/**
* @since 1.0.0
*/
public function verify_configuration_callback()
{
if (isset($_REQUEST['nonce']) && $this->wp_facade->wp_verify_nonce($_REQUEST['nonce'], static::VERIFIER_NONCE_KEY)) {
$user = $this->wp_facade->wp_get_current_user();
$response = array('nonce' => $this->wp_facade->wp_create_nonce(static::VERIFIER_NONCE_KEY));
if (stripos($_SERVER['REQUEST_METHOD'], 'POST') !== false && isset($_POST['verify_action']) && 'pair' === $_POST['verify_action']) {
try {
$white_label_user = $this->launchkey_client->whiteLabel()->createUser($user->user_login);
$response['qrcode_url'] = $white_label_user->getQrCodeUrl();
$response['manual_code'] = $white_label_user->getCode();
} catch (Exception $e) {
$response['error'] = $e->getCode();
}
} elseif (stripos($_SERVER['REQUEST_METHOD'], 'POST') !== false) {
$response['completed'] = false;
try {
$username = empty($_POST['username']) ? $user->user_login : $_POST['username'];
$auth_request = $this->launchkey_client->auth()->authorize($username);
$this->wp_facade->update_user_meta($user->ID, 'launchkey_username', $username);
$this->wp_facade->update_user_meta($user->ID, 'launchkey_auth', $auth_request->getAuthRequestId());
$this->wp_facade->update_user_meta($user->ID, 'launchkey_authorized', null);
} catch (Exception $e) {
$response['error'] = $e->getCode();
}
} else {
$db = $this->wp_facade->get_wpdb();
$value = $db->get_var($db->prepare("SELECT meta_value FROM {$db->usermeta} WHERE user_id = %s AND meta_key = 'launchkey_authorized' LIMIT 1", $user->ID));
$response['completed'] = !empty($value);
}
$this->wp_facade->wp_send_json($response);
}
}
/**
* Create the settings page
*
* Renders the settings page to the screen as defined by {@see setup_launchkey_settings_page}
*
* @since 1.0.0
*/
public function create_launchkey_settings_page()
{
$options = $this->get_launchkey_options();
$hasMcrypt = $this->wp_facade->extension_loaded('mcrypt');
$hasOpenSSL = $this->wp_facade->extension_loaded('openssl');
$hasCurl = $this->wp_facade->extension_loaded('curl');
$hasDOM = $this->wp_facade->extension_loaded('dom');
$hasPrerequisites = $hasCurl && $hasDOM && $hasMcrypt && $hasOpenSSL;
$this->render_template('admin/settings', array('callback_url' => $this->wp_facade->admin_url('admin-ajax.php?action=' . LaunchKey_WP_Native_Client::CALLBACK_AJAX_ACTION), 'sso_post_url' => $this->wp_facade->wp_login_url(), 'domain' => $this->wp_facade->parse_url($this->wp_facade->admin_url(), PHP_URL_HOST), 'rocket_key' => $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY], 'app_display_name' => $options[LaunchKey_WP_Options::OPTION_APP_DISPLAY_NAME], 'ssl_verify_checked' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY] ? 'checked="checked"' : '', 'mcrypt_pass_fail' => $hasMcrypt ? 'pass' : 'fail', 'openssl_pass_fail' => $hasOpenSSL ? 'pass' : 'fail', 'curl_pass_fail' => $hasCurl ? 'pass' : 'fail', 'dom_pass_fail' => $hasDOM ? 'pass' : 'fail', 'show_sso_next' => $hasPrerequisites ? 'show' : 'hide', 'show_sso_back' => $hasPrerequisites ? 'hide' : 'show', 'wp_username' => $this->wp_facade->wp_get_current_user()->user_login, 'sso_entity_id' => $options[LaunchKey_WP_Options::OPTION_SSO_ENTITY_ID], 'sso_public_key' => $options[LaunchKey_WP_Options::OPTION_SSO_CERTIFICATE], 'sso_login_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGIN_URL], 'sso_logout_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGOUT_URL], 'sso_error_url' => $options[LaunchKey_WP_Options::OPTION_SSO_ERROR_URL], 'settings-sso-visible' => LaunchKey_WP_Implementation_Type::SSO === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] ? "" : "hide", 'settings-standard-visible' => LaunchKey_WP_Implementation_Type::SSO === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] ? "hide" : ""));
