diff --git a/includes/filters.php b/includes/filters.php index 98396f8..bd5ddad 100644 --- a/includes/filters.php +++ b/includes/filters.php @@ -81,25 +81,23 @@ function wo_default_scopes () { /** * DEFAULT DESTROY METHOD * This method has been added to help secure installs that want to manually destroy sessions (valid access tokens). - * * @since 3.1.5 */ function _wo_method_destroy ( $token = null ) { $access_token = &$token['access_token']; - global $wpdb; - $stmt = $wpdb->delete("{$wpdb->prefix}oauth_access_tokens", array("access_token" => $access_token ) ); + $stmt = $wpdb->delete("{$wpdb->prefix}oauth_access_tokens", array( 'access_token' => $access_token ) ); /** If there is a refresh token we need to remove it as well. */ - if( !empty( $_REQUEST[ 'refresh_token' ] ) ) - $stmt = $wpdb->delete("{$wpdb->prefix}oauth_refresh_tokens", array("refresh_token" => $_REQUEST['refresh_token'] ) ); + if( ! empty( $_REQUEST[ 'refresh_token' ] ) ) + $stmt = $wpdb->delete("{$wpdb->prefix}oauth_refresh_tokens", array( 'refresh_token' => $_REQUEST['refresh_token'] ) ); /** Prepare the return */ - $response = new OAuth2\Response(array( + $response = new OAuth2\Response( array( 'status' => true, - 'description' => 'Session destroyed successfully') - ); + 'description' => 'Session destroyed successfully' + ) ); $response->send(); exit; } @@ -109,25 +107,19 @@ function _wo_method_destroy ( $token = null ) { * This is the default resource call "/oauth/me". Do not edit or remove. */ function _wo_method_me ( $token = null ) { - - /** - * Added 3.0.2 to handle access tokens not assigned to user - */ - if (!isset($token['user_id']) || $token['user_id'] == 0) { + if ( ! isset( $token['user_id'] ) || $token['user_id'] == 0 ) { $response = new OAuth2\Response(); - $response->setError(400, 'invalid_request', 'Missing or invalid access token'); + $response->setError( 400, 'invalid_request', 'Missing or invalid access token' ); $response->send(); exit; } - $user_id = &$token['user_id']; - global $wpdb; - $me_data = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}users WHERE ID=$user_id", ARRAY_A); + $user = get_user_by( 'id', $token['user_id'] ); + $me_data = (array) $user->data; - /** prevent sensitive data - makes me happy ;) */ - unset($me_data['user_pass']); - unset($me_data['user_activation_key']); - unset($me_data['user_url']); + unset( $me_data['user_pass'] ); + unset( $me_data['user_activation_key'] ); + unset( $me_data['user_url'] ); /** * @since 3.0.5 @@ -136,7 +128,7 @@ function _wo_method_me ( $token = null ) { */ $me_data['email'] = $me_data['user_email']; - $response = new OAuth2\Response($me_data); + $response = new OAuth2\Response( $me_data ); $response->send(); exit; } \ No newline at end of file diff --git a/library/OAuth2/Storage/Wordpressdb.php b/library/OAuth2/Storage/Wordpressdb.php index 2348202..b7b4b2b 100644 --- a/library/OAuth2/Storage/Wordpressdb.php +++ b/library/OAuth2/Storage/Wordpressdb.php @@ -13,610 +13,609 @@ * @author Justin Greer */ class Wordpressdb implements - AuthorizationCodeInterface, - AccessTokenInterface, - ClientCredentialsInterface, - UserCredentialsInterface, - RefreshTokenInterface, - JwtBearerInterface, - ScopeInterface, - PublicKeyInterface, - UserClaimsInterface, - OpenIDAuthorizationCodeInterface + AuthorizationCodeInterface, + AccessTokenInterface, + ClientCredentialsInterface, + UserCredentialsInterface, + RefreshTokenInterface, + JwtBearerInterface, + ScopeInterface, + PublicKeyInterface, + UserClaimsInterface, + OpenIDAuthorizationCodeInterface { - protected $db; - protected $config; - - /** - * [__construct description] - * @param array $config Configuration for the WPDB Storage Object - */ - public function __construct( $config=array() ) { - global $wpdb; - $this->db = $wpdb; - $this->config = array_merge( - array( - 'client_table' => $this->db->prefix . 'oauth_clients', - 'access_token_table' => $this->db->prefix . 'oauth_access_tokens', - 'refresh_token_table' => $this->db->prefix . 'oauth_refresh_tokens', - 'code_table' => $this->db->prefix . 'oauth_authorization_codes', - 'user_table' => $this->db->prefix . 'oauth_users', - 'jwt_table' => $this->db->prefix . 'oauth_jwt', - 'jwi_table' => $this->db->prefix . 'oauth_jwi', // Needs implanted - 'scope_table' => $this->db->prefix . 'oauth_scopes', - 'public_key_table' => $this->db->prefix . 'oauth_public_keys' - ), - $config - ); - } - - /** - * [checkClientCredentials description] - * @param [type] $client_id [description] - * @param [type] $client_secret [description] - * @return [type] [description] - */ - public function checkClientCredentials ( $client_id, $client_secret=null ) { - $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_clients WHERE client_id = %s", array($client_id)); - $stmt = $this->db->get_row($stmt, ARRAY_A); - - return $stmt && $stmt['client_secret'] == $client_secret; - } - - /** - * [isPublicClient description] - * @param [type] $client_id [description] - * @return boolean [description] - */ - public function isPublicClient ( $client_id ) { - $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_clients WHERE client_id = %s", array($client_id)); - $stmt = $this->db->get_row($stmt, ARRAY_A); - - return empty($stmt['client_secret']); - } - - /** - * [getClientDetails description] - * @param [type] $client_id [description] - * @return [type] [description] - */ - public function getClientDetails( $client_id ) { - $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_clients WHERE client_id = %s", array($client_id)); - $stmt = $this->db->get_row($stmt, ARRAY_A); - - return $stmt; - } - - /** - * [setClientDetails description] - * @param [type] $client_id [description] - * @param [type] $client_secret [description] - * @param [type] $redirect_uri [description] - * @param [type] $grant_types [description] - * @param [type] $scope [description] - * @param [type] $user_id [description] - */ - public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null) - { - if ($this->getClientDetails($client_id)) { - $stmt = $this->db->prepare("UPDATE {$this->db->prefix}oauth_clients SET client_secret=%s, redirect_uri=%s, grant_types=%s, scope=%s, user_id=%s where client_id=%s", array($client_secret, $redirect_uri, $grant_types, $scope, $user_id, $client_id)); - } else { - $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) VALUES (%s, %s, %s, %s, %s, $s)", array($client_secret, $redirect_uri, $grant_types, $scope, $user_id, $client_id)); - } - - return $this->db->query($stmt); - } - - /** - * [checkRestrictedGrantType description] - * @param [type] $client_id [description] - * @param [type] $grant_type [description] - * @return [type] [description] - */ - public function checkRestrictedGrantType($client_id, $grant_type) - { - $details = $this->getClientDetails($client_id); - if (isset($details['grant_types'])) { - $grant_types = explode(' ', $details['grant_types']); - - return in_array($grant_type, (array)$grant_types); - } - - return true; - } - - /** - * [getAccessToken description] - * @param [type] $access_token [description] - * @return [type] [description] - */ - public function getAccessToken($access_token) - { - $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_access_tokens WHERE access_token = %s", array($access_token)); - $token = $this->db->get_row($stmt, ARRAY_A); - if (null != $token) { - $token['expires'] = strtotime($token['expires']); - } - - return $token; - } - - /** - * [setAccessToken description] - * @param [type] $access_token [description] - * @param [type] $client_id [description] - * @param [type] $user_id [description] - * @param [type] $expires [description] - * @param [type] $scope [description] - */ - public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope=null) { + protected $db; + protected $config; + + /** + * [__construct description] + * @param array $config Configuration for the WPDB Storage Object + */ + public function __construct( $config=array() ) { + global $wpdb; + $this->db = $wpdb; + $this->config = array_merge( + array( + 'client_table' => $this->db->prefix . 'oauth_clients', + 'access_token_table' => $this->db->prefix . 'oauth_access_tokens', + 'refresh_token_table' => $this->db->prefix . 'oauth_refresh_tokens', + 'code_table' => $this->db->prefix . 'oauth_authorization_codes', + 'user_table' => $this->db->prefix . 'oauth_users', + 'jwt_table' => $this->db->prefix . 'oauth_jwt', + 'jwi_table' => $this->db->prefix . 'oauth_jwi', // Needs implanted + 'scope_table' => $this->db->prefix . 'oauth_scopes', + 'public_key_table' => $this->db->prefix . 'oauth_public_keys' + ), + $config + ); + } + + /** + * [checkClientCredentials description] + * @param [type] $client_id [description] + * @param [type] $client_secret [description] + * @return [type] [description] + */ + public function checkClientCredentials ( $client_id, $client_secret=null ) { + $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_clients WHERE client_id = %s", array($client_id)); + $stmt = $this->db->get_row($stmt, ARRAY_A); + + return $stmt && $stmt['client_secret'] == $client_secret; + } + + /** + * [isPublicClient description] + * @param [type] $client_id [description] + * @return boolean [description] + */ + public function isPublicClient ( $client_id ) { + $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_clients WHERE client_id = %s", array($client_id)); + $stmt = $this->db->get_row($stmt, ARRAY_A); + + return empty($stmt['client_secret']); + } + + /** + * [getClientDetails description] + * @param [type] $client_id [description] + * @return [type] [description] + */ + public function getClientDetails( $client_id ) { + $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_clients WHERE client_id = %s", array($client_id)); + $stmt = $this->db->get_row($stmt, ARRAY_A); + + return $stmt; + } + + /** + * [setClientDetails description] + * @param [type] $client_id [description] + * @param [type] $client_secret [description] + * @param [type] $redirect_uri [description] + * @param [type] $grant_types [description] + * @param [type] $scope [description] + * @param [type] $user_id [description] + */ + public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null) + { + if ($this->getClientDetails($client_id)) { + $stmt = $this->db->prepare("UPDATE {$this->db->prefix}oauth_clients SET client_secret=%s, redirect_uri=%s, grant_types=%s, scope=%s, user_id=%s where client_id=%s", array($client_secret, $redirect_uri, $grant_types, $scope, $user_id, $client_id)); + } else { + $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) VALUES (%s, %s, %s, %s, %s, $s)", array($client_secret, $redirect_uri, $grant_types, $scope, $user_id, $client_id)); + } + + return $this->db->query($stmt); + } + + /** + * [checkRestrictedGrantType description] + * @param [type] $client_id [description] + * @param [type] $grant_type [description] + * @return [type] [description] + */ + public function checkRestrictedGrantType($client_id, $grant_type) + { + $details = $this->getClientDetails($client_id); + if (isset($details['grant_types'])) { + $grant_types = explode(' ', $details['grant_types']); + + return in_array($grant_type, (array)$grant_types); + } + + return true; + } + + /** + * [getAccessToken description] + * @param [type] $access_token [description] + * @return [type] [description] + */ + public function getAccessToken($access_token) + { + $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_access_tokens WHERE access_token = %s", array($access_token)); + $token = $this->db->get_row($stmt, ARRAY_A); + if (null != $token) { + $token['expires'] = strtotime($token['expires']); + } + + return $token; + } + + /** + * [setAccessToken description] + * @param [type] $access_token [description] + * @param [type] $client_id [description] + * @param [type] $user_id [description] + * @param [type] $expires [description] + * @param [type] $scope [description] + */ + public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope=null) { - /** - * wo_set_access_token Action - * Returns access_token, client_id, $user_id - * @since 3.1.9 - */ - do_action('wo_set_access_token', array( - 'access_token' => $access_token, - 'client_id' => $client_id, - 'user_id' => $user_id - )); + /** + * wo_set_access_token Action + * Returns access_token, client_id, $user_id + * @since 3.1.9 + */ + do_action('wo_set_access_token', array( + 'access_token' => $access_token, + 'client_id' => $client_id, + 'user_id' => $user_id + )); - $expires = date('Y-m-d H:i:s', $expires); - if ($this->getAccessToken($access_token)) { - $stmt = $this->db->prepare("UPDATE {$this->db->prefix}oauth_access_tokens SET client_id=%s, expires=%s, user_id=%s, scope=%s where access_token=%s", array($client_id, $expires, $user_id, $scope, $access_token)); - } else { - $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_access_tokens (access_token, client_id, expires, user_id, scope) VALUES (%s, %s, %s, %s, %s)", array($access_token, $client_id, $expires, $user_id, $scope)); - } - - // Give return a value - $results = $this->db->query($stmt); + $expires = date('Y-m-d H:i:s', $expires); + if ($this->getAccessToken($access_token)) { + $stmt = $this->db->prepare("UPDATE {$this->db->prefix}oauth_access_tokens SET client_id=%s, expires=%s, user_id=%s, scope=%s where access_token=%s", array($client_id, $expires, $user_id, $scope, $access_token)); + } else { + $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_access_tokens (access_token, client_id, expires, user_id, scope) VALUES (%s, %s, %s, %s, %s)", array($access_token, $client_id, $expires, $user_id, $scope)); + } + + // Give return a value + $results = $this->db->query($stmt); - // Return Results - return $results; - } - - /** - * [getAuthorizationCode description] - * @param [type] $code [description] - * @param bool to return id_token key or not. Now that is the question! - * @return [type] [description] - */ - public function getAuthorizationCode ( $code ) { - $stmt = $this->db->prepare("SELECT * from {$this->db->prefix}oauth_authorization_codes WHERE authorization_code = %s", array($code)); - $stmt = $this->db->get_row($stmt, ARRAY_A); - - if (null != $stmt) - $stmt['expires'] = strtotime($stmt['expires']); - - /** - * This seems to be an issue and not return correctly. For now, lets return the queried object - * @todo This is messy and we need to look up PDO::FEATCH_BOTH - */ - return $stmt; - } - - /** - * [setAuthorizationCode description] - * @param [type] $code [description] - * @param [type] $client_id [description] - * @param [type] $user_id [description] - * @param [type] $redirect_uri [description] - * @param [type] $expires [description] - * @param [type] $scope [description] - * @param [type] $id_token [description] - */ - public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null, $id_token=null) - { - if (func_num_args() > 6) { - - // we are calling with an id token - return call_user_func_array(array($this, 'setAuthorizationCodeWithIdToken'), func_get_args()); - } - - // convert expires to datestring - $expires = date('Y-m-d H:i:s', $expires); - - // if it exists, update it. - if ($this->getAuthorizationCode($code)) { - $stmt = $this->db->prepare("UPDATE {$this->db->prefix}oauth_authorization_codes SET client_id=%s, user_id=%s, redirect_uri=%s, expires=%s, scope=%s where authorization_code=%s", array($client_id, $user_id, $redirect_uri, $expires, $code)); - } else { - $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_authorization_codes (authorization_code, client_id, user_id, redirect_uri, expires, scope) VALUES (%s, %s, %s, %s, %s, %s)", array($code, $client_id, $user_id, $redirect_uri, $expires, $scope)); - } - return $this->db->query($stmt); - } - - /** - * [setAuthorizationCodeWithIdToken description] - * @param [type] $code [description] - * @param [type] $client_id [description] - * @param [type] $user_id [description] - * @param [type] $redirect_uri [description] - * @param [type] $expires [description] - * @param [type] $scope [description] - * @param [type] $id_token [description] - */ - private function setAuthorizationCodeWithIdToken($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null, $id_token=null) { - // convert expires to date string - $expires = date('Y-m-d H:i:s', $expires); - - // if it exists, update it. - if ($this->getAuthorizationCode($code)) { - $stmt = $this->db->prepare("UPDATE {$this->db->prefix}oauth_authorization_codes SET client_id=%s, user_id=%s, redirect_uri=%s, expires=%s, scope=%s, id_token =%s where authorization_code=%s", array($client_id, $user_id, $redirect_uri, $expires, $scope, $id_token, $code) ); - } else { - $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_authorization_codes (authorization_code, client_id, user_id, redirect_uri, expires, scope, id_token) VALUES (%s, %s, %s, %s, %s, %s, %s)", array($code, $client_id, $user_id, $redirect_uri, $expires, $scope, $id_token) ); - } - - return $this->db->query( $stmt ); - } - - /** - * [expireAuthorizationCode description] - * @param [type] $code [description] - * @return [type] [description] - */ - public function expireAuthorizationCode( $code ) { - $stmt = $this->db->prepare("DELETE FROM {$this->db->prefix}oauth_authorization_codes WHERE authorization_code = %s", array($code)); - return $this->db->query( $stmt ); - } - - /** - * [checkUserCredentials description] - * @param [type] $username [description] - * @param [type] $password [description] - * @return [type] [description] - */ - public function checkUserCredentials( $username, $password ) { - if ( $user = $this->getUser( $username ) ) { - $login_check = $this->checkPassword($user, $password); - - // @since 3.1.94 the parameter $user is being passed - if(!$login_check) - do_action('wo_failed_login', $user); + // Return Results + return $results; + } + + /** + * [getAuthorizationCode description] + * @param [type] $code [description] + * @param bool to return id_token key or not. Now that is the question! + * @return [type] [description] + */ + public function getAuthorizationCode ( $code ) { + $stmt = $this->db->prepare("SELECT * from {$this->db->prefix}oauth_authorization_codes WHERE authorization_code = %s", array($code)); + $stmt = $this->db->get_row($stmt, ARRAY_A); + + if (null != $stmt) + $stmt['expires'] = strtotime($stmt['expires']); + + /** + * This seems to be an issue and not return correctly. For now, lets return the queried object + * @todo This is messy and we need to look up PDO::FEATCH_BOTH + */ + return $stmt; + } + + /** + * [setAuthorizationCode description] + * @param [type] $code [description] + * @param [type] $client_id [description] + * @param [type] $user_id [description] + * @param [type] $redirect_uri [description] + * @param [type] $expires [description] + * @param [type] $scope [description] + * @param [type] $id_token [description] + */ + public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null, $id_token=null) + { + if (func_num_args() > 6) { + + // we are calling with an id token + return call_user_func_array(array($this, 'setAuthorizationCodeWithIdToken'), func_get_args()); + } + + // convert expires to datestring + $expires = date('Y-m-d H:i:s', $expires); + + // if it exists, update it. + if ($this->getAuthorizationCode($code)) { + $stmt = $this->db->prepare("UPDATE {$this->db->prefix}oauth_authorization_codes SET client_id=%s, user_id=%s, redirect_uri=%s, expires=%s, scope=%s where authorization_code=%s", array($client_id, $user_id, $redirect_uri, $expires, $code)); + } else { + $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_authorization_codes (authorization_code, client_id, user_id, redirect_uri, expires, scope) VALUES (%s, %s, %s, %s, %s, %s)", array($code, $client_id, $user_id, $redirect_uri, $expires, $scope)); + } + return $this->db->query($stmt); + } + + /** + * [setAuthorizationCodeWithIdToken description] + * @param [type] $code [description] + * @param [type] $client_id [description] + * @param [type] $user_id [description] + * @param [type] $redirect_uri [description] + * @param [type] $expires [description] + * @param [type] $scope [description] + * @param [type] $id_token [description] + */ + private function setAuthorizationCodeWithIdToken($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null, $id_token=null) { + // convert expires to date string + $expires = date('Y-m-d H:i:s', $expires); + + // if it exists, update it. + if ($this->getAuthorizationCode($code)) { + $stmt = $this->db->prepare("UPDATE {$this->db->prefix}oauth_authorization_codes SET client_id=%s, user_id=%s, redirect_uri=%s, expires=%s, scope=%s, id_token =%s where authorization_code=%s", array($client_id, $user_id, $redirect_uri, $expires, $scope, $id_token, $code) ); + } else { + $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_authorization_codes (authorization_code, client_id, user_id, redirect_uri, expires, scope, id_token) VALUES (%s, %s, %s, %s, %s, %s, %s)", array($code, $client_id, $user_id, $redirect_uri, $expires, $scope, $id_token) ); + } + + return $this->db->query( $stmt ); + } + + /** + * [expireAuthorizationCode description] + * @param [type] $code [description] + * @return [type] [description] + */ + public function expireAuthorizationCode( $code ) { + $stmt = $this->db->prepare("DELETE FROM {$this->db->prefix}oauth_authorization_codes WHERE authorization_code = %s", array($code)); + return $this->db->query( $stmt ); + } + + /** + * [checkUserCredentials description] + * @param [type] $username [description] + * @param [type] $password [description] + * @return [type] [description] + */ + public function checkUserCredentials( $username, $password ) { + if ( $user = $this->getUser( $username ) ) { + $login_check = $this->checkPassword($user, $password); + + // @since 3.1.94 the parameter $user is being passed + if(!