/**
* launchkey_form - login form for wp-login.php
*
* @since 1.1.0
*
* @param string $class A space separated list of classes to set on the "class" attribute of a containing DIV for the login button
* @param string $id The value to set on the "id" attribute of a containing DIV for the login button
* @param string $style A string of HTML style code tto set on the "style" attribute of a containing DIV for the login button
*/
public function launchkey_form($class = '', $id = '', $style = '')
{
if (isset($_GET['launchkey_error'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'The LaunchKey request was denied or an issue was detected during authentication. Please try again.')));
} elseif (isset($_GET['launchkey_ssl_error'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was an error trying to request the LaunchKey servers. If this persists you may need to disable SSL verification.')));
} elseif (isset($_GET['launchkey_security'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was a security issue detected and you have been logged out for your safety. Log back in to ensure a secure session.')));
}
$container = SAML2_Utils::getContainer();
$request = new SAML2_AuthnRequest();
$request->setId($container->generateId());
//$request->setProviderName( parse_url( $this->wp_facade->home_url( '/' ), PHP_URL_HOST ) );
$request->setDestination($this->login_url);
$request->setIssuer($this->entity_id);
$request->setRelayState($this->wp_facade->admin_url());
$request->setAssertionConsumerServiceURL($this->wp_facade->wp_login_url());
$request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$request->setIsPassive(false);
$request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true));
// Send it off using the HTTP-Redirect binding
$binding = new SAML2_HTTPRedirect();
$binding->setDestination($this->login_url);
$this->wp_facade->_echo($this->template->render_template('launchkey-form', array('class' => $class, 'id' => $id, 'style' => $style, 'login_url' => $binding->getRedirectURL($request), 'login_text' => 'Log in with', 'login_with_app_name' => 'LaunchKey', 'size' => in_array($this->wp_facade->get_locale(), array('fr_FR', 'es_ES')) ? 'small' : 'medium')));
}
/**
* @return string
*/
private function get_settings_page($wizard = false)
{
$page = $this->is_multi_site ? 'network/settings.php' : 'options-general.php';
$page .= '?page=launchkey-settings';
$page .= $wizard ? '#wizard-1' : '';
return $this->wp_facade->admin_url($page);
}
/**
* @since 1.0.0
*/
public function enqueue_wizard_script()
{
if ($this->wp_facade->current_user_can('manage_options')) {
$options = $this->get_option();
$this->wp_facade->wp_enqueue_script('launchkey-wizard-script', $this->wp_facade->plugins_url('/public/launchkey-wizard.js', dirname(__FILE__)), array('jquery'), '1.0.0', true);
$this->wp_facade->wp_localize_script('launchkey-wizard-script', 'launchkey_wizard_config', array('nonce' => $this->wp_facade->wp_create_nonce(static::WIZARD_NONCE_KEY), 'is_configured' => $this->is_plugin_configured($options), 'implementation_type' => $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE], 'url' => $this->wp_facade->admin_url('admin-ajax.php?action=' . static::DATA_SUBMIT_AJAX_ACTION)));
}
}
/**
* @param $launchkey_user_hash
*/
private function prepare_for_launchkey_pair($launchkey_user_hash)
{
// Set the pair cookie with the LaunchKey user hash
$this->wp_facade->setcookie('launchkey_user', $launchkey_user_hash, $this->wp_facade->current_time('timestamp', true) + 300, COOKIEPATH, COOKIE_DOMAIN);
// Redirect to finish pairing
if (!$this->wp_facade->current_user_can('manage_options')) {
//not previously logged in
$this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?launchkey_pair=1");
} else {
//previously authenticated
