/**
* Create the settings page
*
* Renders the settings page to the screen as defined by {@see setup_launchkey_settings_page}
*
* @since 1.0.0
*/
public function create_launchkey_settings_page()
{
$options = $this->get_launchkey_options();
$hasMcrypt = $this->wp_facade->extension_loaded('mcrypt');
$hasOpenSSL = $this->wp_facade->extension_loaded('openssl');
$hasCurl = $this->wp_facade->extension_loaded('curl');
$hasDOM = $this->wp_facade->extension_loaded('dom');
$hasPrerequisites = $hasCurl && $hasDOM && $hasMcrypt && $hasOpenSSL;
$this->render_template('admin/settings', array('callback_url' => $this->wp_facade->admin_url('admin-ajax.php?action=' . LaunchKey_WP_Native_Client::CALLBACK_AJAX_ACTION), 'sso_post_url' => $this->wp_facade->wp_login_url(), 'domain' => $this->wp_facade->parse_url($this->wp_facade->admin_url(), PHP_URL_HOST), 'rocket_key' => $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY], 'app_display_name' => $options[LaunchKey_WP_Options::OPTION_APP_DISPLAY_NAME], 'ssl_verify_checked' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY] ? 'checked="checked"' : '', 'mcrypt_pass_fail' => $hasMcrypt ? 'pass' : 'fail', 'openssl_pass_fail' => $hasOpenSSL ? 'pass' : 'fail', 'curl_pass_fail' => $hasCurl ? 'pass' : 'fail', 'dom_pass_fail' => $hasDOM ? 'pass' : 'fail', 'show_sso_next' => $hasPrerequisites ? 'show' : 'hide', 'show_sso_back' => $hasPrerequisites ? 'hide' : 'show', 'wp_username' => $this->wp_facade->wp_get_current_user()->user_login, 'sso_entity_id' => $options[LaunchKey_WP_Options::OPTION_SSO_ENTITY_ID], 'sso_public_key' => $options[LaunchKey_WP_Options::OPTION_SSO_CERTIFICATE], 'sso_login_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGIN_URL], 'sso_logout_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGOUT_URL], 'sso_error_url' => $options[LaunchKey_WP_Options::OPTION_SSO_ERROR_URL], 'settings-sso-visible' => LaunchKey_WP_Implementation_Type::SSO === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] ? "" : "hide", 'settings-standard-visible' => LaunchKey_WP_Implementation_Type::SSO === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] ? "hide" : ""));
}
/**
* launchkey_form - login form for wp-login.php
*
* @since 1.1.0
*
* @param string $class A space separated list of classes to set on the "class" attribute of a containing DIV for the login button
* @param string $id The value to set on the "id" attribute of a containing DIV for the login button
* @param string $style A string of HTML style code tto set on the "style" attribute of a containing DIV for the login button
*/
public function launchkey_form($class = '', $id = '', $style = '')
{
if (isset($_GET['launchkey_error'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'The LaunchKey request was denied or an issue was detected during authentication. Please try again.')));
} elseif (isset($_GET['launchkey_ssl_error'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was an error trying to request the LaunchKey servers. If this persists you may need to disable SSL verification.')));
} elseif (isset($_GET['launchkey_security'])) {
$this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was a security issue detected and you have been logged out for your safety. Log back in to ensure a secure session.')));
}
$container = SAML2_Utils::getContainer();
$request = new SAML2_AuthnRequest();
$request->setId($container->generateId());
//$request->setProviderName( parse_url( $this->wp_facade->home_url( '/' ), PHP_URL_HOST ) );
$request->setDestination($this->login_url);
$request->setIssuer($this->entity_id);
$request->setRelayState($this->wp_facade->admin_url());
$request->setAssertionConsumerServiceURL($this->wp_facade->wp_login_url());
$request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
$request->setIsPassive(false);
$request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true));
// Send it off using the HTTP-Redirect binding
$binding = new SAML2_HTTPRedirect();
$binding->setDestination($this->login_url);
$this->wp_facade->_echo($this->template->render_template('launchkey-form', array('class' => $class, 'id' => $id, 'style' => $style, 'login_url' => $binding->getRedirectURL($request), 'login_text' => 'Log in with', 'login_with_app_name' => 'LaunchKey', 'size' => in_array($this->wp_facade->get_locale(), array('fr_FR', 'es_ES')) ? 'small' : 'medium')));
}
/**
* @param $launchkey_user_hash
*/
private function prepare_for_launchkey_pair($launchkey_user_hash)
{
// Set the pair cookie with the LaunchKey user hash
$this->wp_facade->setcookie('launchkey_user', $launchkey_user_hash, $this->wp_facade->current_time('timestamp', true) + 300, COOKIEPATH, COOKIE_DOMAIN);
// Redirect to finish pairing
if (!$this->wp_facade->current_user_can('manage_options')) {
//not previously logged in
$this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?launchkey_pair=1");
} else {
//previously authenticated
$this->wp_facade->wp_redirect($this->wp_facade->admin_url("profile.php?launchkey_admin_pair=1&updated=1"));
}
}
/**
* @param string $saml_request
*
* @return null
*
* @since 1.1.0
*/
private function handle_saml_request($saml_request)
{
$this->saml_request_service->load_saml_request($saml_request);
if (!$this->saml_request_service->is_timestamp_within_restrictions($this->wp_facade->time())) {
$this->wp_facade->wp_die('Invalid Request', 400);
} elseif (!$this->saml_request_service->is_valid_destination($this->wp_facade->wp_login_url())) {
$this->wp_facade->wp_die('Invalid Request', 400);
} elseif (!($user = $this->wp_facade->get_user_by('login', $this->saml_request_service->get_name()))) {
$this->wp_facade->wp_die('Invalid Request', 400);
} elseif ($this->saml_request_service->get_session_index() != $user->get("launchkey_sso_session")) {
$this->wp_facade->wp_die('Invalid Request', 400);
} else {
$this->wp_facade->update_user_meta($user->ID, 'launchkey_authorized', 'false');
}
}
/**
* Init filter to see if a LaunchKey authenticated user has been de-orbited and log them out if that is the case
*
* @since 1.0.0
*/
public function launchkey_still_authenticated_page_load()
{
/**
* If the current session
*/
if ($this->wp_facade->is_user_logged_in()) {
// Get the current user
$user = $this->wp_facade->wp_get_current_user();
// If they have been de-authorized
if (false === $this->get_user_authorized($user->ID)) {
// Log out the user
$this->wp_facade->wp_logout();
// Reset the LaunchKey auth properties
$this->reset_auth($user->ID);
$this->wp_facade->wp_redirect($this->wp_facade->wp_login_url());
$this->wp_facade->_exit();
}
}
}
