/** * Create the settings page * * Renders the settings page to the screen as defined by {@see setup_launchkey_settings_page} * * @since 1.0.0 */ public function create_launchkey_settings_page() { $options = $this->get_launchkey_options(); $hasMcrypt = $this->wp_facade->extension_loaded('mcrypt'); $hasOpenSSL = $this->wp_facade->extension_loaded('openssl'); $hasCurl = $this->wp_facade->extension_loaded('curl'); $hasDOM = $this->wp_facade->extension_loaded('dom'); $hasPrerequisites = $hasCurl && $hasDOM && $hasMcrypt && $hasOpenSSL; $this->render_template('admin/settings', array('callback_url' => $this->wp_facade->admin_url('admin-ajax.php?action=' . LaunchKey_WP_Native_Client::CALLBACK_AJAX_ACTION), 'sso_post_url' => $this->wp_facade->wp_login_url(), 'domain' => $this->wp_facade->parse_url($this->wp_facade->admin_url(), PHP_URL_HOST), 'rocket_key' => $options[LaunchKey_WP_Options::OPTION_ROCKET_KEY], 'app_display_name' => $options[LaunchKey_WP_Options::OPTION_APP_DISPLAY_NAME], 'ssl_verify_checked' => $options[LaunchKey_WP_Options::OPTION_SSL_VERIFY] ? 'checked="checked"' : '', 'mcrypt_pass_fail' => $hasMcrypt ? 'pass' : 'fail', 'openssl_pass_fail' => $hasOpenSSL ? 'pass' : 'fail', 'curl_pass_fail' => $hasCurl ? 'pass' : 'fail', 'dom_pass_fail' => $hasDOM ? 'pass' : 'fail', 'show_sso_next' => $hasPrerequisites ? 'show' : 'hide', 'show_sso_back' => $hasPrerequisites ? 'hide' : 'show', 'wp_username' => $this->wp_facade->wp_get_current_user()->user_login, 'sso_entity_id' => $options[LaunchKey_WP_Options::OPTION_SSO_ENTITY_ID], 'sso_public_key' => $options[LaunchKey_WP_Options::OPTION_SSO_CERTIFICATE], 'sso_login_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGIN_URL], 'sso_logout_url' => $options[LaunchKey_WP_Options::OPTION_SSO_LOGOUT_URL], 'sso_error_url' => $options[LaunchKey_WP_Options::OPTION_SSO_ERROR_URL], 'settings-sso-visible' => LaunchKey_WP_Implementation_Type::SSO === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] ? "" : "hide", 'settings-standard-visible' => LaunchKey_WP_Implementation_Type::SSO === $options[LaunchKey_WP_Options::OPTION_IMPLEMENTATION_TYPE] ? "hide" : "")); }
/** * launchkey_form - login form for wp-login.php * * @since 1.1.0 * * @param string $class A space separated list of classes to set on the "class" attribute of a containing DIV for the login button * @param string $id The value to set on the "id" attribute of a containing DIV for the login button * @param string $style A string of HTML style code tto set on the "style" attribute of a containing DIV for the login button */ public function launchkey_form($class = '', $id = '', $style = '') { if (isset($_GET['launchkey_error'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'The LaunchKey request was denied or an issue was detected during authentication. Please try again.'))); } elseif (isset($_GET['launchkey_ssl_error'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was an error trying to request the LaunchKey servers. If this persists you may need to disable SSL verification.'))); } elseif (isset($_GET['launchkey_security'])) { $this->wp_facade->_echo($this->template->render_template('error', array('error' => 'Error!', 'message' => 'There was a security issue detected and you have been logged out for your safety. Log back in to ensure a secure session.'))); } $container = SAML2_Utils::getContainer(); $request = new SAML2_AuthnRequest(); $request->setId($container->generateId()); //$request->setProviderName( parse_url( $this->wp_facade->home_url( '/' ), PHP_URL_HOST ) ); $request->setDestination($this->login_url); $request->setIssuer($this->entity_id); $request->setRelayState($this->wp_facade->admin_url()); $request->setAssertionConsumerServiceURL($this->wp_facade->wp_login_url()); $request->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST); $request->setIsPassive(false); $request->setNameIdPolicy(array('Format' => SAML2_Const::NAMEID_PERSISTENT, 'AllowCreate' => true)); // Send it off using the HTTP-Redirect binding $binding = new SAML2_HTTPRedirect(); $binding->setDestination($this->login_url); $this->wp_facade->_echo($this->template->render_template('launchkey-form', array('class' => $class, 'id' => $id, 'style' => $style, 'login_url' => $binding->getRedirectURL($request), 'login_text' => 'Log in with', 'login_with_app_name' => 'LaunchKey', 'size' => in_array($this->wp_facade->get_locale(), array('fr_FR', 'es_ES')) ? 'small' : 'medium'))); }
/** * @param $launchkey_user_hash */ private function prepare_for_launchkey_pair($launchkey_user_hash) { // Set the pair cookie with the LaunchKey user hash $this->wp_facade->setcookie('launchkey_user', $launchkey_user_hash, $this->wp_facade->current_time('timestamp', true) + 300, COOKIEPATH, COOKIE_DOMAIN); // Redirect to finish pairing if (!$this->wp_facade->current_user_can('manage_options')) { //not previously logged in $this->wp_facade->wp_redirect($this->wp_facade->wp_login_url() . "?launchkey_pair=1"); } else { //previously authenticated $this->wp_facade->wp_redirect($this->wp_facade->admin_url("profile.php?launchkey_admin_pair=1&updated=1")); } }
/** * @param string $saml_request * * @return null * * @since 1.1.0 */ private function handle_saml_request($saml_request) { $this->saml_request_service->load_saml_request($saml_request); if (!$this->saml_request_service->is_timestamp_within_restrictions($this->wp_facade->time())) { $this->wp_facade->wp_die('Invalid Request', 400); } elseif (!$this->saml_request_service->is_valid_destination($this->wp_facade->wp_login_url())) { $this->wp_facade->wp_die('Invalid Request', 400); } elseif (!($user = $this->wp_facade->get_user_by('login', $this->saml_request_service->get_name()))) { $this->wp_facade->wp_die('Invalid Request', 400); } elseif ($this->saml_request_service->get_session_index() != $user->get("launchkey_sso_session")) { $this->wp_facade->wp_die('Invalid Request', 400); } else { $this->wp_facade->update_user_meta($user->ID, 'launchkey_authorized', 'false'); } }
/** * Init filter to see if a LaunchKey authenticated user has been de-orbited and log them out if that is the case * * @since 1.0.0 */ public function launchkey_still_authenticated_page_load() { /** * If the current session */ if ($this->wp_facade->is_user_logged_in()) { // Get the current user $user = $this->wp_facade->wp_get_current_user(); // If they have been de-authorized if (false === $this->get_user_authorized($user->ID)) { // Log out the user $this->wp_facade->wp_logout(); // Reset the LaunchKey auth properties $this->reset_auth($user->ID); $this->wp_facade->wp_redirect($this->wp_facade->wp_login_url()); $this->wp_facade->_exit(); } } }