$this->wp_facade->wp_redirect($this->wp_facade->admin_url("profile.php?launchkey_admin_pair=1&updated=1"));
}
}
/**
* @return string
*/
private function get_config_wizard_url()
{
return $this->wp_facade->admin_url('tools.php?page=launchkey-config-wizard');
}
public function wizard_easy_setup_callback()
{
$headers = array();
array_walk($_SERVER, function ($value, $key) use(&$headers) {
if (preg_match('/^HTTP\\_(.+)$/', $key, $matches)) {
$headers[str_replace('_', '-', $matches[1])] = $value;
}
});
preg_match('/^[^\\/]+\\/(.*)$/', $_SERVER['SERVER_PROTOCOL'], $matches);
$protocol_version = $matches ? $matches[1] : null;
$request = new Request($_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'], $headers, $this->wp_facade->fopen('php://input', 'rb'), $protocol_version);
$http_response = new Response();
if ($request->hasHeader('signature')) {
try {
// Have the SDK client handle the callback
$response = $this->launchkey_client->serverSentEvent()->handleEvent($request, $http_response);
if ($response instanceof \LaunchKey\SDK\Domain\RocketCreated) {
$config = $this->get_option(LaunchKey_WP_Configuration_Wizard::EASY_SETUP_OPTION);
if (empty($config['nonce']) || !$config['nonce'] instanceof \LaunchKey\SDK\Domain\NonceResponse) {
throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError(sprintf('Easy config request with no valid "nonce" in option "%s"', LaunchKey_WP_Configuration_Wizard::EASY_SETUP_OPTION));
}
// Delete the option, valid or not.
$this->wp_facade->delete_option(LaunchKey_WP_Configuration_Wizard::EASY_SETUP_OPTION);
// Check for expiration of the nonce
$expires = $config['nonce']->getExpiration();
if ($expires <= new DateTime("now", new DateTimeZone("UTC"))) {
throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError('Easy config "nonce" has expired');
}
$rocketConfig = $response->getRocketConfig($this->crypt_service, $config['nonce']->getNonce());
$expected_callback_url = $this->wp_facade->admin_url('admin-ajax.php?action=' . LaunchKey_WP_Native_Client::CALLBACK_AJAX_ACTION);
// Verify the callback URL before attempting to decrypt the data
$actual_callback_url = $rocketConfig->getCallbackURL();
if ($actual_callback_url !== $expected_callback_url) {
throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError(sprintf('Easy config is not for this site based on callback. Expected: %s, Actual: %s.', $expected_callback_url, $actual_callback_url));
}
$options = $this->get_option(LaunchKey_WP_Admin::OPTION_KEY);
$rocket_type = $rocketConfig->isWhiteLabel() ? LaunchKey_WP_Implementation_Type::WHITE_LABEL : LaunchKey_WP_Implementation_Type::NATIVE;
// Update options from server sent event service response
$options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] = $rocket_type;
$options[LaunchKey_WP_Options::OPTION_ROCKET_KEY] = $rocketConfig->getKey();
$options[LaunchKey_WP_Options::OPTION_SECRET_KEY] = $rocketConfig->getSecret();
$options[LaunchKey_WP_Options::OPTION_PRIVATE_KEY] = $rocketConfig->getPrivateKey();
$this->update_option(LaunchKey_WP_Admin::OPTION_KEY, $options);
$response_string = "";
$body = $http_response->getBody();
$body->rewind();
while ($segment = $body->read(256)) {
$response_string .= $segment;
}
$this->wp_facade->header("Content-Type: text/plain", true, $http_response->getStatusCode());
$this->wp_facade->wp_die($response_string);
}
} catch (\Exception $e) {
if ($this->wp_facade->is_debug_log()) {
$this->wp_facade->error_log('Callback Exception: ' . $e->getMessage());
}
if ($e instanceof \LaunchKey\SDK\Service\Exception\InvalidRequestError) {
$this->wp_facade->http_response_code(400);
$this->wp_facade->wp_die('Invalid Request');
} else {
$this->wp_facade->http_response_code(500);
$this->wp_facade->wp_die('Server Error');
}
}
}
}