$login_check) + do_action('wo_failed_login', $user); - return $login_check; - } - do_action('wo_user_not_found'); - return false; - } - - /** - * [getUserDetails description] - * @param [type] $username [description] - * @return [type] [description] - */ - public function getUserDetails( $username ) { - return $this->getUser( $username ); - } - - /** - * [getUserClaims description] - * @param [type] $user_id [description] - * @param [type] $claims [description] - * @return [type] [description] - * - * @since 3.0.5-alpha Claims are handled manually since it just makes more sense this way - */ - public function getUserClaims( $user_id, $claims ) { - - // Grab the user information for the ID - $userInfo = get_userdata( $user_id ); + return $login_check; + } + do_action('wo_user_not_found'); + return false; + } + + /** + * [getUserDetails description] + * @param [type] $username [description] + * @return [type] [description] + */ + public function getUserDetails( $username ) { + return $this->getUser( $username ); + } + + /** + * [getUserClaims description] + * @param [type] $user_id [description] + * @param [type] $claims [description] + * @return [type] [description] + * + * @since 3.0.5-alpha Claims are handled manually since it just makes more sense this way + */ + public function getUserClaims( $user_id, $claims ) { + + // Grab the user information for the ID + $userInfo = get_userdata( $user_id ); - // Split up the claims - $claims = explode( ' ', trim( $claims ) ); + // Split up the claims + $claims = explode( ' ', trim( $claims ) ); - // User claims array - $userClaims = array(); + // User claims array + $userClaims = array(); - // If the scope "email" is found - if (in_array('email', $claims)) { - $userClaims += array( - 'email' => $userInfo->user_email, - 'email_verified' => '' - ); - } + // If the scope "email" is found + if (in_array('email', $claims)) { + $userClaims += array( + 'email' => $userInfo->user_email, + 'email_verified' => '' + ); + } - // If the scope "profile" is found - if (in_array('profile', $claims)) { - $userClaims += array( - 'name' => $userInfo->display_name, - 'family_name' => '', - 'given_name' => '', - 'middle_name' => '', - 'nickname' => '', - 'preferred_username' => $userInfo->display_name, - 'profile' => '', - 'picture' => 'http://www.gravatar.com/avatar/'.md5(strtolower(trim($userInfo->user_email))).'?s=40', - 'website' => $userInfo->user_url, - 'gender' => '', - 'birthdate' => '', - 'zoneinfo' => get_option('timezone_string'), - 'updated_at' => $userInfo->user_registered, - ); - } + // If the scope "profile" is found + if (in_array('profile', $claims)) { + $userClaims += array( + 'name' => $userInfo->display_name, + 'family_name' => '', + 'given_name' => '', + 'middle_name' => '', + 'nickname' => '', + 'preferred_username' => $userInfo->display_name, + 'profile' => '', + 'picture' => 'http://www.gravatar.com/avatar/'.md5(strtolower(trim($userInfo->user_email))).'?s=40', + 'website' => $userInfo->user_url, + 'gender' => '', + 'birthdate' => '', + 'zoneinfo' => get_option('timezone_string'), + 'updated_at' => $userInfo->user_registered, + ); + } - // If the scope "address" is found - if (in_array('address', $claims)) { - $userClaims += array( - 'formatted' => '', - 'street_address' => '', - 'locality' => '', - 'region' => '', - 'postal_code' => '', - 'country' => '', - ); - } + // If the scope "address" is found + if (in_array('address', $claims)) { + $userClaims += array( + 'formatted' => '', + 'street_address' => '', + 'locality' => '', + 'region' => '', + 'postal_code' => '', + 'country' => '', + ); + } - // If the scope "phone" is found - if (in_array('phone', $claims)) { - $userClaims += array( - 'phone_number' => '', - 'phone_number_verified' => '', - ); - } + // If the scope "phone" is found + if (in_array('phone', $claims)) { + $userClaims += array( + 'phone_number' => '', + 'phone_number_verified' => '', + ); + } - return $userClaims; - } - - /** - * [getUserClaim description] - * @param [type] $claim [description] - * @param [type] $userDetails [description] - * @return [type] [description] - * - * @todo Check - */ - protected function getUserClaim($claim, $userDetails) - { - $userClaims = array(); - $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim))); - $claimValues = explode(' ', $claimValuesString); - - foreach ($claimValues as $value) { - $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null; - } - - return $userClaims; - } - - /** - * [getRefreshToken description] - * @param [type] $refresh_token [description] - * @return [type] [description] - */ - public function getRefreshToken( $refresh_token ) - { - $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_refresh_tokens WHERE refresh_token = %s", - array($refresh_token)); + return $userClaims; + } + + /** + * [getUserClaim description] + * @param [type] $claim [description] + * @param [type] $userDetails [description] + * @return [type] [description] + * + * @todo Check + */ + protected function getUserClaim($claim, $userDetails) + { + $userClaims = array(); + $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim))); + $claimValues = explode(' ', $claimValuesString); + + foreach ($claimValues as $value) { + $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null; + } + + return $userClaims; + } + + /** + * [getRefreshToken description] + * @param [type] $refresh_token [description] + * @return [type] [description] + */ + public function getRefreshToken( $refresh_token ) + { + $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}oauth_refresh_tokens WHERE refresh_token = %s", + array($refresh_token)); - $stmt = $this->db->get_row($stmt, ARRAY_A); - - $token = null; - if ( $stmt ) { - $token = $stmt; - $token['expires'] = strtotime($stmt['expires']); - } + $stmt = $this->db->get_row($stmt, ARRAY_A); + + $token = null; + if ( $stmt ) { + $token = $stmt; + $token['expires'] = strtotime($stmt['expires']); + } - return $token; - } - - /** - * [setRefreshToken description] - * @param [type] $refresh_token [description] - * @param [type] $client_id [description] - * @param [type] $user_id [description] - * @param [type] $expires [description] - * @param [type] $scope [description] - */ - public function setRefreshToken( $refresh_token, $client_id, $user_id, $expires, $scope = null) { - $expires = date('Y-m-d H:i:s', $expires ); - $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_refresh_tokens (refresh_token, client_id, user_id, expires, scope) VALUES (%s, %s, %s, %s, %s)", array($refresh_token, $client_id, $user_id, $expires, $scope)); - - return $this->db->query($stmt); - } - - /** - * [unsetRefreshToken description] - * @param [type] $refresh_token [description] - * @return [type] [description] - */ - public function unsetRefreshToken( $refresh_token ) { - $stmt = $this->db->prepare("DELETE FROM {$this->db->prefix}oauth_refresh_tokens WHERE refresh_token = %s", array($refresh_token)); - return $this->db->query($stmt); - } - - /** - * Check the user login credentials - * @param [type] $user [description] - * @param [type] $password [description] - * @return [type] [description] - * - * - */ - protected function checkPassword($user, $password) { - $login_check = wp_check_password( $password, $user['user_pass'], $user['ID']); - if(!$login_check){ - do_action('wp_login_failed', $user['user_login']); - } + return $token; + } + + /** + * [setRefreshToken description] + * @param [type] $refresh_token [description] + * @param [type] $client_id [description] + * @param [type] $user_id [description] + * @param [type] $expires [description] + * @param [type] $scope [description] + */ + public function setRefreshToken( $refresh_token, $client_id, $user_id, $expires, $scope = null) { + $expires = date('Y-m-d H:i:s', $expires ); + $stmt = $this->db->prepare("INSERT INTO {$this->db->prefix}oauth_refresh_tokens (refresh_token, client_id, user_id, expires, scope) VALUES (%s, %s, %s, %s, %s)", array($refresh_token, $client_id, $user_id, $expires, $scope)); + + return $this->db->query($stmt); + } + + /** + * [unsetRefreshToken description] + * @param [type] $refresh_token [description] + * @return [type] [description] + */ + public function unsetRefreshToken( $refresh_token ) { + $stmt = $this->db->prepare("DELETE FROM {$this->db->prefix}oauth_refresh_tokens WHERE refresh_token = %s", array($refresh_token)); + return $this->db->query($stmt); + } + + /** + * Check the user login credentials + * @param [type] $user [description] + * @param [type] $password [description] + * @return [type] [description] + * + * + */ + protected function checkPassword($user, $password) { + $login_check = wp_check_password( $password, $user['user_pass'], $user['ID']); + if(!$login_check){ + do_action('wp_login_failed', $user['user_login']); + } - return $login_check; - } - - /** - * Retrieve a user ID from the database - * @param [type] $username [description] - * @return [type] [description] - */ - public function getUser($username) { - $stmt = $this->db->prepare("SELECT * FROM {$this->db->prefix}users WHERE user_login=%s", array($username)); - $stmt = $this->db->get_row($stmt, ARRAY_A); - - if ( null == $stmt ) { - return false; - } - - $userInfo = $stmt; - return array_merge(array( - 'user_id' => $userInfo['ID'] - ), - $userInfo - ); - } - - /** - * Check to see is a scope exists in the database - * @param [type] $scope [description] - * @return [type] [description] - */ - public function scopeExists( $scope ) - { - $scope = explode(' ', $scope); - $whereIn = implode(',', array_fill(0, count($scope), '?')); - $stmt = $this->db->prepare("SELECT count(scope) as count FROM {$this->db->prefix}oauth_scopes WHERE scope IN (%s)", array($whereIn) ); - $stmt = $this->db->query($stmt, ARRAY_A); - - if ( null != $stmt ) { - return $stmt['count'] == count( $scope ); - } - - return false; - } - - /** - * Get the default scope from the database - * @param [type] $client_id [description] - * @return [type] [description] - */ - public function getDefaultScope( $client_id=null ) - { - $stmt = $this->db->prepare("SELECT scope FROM {$this->db->prefix}oauth_scopes WHERE is_default=%s", array(true)); - $stmt = $this->db->get_results($stmt, ARRAY_A); - - if ($stmt) { - $defaultScope = array_map(function ($row) { - return $row['scope']; - }, $result); - - return implode(' ', $defaultScope); - } - - return null; - } - - /** - * [getClientKey description] - * @param [type] $client_id [description] - * @param [type] $subject [description] - * @return [type] [description] - */ - public function getClientKey($client_id, $subject) - { - $stmt = $this->db->prepare("SELECT public_key from {$this->db->prefix}oauth_jwt where client_id=%s AND subject=%s", array($client_id, $subject)); - return $this->db->get_col($stmt); - } - - /** - * [getClientScope description] - * @param [type] $client_id [description] - * @return [type] [description] - */ - public function getClientScope($client_id) - { - if (!