/** * launchkey_form - login form for wp-login.php * * @since 1.1.0 * * @param string $class A space separated list of classes to set on the "class" attribute of a containing DIV for the login button * @param string $id The value to set on the "id" attribute of a containing DIV for the login button * @param string $style A string of HTML style code tto set on the "style" attribute of a containing DIV for the login button */ public function launchkey_form($class = '', $id = '', $style = '') { if (isset($_GET['launchkey_error'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'The LaunchKey request was denied or an issue was detected during authentication. Please try again.'))); } elseif (isset($_GET['launchkey_ssl_error'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was an error trying to request the LaunchKey servers. If this persists you may need to disable SSL verification.'))); } elseif (isset($_GET['launchkey_security'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was a security issue detected and you have been logged out for your safety. Log back in to ensure a secure session.'))); } $container = SAML2_Utils::getContainer(); $request = new SAML2_AuthnRequest(); $request->setId($container->generateId()); //$request->setProviderName( parse_url( $this->wp_facade->home_url( '/' ), PHP_URL_HOST ) ); $request->setDestination($this->login_url); $request->setIssuer($this->entity_id); $request->setRelayState($this->wp_facade->admin_url()); $request->setAssertionConsumerServiceURL($this->wp_facade->wp_login_url()); $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST); $request->setIsPassive(false); $request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true)); // Send it off using the HTTP-Redirect binding $binding = new SAML2_HTTPRedirect(); $binding->setDestination($this->login_url); $this->wp_facade->_echo($this->template->render_template('launchkey-form', array('class' => $class, 'id' => $id, 'style' => $style, 'login_url' => $binding->getRedirectURL($request), 'login_text' => 'Log in with', 'login_with_app_name' => 'LaunchKey', 'size' => in_array($this->wp_facade->get_locale(), array('fr_FR', 'es_ES')) ? 'small' : 'medium'))); }
/** * @return string */ private function get_settings_page($wizard = false) { $page = $this->is_multi_site ? 'network/settings.php' : 'options-general.php'; $page .= '?page=launchkey-settings'; $page .= $wizard ? '#wizard-1' : ''; return $this->wp_facade->admin_url($page); }
/** * @since 1.0.0 */ public function enqueue_wizard_script() { if ($this->wp_facade->current_user_can('manage_options')) { $options = $this->get_option(); $this->wp_facade->wp_enqueue_script('launchkey-wizard-script', $this->wp_facade->plugins_url('/public/launchkey-wizard.js', dirname(__FILE__)), array('jquery'), '1.0.0', true); $this->wp_facade->wp_localize_script('launchkey-wizard-script', 'launchkey_wizard_config', array('nonce' => $this->wp_facade->wp_create_nonce(static::WIZARD_NONCE_KEY), 'is_configured' => $this->is_plugin_configured($options), 'implementation_type' => $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE], 'url' => $this->wp_facade->admin_url('admin-ajax.php?action=' . static::DATA_SUBMIT_AJAX_ACTION))); } }
/** * @param $launchkey_user_hash */ private function prepare_for_launchkey_pair($launchkey_user_hash) { // Set the pair cookie with the LaunchKey user hash $this->wp_facade->setcookie('launchkey_user', $launchkey_user_hash, $this->wp_facade->current_time('timestamp', true) + 300, COOKIEPATH, COOKIE_DOMAIN); // Redirect to finish pairing if (!$this->wp_facade->current_user_can('manage_options')) { //not previously logged in $this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?launchkey_pair=1"); } else { //previously authenticated $this->wp_facade->wp_redirect($this->wp_facade->admin_url("profile.php?launchkey_admin_pair=1&updated=1")); } }
/** * @return string */ private function get_config_wizard_url() { return $this->wp_facade->admin_url('tools.php?page=launchkey-config-wizard'); }
public function wizard_easy_setup_callback() { $headers = array(); array_walk($_SERVER, function ($value, $key) use(&$headers) { if (preg_match('/^HTTP\\_(.+)$/', $key, $matches)) { $headers[str_replace('_', '-', $matches[1])] = $value; } }); preg_match('/^[^\\/]+\\/(.*)$/', $_SERVER['SERVER_PROTOCOL'], $matches); $protocol_version = $matches ? $matches[1] : null; $request = new Request($_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'], $headers, $this->wp_facade->fopen('php://input', 'rb'), $protocol_version); $http_response = new Response(); if ($request->hasHeader('signature')) { try { // Have the SDK client handle the callback $response = $this->launchkey_client->serverSentEvent()->handleEvent($request, $http_response); if ($response instanceof \LaunchKey\SDK\Domain\RocketCreated) { $config = $this->get_option(LaunchKey_WP_Configuration_Wizard::EASY_SETUP_OPTION); if (empty($config['nonce']) || !$config['nonce'] instanceof \LaunchKey\SDK\Domain\NonceResponse) { throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError(sprintf('Easy config request with no valid "nonce" in option "%s"', LaunchKey_WP_Configuration_Wizard::EASY_SETUP_OPTION)); } // Delete the option, valid or not. $this->wp_facade->delete_option(LaunchKey_WP_Configuration_Wizard::EASY_SETUP_OPTION); // Check for expiration of the nonce $expires = $config['nonce']->getExpiration(); if ($expires <= new DateTime("now", new DateTimeZone("UTC"))) { throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError('Easy config "nonce" has expired'); } $rocketConfig = $response->getRocketConfig($this->crypt_service, $config['nonce']->getNonce()); $expected_callback_url = $this->wp_facade->admin_url('admin-ajax.php?action=' . LaunchKey_WP_Native_Client::CALLBACK_AJAX_ACTION); // Verify the callback URL before attempting to decrypt the data $actual_callback_url = $rocketConfig->getCallbackURL(); if ($actual_callback_url !== $expected_callback_url) { throw new \LaunchKey\SDK\Service\Exception\InvalidRequestError(sprintf('Easy config is not for this site based on callback. Expected: %s, Actual: %s.', $expected_callback_url, $actual_callback_url)); } $options = $this->get_option(LaunchKey_WP_Admin::OPTION_KEY); $rocket_type = $rocketConfig->isWhiteLabel() ? LaunchKey_WP_Implementation_Type::WHITE_LABEL : LaunchKey_WP_Implementation_Type::NATIVE; // Update options from server sent event service response $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] = $rocket_type; $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY] = $rocketConfig->getKey(); $options[LaunchKey_WP_Options::OPTION_SECRET_KEY] = $rocketConfig->getSecret(); $options[LaunchKey_WP_Options::OPTION_PRIVATE_KEY] = $rocketConfig->getPrivateKey(); $this->update_option(LaunchKey_WP_Admin::OPTION_KEY, $options); $response_string = ""; $body = $http_response->getBody(); $body->rewind(); while ($segment = $body->read(256)) { $response_string .= $segment; } $this->wp_facade->header("Content-Type: text/plain", true, $http_response->getStatusCode()); $this->wp_facade->wp_die($response_string); } } catch (\Exception $e) { if ($this->wp_facade->is_debug_log()) { $this->wp_facade->error_log('Callback Exception: ' . $e->getMessage()); } if ($e instanceof \LaunchKey\SDK\Service\Exception\InvalidRequestError) { $this->wp_facade->http_response_code(400); $this->wp_facade->wp_die('Invalid Request'); } else { $this->wp_facade->http_response_code(500); $this->wp_facade->wp_die('Server Error'); } } } }