}
/**
* Create the settings page
*
* Renders the settings page to the screen as defined by {@see setup_launchkey_settings_page}
*
* @since 1.0.0
*/
public function create_launchkey_settings_page()
{
$options = $this->get_launchkey_options();
$hasMcrypt = $this->wp_facade->extension_loaded('mcrypt');
$hasOpenSSL = $this->wp_facade->extension_loaded('openssl');
$hasCurl = $this->wp_facade->extension_loaded('curl');
$hasDOM = $this->wp_facade->extension_loaded('dom');
$hasPrerequisites = $hasCurl && $hasDOM && $hasMcrypt && $hasOpenSSL;
$this->render_template('admin/settings', array('callback_url' => $this->get_callback_url(), 'sso_post_url' => $this->wp_facade->site_url('wp-login.php', 'login_post'), 'domain' => $this->wp_facade->parse_url($this->wp_facade->admin_url(), PHP_URL_HOST), 'rocket_key' => $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY], 'app_display_name' => $options[LaunchKey_WP_Options::OPTION_APP_DISPLAY_NAME], 'ssl_verify_checked' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY] ? 'checked="checked"' : '', 'mcrypt_pass_fail' => $hasMcrypt ? 'pass' : 'fail', 'openssl_pass_fail' => $hasOpenSSL ? 'pass' : 'fail', 'curl_pass_fail' => $hasCurl ? 'pass' : 'fail', 'dom_pass_fail' => $hasDOM ? 'pass' : 'fail', 'show_sso_next' => $hasPrerequisites ? 'show' : 'hide', 'show_sso_back' => $hasPrerequisites ? 'hide' : 'show', 'wp_username' => $this->wp_facade->wp_get_current_user()->user_login, 'sso_entity_id' => $options[LaunchKey_WP_Options::OPTION_SSO_ENTITY_ID], 'sso_public_key' => $options[LaunchKey_WP_Options::OPTION_SSO_CERTIFICATE], 'sso_login_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGIN_URL], 'sso_logout_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGOUT_URL], 'sso_error_url' => $options[LaunchKey_WP_Options::OPTION_SSO_ERROR_URL]));
}
/**
* launchkey_admin_callback - performed during admin_init action
*
*/
public function launchkey_admin_callback()
{
$options = $this->get_option();
if (isset($_GET['launchkey_admin_pair'])) {
$user = $this->wp_facade->wp_get_current_user();
$this->launchkey_pair("", $user->data);
}
//check status of oauth access token
if (isset($_COOKIE['launchkey_access_token'])) {
$args = array('httpversion' => '1.1', 'headers' => array('Authorization' => 'Bearer ' . $_COOKIE['launchkey_access_token'], 'Connection' => 'close'), 'sslverify' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY], 'timeout' => $options[LaunchKey_WP_Options::OPTION_REQUEST_TIMEOUT]);
$oauth_response = $this->wp_facade->wp_remote_post("{$this->base_url}/resource/ping", $args);
$response_object = $oauth_response instanceof WP_Error ? null : json_decode($oauth_response['body'], true);
if ($response_object && isset($response_object['message'])) {
if ($response_object['message'] != 'valid') {
//refresh_token
if (isset($_COOKIE['launchkey_refresh_token'])) {
//prepare data for access token
$data = array('httpversion' => '1.1', 'body' => array('client_id' => $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY], 'client_secret' => $options[LaunchKey_WP_Options::OPTION_SECRET_KEY], 'redirect_uri' => $this->wp_facade->admin_url(), 'refresh_token' => $_COOKIE['launchkey_refresh_token'], 'grant_type' => "refresh_token"), 'sslverify' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY], 'timeout' => $options[LaunchKey_WP_Options::OPTION_REQUEST_TIMEOUT], 'headers' => array('Connection' => 'close'));