$clientDetails = $this->getClientDetails($client_id)) { - return false; - } - - if (isset($clientDetails['scope'])) { - return $clientDetails['scope']; - } - - return null; - } - - /** - * [getJti description] - * @param [type] $client_id [description] - * @param [type] $subject [description] - * @param [type] $audience [description] - * @param [type] $expires [description] - * @param [type] $jti [description] - * @return [type] [description] - * - * @todo Check for Removal - */ - public function getJti($client_id, $subject, $audience, $expires, $jti) - { - $stmt = $this->db->prepare($sql = sprintf('SELECT * FROM %s WHERE issuer=:client_id AND subject=:subject AND audience=:audience AND expires=:expires AND jti=:jti', $this->config['jti_table'])); - - $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti')); - - if ($result = $stmt->fetch()) { - return array('issuer' => $result['issuer'], 'subject' => $result['subject'], 'audience' => $result['audience'], 'expires' => $result['expires'], 'jti' => $result['jti'],); - } - - return null; - } - - /** - * [setJti description] - * @param [type] $client_id [description] - * @param [type] $subject [description] - * @param [type] $audience [description] - * @param [type] $expires [description] - * @param [type] $jti [description] - * - * @todo Check for removal - */ - public function setJti($client_id, $subject, $audience, $expires, $jti) - { - $stmt = $this->db->prepare(sprintf('INSERT INTO %s (issuer, subject, audience, expires, jti) VALUES (:client_id, :subject, :audience, :expires, :jti)', $this->config['jti_table'])); - - return $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti')); - } - - /** - * [getPublicKey description] - * @param [type] $client_id [description] - * @return [type] [description] - */ - public function getPublicKey($client_id = null) - { - $stmt = $this->db->prepare("SELECT public_key FROM {$this->db->prefix}oauth_public_keys WHERE client_id=%s OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC", array($client_id)); - $stmt = $this->db->get_row($stmt, ARRAY_A); - - if (null != $stmt) { - return $result['public_key']; - } - } - - /** - * [getPrivateKey description] - * @param [type] $client_id [description] - * @return [type] [description] - */ - public function getPrivateKey($client_id = null) - { - $stmt = $this->db->prepare("SELECT private_key FROM {$this->db->prefix}oauth_public_keys WHERE client_id=%s OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC", array($client_id)); - $stmt = $this->db->get_row($stmt, ARRAY_A); - - if (null != $stmt) { - return $stmt['private_key']; - } - } - - /** - * [getEncryptionAlgorithm description] - * @param [type] $client_id [description] - * @return [type] [description] - */ - public function getEncryptionAlgorithm($client_id = null) - { - $stmt = $this->db->prepare("SELECT encryption_algorithm FROM {$this->db->prefix}oauth_public_keys WHERE client_id=%s OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC", array($client_id)); - $stmt = $this->db->get_row($stmt, ARRAY_A); - - if (null != $stmt) { - return $stmt['encryption_algorithm']; - } - } - + return $login_check; + } + + /** + * Retrieve a user ID from the database + * @param [type] $username [description] + * @return [type] [description] + */ + public function getUser( $username ) { + $field = ( false === filter_var( $username, FILTER_VALIDATE_EMAIL ) ) ? 'login' : 'email'; + $user = get_user_by( $field, $username ); + if ( false === $user ) { + return false; + } + $userInfo = (array) $user->data; + + return array_merge( array( + 'user_id' => $userInfo['ID'] + ), + $userInfo + ); + } + + /** + * Check to see is a scope exists in the database + * @param [type] $scope [description] + * @return [type] [description] + */ + public function scopeExists( $scope ) + { + $scope = explode(' ', $scope); + $whereIn = implode(',', array_fill(0, count($scope), '?')); + $stmt = $this->db->prepare("SELECT count(scope) as count FROM {$this->db->prefix}oauth_scopes WHERE scope IN (%s)", array($whereIn) ); + $stmt = $this->db->query($stmt, ARRAY_A); + + if ( null != $stmt ) { + return $stmt['count'] == count( $scope ); + } + + return false; + } + + /** + * Get the default scope from the database + * @param [type] $client_id [description] + * @return [type] [description] + */ + public function getDefaultScope( $client_id=null ) + { + $stmt = $this->db->prepare("SELECT scope FROM {$this->db->prefix}oauth_scopes WHERE is_default=%s", array(true)); + $stmt = $this->db->get_results($stmt, ARRAY_A); + + if ($stmt) { + $defaultScope = array_map(function ($row) { + return $row['scope']; + }, $result); + + return implode(' ', $defaultScope); + } + + return null; + } + + /** + * [getClientKey description] + * @param [type] $client_id [description] + * @param [type] $subject [description] + * @return [type] [description] + */ + public function getClientKey($client_id, $subject) + { + $stmt = $this->db->prepare("SELECT public_key from {$this->db->prefix}oauth_jwt where client_id=%s AND subject=%s", array($client_id, $subject)); + return $this->db->get_col($stmt); + } + + /** + * [getClientScope description] + * @param [type] $client_id [description] + * @return [type] [description] + */ + public function getClientScope($client_id) + { + if (!