('auto_provisioning');
// $allow_signup = WP_Auth0_Options::is_wp_registration_enabled() || $auto_provisioning;
$allow_signup = WP_Auth0_Options::is_wp_registration_enabled();
if (!is_null($joinUser) && $joinUser instanceof WP_User) {
// If we are here, we have a potential join user
// Don't allow creation or assignation of user if the email is not verified, that would
// be hijacking
if (!$userinfo->email_verified) {
throw new WP_Auth0_EmailNotVerifiedException($userinfo, $token);
}
$user_id = $joinUser->ID;
} elseif ($allow_signup) {
// If we are here, we need to create the user
$user_id = WP_Auth0_Users::create_user($userinfo);
// Check if user was created
if (is_wp_error($user_id)) {
throw new WP_Auth0_CouldNotCreateUserException($user_id->get_error_message());
} elseif ($user_id == -2) {
throw new WP_Auth0_CouldNotCreateUserException('Could not create user. The registration process were rejected. Please verify that your account is whitelisted for this system.');
} elseif ($user_id < 0) {
throw new WP_Auth0_CouldNotCreateUserException();
}
} else {
throw new WP_Auth0_RegistrationNotEnabledException();
}
// If we are here we should have a valid $user_id with a new user or an existing one
// log him in, and update the auth0_user table
self::insertAuth0User($userinfo, $user_id);
return $user_id;
}
public static function getUser($jwt, $encodedJWT)
{
global $wpdb;
$sql = 'SELECT u.*
FROM ' . $wpdb->auth0_user . ' a
JOIN ' . $wpdb->users . ' u ON a.wp_id = u.id
WHERE a.auth0_id = %s;';
$userRow = $wpdb->get_row($wpdb->prepare($sql, $jwt->sub));
if (is_null($userRow)) {
$domain = WP_Auth0_Options::get('domain');
$response = WP_Auth0_Api_Client::get_user($domain, $encodedJWT, $jwt->sub);
if ($response['response']['code'] != 200) {
return null;
}
$creator = new WP_Auth0_UserCreator();
if ($creator->tokenHasRequiredScopes($jwt)) {
$auth0User = $jwt;
} else {
$auth0User = json_decode($response['body']);
}
try {
$user_id = $creator->create($auth0User, $encodedJWT);
do_action('auth0_user_login', $user_id, $response, true, $encodedJWT, null);
return new WP_User($user_id);
} catch (WP_Auth0_CouldNotCreateUserException $e) {
return null;
} catch (WP_Auth0_RegistrationNotEnabledException $e) {
return null;
}
return null;
} elseif ($userRow instanceof WP_Error) {
self::insertAuth0Error('findAuth0User', $userRow);
return null;
} else {
$user = new WP_User();
$user->init($userRow);
do_action('auth0_user_login', $user->ID, $response, false, $encodedJWT, null);
return $user;
}
}
public static function wp_init()
{
self::setup_rewrites();
$cdn_url = WP_Auth0_Options::get('cdn_url');
if (strpos($cdn_url, 'auth0-widget-5') !== false) {
WP_Auth0_Options::set('cdn_url', '//cdn.auth0.com/js/lock-6.min.js');
//WP_Auth0_Options::set( 'version', 1 );
}
// Initialize session
// if(!session_id()) {
// session_start();
// }
}
public static function render_allow_wordpress_login()
{
$v = absint(WP_Auth0_Options::get('wordpress_login_enabled'));
echo '<input type="checkbox" name="' . WP_Auth0_Options::OPTIONS_NAME . '[wordpress_login_enabled]" id="wpa0_wp_login_enabled" value="1" ' . checked($v, 1, false) . '/>';
echo '<br/><span class="description">' . __('Mark this if you want to enable the regular WordPress login', WPA0_LANG) . '</span>';
}
$form_desc = WP_Auth0_Options::get('form_desc');
if (isset($_GET['interim-login']) && $_GET['interim-login'] == 1) {
$interim_login = true;
} else {
$interim_login = false;
}
// Get title for login widget
if (empty($title)) {
$title = "Sign In";
}
$stateObj = array("interim" => $interim_login, "uuid" => uniqid());
if (isset($_GET['redirect_to'])) {
$stateObj["redirect_to"] = $_GET['redirect_to'];
}
$state = json_encode($stateObj);
$options_obj = WP_Auth0::buildSettings(WP_Auth0_Options::get_options());
$options_obj = array_merge(array("callbackURL" => site_url('/index.php?auth0=1'), "authParams" => array("state" => $state)), $options_obj);
if (isset($specialSettings)) {
$options_obj = array_merge($options_obj, $specialSettings);
}
if (!$showAsModal) {
$options_obj['container'] = 'auth0-login-form';
}
if (!$allow_signup) {
$options_obj['disableSignupAction'] = true;
}
$options = json_encode($options_obj);
if (empty($client_id) || empty($domain)) {
?>
<p><?php
public static function render_allow_signup()
{
$v = absint(WP_Auth0_Options::get('allow_signup'));
echo '<input type="checkbox" name="' . WP_Auth0_Options::OPTIONS_NAME . '[allow_signup]" id="wpa0_allow_signup" value="1" ' . checked($v, 1, false) . '/>';
echo '<br/><span class="description">' . __('If you have database connection you can allow users to signup in the widget', WPA0_LANG) . '</span>';
}
private static function login_user($userinfo, $data)
{
// If the userinfo has no email or an unverified email, and in the options we require a verified email
// notify the user he cant login until he does so.