//make oauth call
$oauth_get = $this->wp_facade->wp_remote_post("{$this->base_url}/access_token", $data);
if (!$this->wp_facade->is_wp_error($oauth_get)) {
$oauth_response = json_decode($oauth_get['body'], true);
} else {
$this->wp_facade->wp_logout();
$this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?launchkey_ssl_error=1");
return;
}
if (isset($oauth_response['refresh_token']) && isset($oauth_response['access_token'])) {
$launchkey_access_token = $oauth_response['access_token'];
$launchkey_refresh_token = $oauth_response['refresh_token'];
$timestamp = $this->wp_facade->current_time('timestamp', true);
$launchkey_expires = $timestamp + $oauth_response['expires_in'];
$cookie_expires = $timestamp + 86400 * 30;
$this->wp_facade->setcookie('launchkey_access_token', $launchkey_access_token, $cookie_expires, COOKIEPATH, COOKIE_DOMAIN);
$this->wp_facade->setcookie('launchkey_refresh_token', $launchkey_refresh_token, $cookie_expires, COOKIEPATH, COOKIE_DOMAIN);
$this->wp_facade->setcookie('launchkey_expires', $launchkey_expires, $cookie_expires, COOKIEPATH, COOKIE_DOMAIN);
} else {
$this->wp_facade->wp_logout();
$this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?loggedout=1");
return;
}
} else {
$this->wp_facade->wp_logout();
$this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?loggedout=1");
return;
}
}
} else {
$this->wp_facade->wp_logout();
$this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?launchkey_ssl_error=1");
return;
}
}
}
/**
* Method to handle redirects for logout of the LaunchKey SSO service
*
* '@since 1.1.0
*/
public function logout()
{
if ($user = $this->wp_facade->wp_get_current_user()) {
// And that user has logged in with LaunchKey SSO
if (!empty($user->launchkey_sso_session)) {
// Reset the SSO session
$this->wp_facade->update_user_meta($user->ID, 'launchkey_sso_session', null);
// Redirect to SSO logout
$this->wp_facade->wp_redirect($this->logout_url);
exit;
}
}
}
/**
* Compile the data that will be used by the front end to generate a QR Code for WordPress auto-config.
* @since 1.4.0
*/
public function wizard_easy_setup_qr_code()
{
if (isset($_POST['nonce'])) {
if ($this->wp_facade->wp_verify_nonce($_POST['nonce'], static::WIZARD_NONCE_KEY) && $this->wp_facade->current_user_can('manage_options')) {
$lk_nonce = $this->launchkey_client->auth()->nonce();
$this->update_option(static::EASY_SETUP_OPTION, array('nonce' => $lk_nonce, 'username' => $this->wp_facade->wp_get_current_user()->user_login));
$payload = json_encode(array('nonce' => $lk_nonce->getNonce(), 'payload' => array('callback_url' => $this->admin->get_callback_url(), 'rocket_name' => $this->wp_facade->get_bloginfo('name'))));
$qr_data = base64_encode($payload);
$response['nonce'] = $this->wp_facade->wp_create_nonce(static::WIZARD_NONCE_KEY);
$response['qr_code'] = $qr_data;
} else {
$response['errors'] = $this->wp_facade->__("An error occurred submitting the page. Please refresh the page and submit again.");
}
$this->wp_facade->wp_send_json($response);
}
}
/**
* Hearbeat filter to see if a LaunchKey authenticated user has been de-orbited and log them out if that is the case
*
* @since 1.0.0
*/
public function launchkey_still_authenticated_heartbeat()
{
/**
* If the current session
*/
if ($this->wp_facade->is_user_logged_in()) {
// Get the current user
$user = $this->wp_facade->wp_get_current_user();
// If they have been de-authorized
if (false === $this->get_user_authorized($user->ID)) {
// Log out the user
$this->wp_facade->wp_logout();
// Reset the LaunchKey auth properties
$this->reset_auth($user->ID);
}
}
}