if (WP_Auth0_Options::get('requires_verified_email')) {
if (empty($userinfo->email)) {
$msg = __('This account does not have an email associated. Please login with a different provider.', WPA0_LANG);
$msg .= '<br/><br/>';
$msg .= '<a href="' . site_url() . '">' . __('← Go back', WPA0_LANG) . '</a>';
wp_die($msg);
}
if (!$userinfo->email_verified) {
self::dieWithVerifyEmail($userinfo, $data);
}
}
// See if there is a user in the auth0_user table with the user info client id
$user = self::findAuth0User($userinfo->user_id);
if (!is_null($user)) {
// User exists! Log in
self::updateAuth0Object($userinfo);
wp_set_auth_cookie($user->ID);
return true;
} else {
// If the user doesn't exist we need to either create a new one, or asign him to an existing one
$isDatabaseUser = false;
foreach ($userinfo->identities as $identity) {
if ($identity->provider == "auth0") {
$isDatabaseUser = true;
}
}
$joinUser = null;
// If the user has a verified email or is a database user try to see if there is
// a user to join with. The isDatabase is because we don't want to allow database
// user creation if there is an existing one with no verified email
if ($userinfo->email_verified || $isDatabaseUser) {
$joinUser = get_user_by('email', $userinfo->email);
}
if (!is_null($joinUser) && $joinUser instanceof WP_User) {
// If we are here, we have a potential join user
// Don't allow creation or assignation of user if the email is not verified, that would
// be hijacking
if (!$userinfo->email_verified) {
self::dieWithVerifyEmail($userinfo, $data);
}
$user_id = $joinUser->ID;
} else {
// If we are here, we need to create the user
$user_id = (int) WP_Auth0_Users::create_user($userinfo);
// Check if user was created
if ($user_id == -2) {
$msg = __('Error: Could not create user. The registration process were rejected. Please verify that your account is whitelisted for this system.', WPA0_LANG);
$msg .= '<br/><br/>';
$msg .= '<a href="' . site_url() . '">' . __('← Go back', WPA0_LANG) . '</a>';
wp_die($msg);
} elseif ($user_id < 0) {
$msg = __('Error: Could not create user.', WPA0_LANG);
$msg .= '<br/><br/>';
$msg .= '<a href="' . site_url() . '">' . __('← Go back', WPA0_LANG) . '</a>';
wp_die($msg);
}
}
// If we are here we should have a valid $user_id with a new user or an existing one
// log him in, and update the auth0_user table
self::insertAuth0User($userinfo, $user_id);
wp_set_auth_cookie($user_id);
return true;
}
}
dict: { signin: { title: '<?php
echo $title;
?>
' } }
});
widget.signin({
onestep: true,
theme: 'static',
standalone: true,
showIcon: <?php
echo $show_icon ? 'true' : 'false';
?>
,
icon: '<?php
echo $show_icon ? WP_Auth0_Options::get('icon_url') : '';
?>
'
}, callback);
</script>
<style type="text/css">
body.a0-widget-open>* {
display: inherit;
}
#loginform{
display: none;
}
#login #nav {
display: none;
}
<?php
$title = WP_Auth0_Options::get('form_title');
if (empty($title)) {
$title = "Auth0";
}
?>
<style>
#loginform,
.woocommerce-account .woocommerce h2,
.woocommerce-account .woocommerce form.login {
display: block !important;
}
</style>
<div id="extra-options">
<a href="?">← Back to <?php
echo $title;
?>
login</a>
</div>