$clientDetails = $this->getClientDetails($client_id)) { + return false; + } + + if (isset($clientDetails['scope'])) { + return $clientDetails['scope']; + } + + return null; + } + + /** + * [getJti description] + * @param [type] $client_id [description] + * @param [type] $subject [description] + * @param [type] $audience [description] + * @param [type] $expires [description] + * @param [type] $jti [description] + * @return [type] [description] + * + * @todo Check for Removal + */ + public function getJti($client_id, $subject, $audience, $expires, $jti) + { + $stmt = $this->db->prepare($sql = sprintf('SELECT * FROM %s WHERE issuer=:client_id AND subject=:subject AND audience=:audience AND expires=:expires AND jti=:jti', $this->config['jti_table'])); + + $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti')); + + if ($result = $stmt->fetch()) { + return array('issuer' => $result['issuer'], 'subject' => $result['subject'], 'audience' => $result['audience'], 'expires' => $result['expires'], 'jti' => $result['jti'],); + } + + return null; + } + + /** + * [setJti description] + * @param [type] $client_id [description] + * @param [type] $subject [description] + * @param [type] $audience [description] + * @param [type] $expires [description] + * @param [type] $jti [description] + * + * @todo Check for removal + */ + public function setJti($client_id, $subject, $audience, $expires, $jti) + { + $stmt = $this->db->prepare(sprintf('INSERT INTO %s (issuer, subject, audience, expires, jti) VALUES (:client_id, :subject, :audience, :expires, :jti)', $this->config['jti_table'])); + + return $stmt->execute(compact('client_id', 'subject', 'audience', 'expires', 'jti')); + } + + /** + * [getPublicKey description] + * @param [type] $client_id [description] + * @return [type] [description] + */ + public function getPublicKey($client_id = null) + { + $stmt = $this->db->prepare("SELECT public_key FROM {$this->db->prefix}oauth_public_keys WHERE client_id=%s OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC", array($client_id)); + $stmt = $this->db->get_row($stmt, ARRAY_A); + + if (null != $stmt) { + return $result['public_key']; + } + } + + /** + * [getPrivateKey description] + * @param [type] $client_id [description] + * @return [type] [description] + */ + public function getPrivateKey($client_id = null) + { + $stmt = $this->db->prepare("SELECT private_key FROM {$this->db->prefix}oauth_public_keys WHERE client_id=%s OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC", array($client_id)); + $stmt = $this->db->get_row($stmt, ARRAY_A); + + if (null != $stmt) { + return $stmt['private_key']; + } + } + + /** + * [getEncryptionAlgorithm description] + * @param [type] $client_id [description] + * @return [type] [description] + */ + public function getEncryptionAlgorithm($client_id = null) + { + $stmt = $this->db->prepare("SELECT encryption_algorithm FROM {$this->db->prefix}oauth_public_keys WHERE client_id=%s OR client_id IS NULL ORDER BY client_id IS NOT NULL DESC", array($client_id)); + $stmt = $this->db->get_row($stmt, ARRAY_A); + + if (null != $stmt) { + return $stmt['encryption_algorithm']; + } + } + } diff --git a/library/class-wo-api.php b/library/class-wo-api.php index d64aa44..2e412a4 100644 --- a/library/class-wo-api.php +++ b/library/class-wo-api.php @@ -5,11 +5,7 @@ * For now, you can read here to understand how this plugin works. * @link(Github, http://bshaffer.github.io/oauth2-server-php-docs/) */ -if (! function_exists( 'add_filter' ) ) { - header('Status: 403 Forbidden'); - header('HTTP/1.1 403 Forbidden'); - exit(); -} +defined( 'ABSPATH' ) or die( 'No script kiddies please!' ); do_action( 'wo_before_api', array( $_REQUEST ) ); require_once dirname( __FILE__ ) . '/OAuth2/Autoloader.php'; @@ -25,8 +21,8 @@ } global $wp_query; -$method = $wp_query->get("oauth"); -$well_known = $wp_query->get("well-known"); +$method = $wp_query->get( 'oauth' ); +$well_known = $wp_query->get( 'well-known' ); $storage = new OAuth2\Storage\Wordpressdb(); $config = array( 'use_crypto_tokens' => false, @@ -150,7 +146,7 @@ | Presents the generic public key for signing. | @since 3.0.5 */ -if ($well_known == 'keys') { +if ( $well_known == 'keys' ) { $keys = apply_filters( 'wo_server_keys', null); $publicKey = openssl_pkey_get_public( file_get_contents( $keys['public'] ) ); $publicKey = openssl_pkey_get_details( $publicKey ); @@ -174,10 +170,8 @@ | OpenID Discovery |-------------------------------------------------------------------------- | -| Presents a basic json encoded response for OpenID Discovery. -| - issuer MUST be HTTPS and match */ -if ($well_known == 'openid-configuration') { +if ( $well_known == 'openid-configuration' ) { $openid_configuration = array( 'issuer' => site_url( null, 'https' ), 'authorization_endpoint' => site_url( '/oauth/authorize' ), @@ -213,29 +207,26 @@ if ( array_key_exists( $method, $ext_methods ) ) { // If the method is is set to public, lets just run the method without - if( isset($ext_methods[$method]['public']) && $ext_methods[$method]['public'] ){ + if( isset( $ext_methods[$method]['public'] ) && $ext_methods[$method]['public'] ){ call_user_func_array($ext_methods[$method]['func'], $_REQUEST); exit; } - // Check the token provided $response = new OAuth2\Response(); - if ( !$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) { + if ( ! $server->verifyResourceRequest( OAuth2\Request::createFromGlobals() ) ) { $response->setError(400, 'invalid_request', 'Missing or invalid parameter(s)'); $response->send(); exit; } - $token = $server->getAccessTokenData(OAuth2\Request::createFromGlobals()); + $token = $server->getAccessTokenData( OAuth2\Request::createFromGlobals() ); if ( is_null( $token ) ) { $server->getResponse()->send(); exit; } - /** added 3.1.91 */ do_action('wo_endpoint_user_authenticated', array( $token ) ); + call_user_func_array( $ext_methods[$method]['func'], array( $token ) ); - // Once we are here, everything has checked out. Call the method - call_user_func_array($ext_methods[$method]['func'], array($token)); exit; } diff --git a/library/class-wo-table.php b/library/class-wo-table.php index 2a4db4b..21eb221 100644 --- a/library/class-wo-table.php +++ b/library/class-wo-table.php @@ -1,179 +1,166 @@ 'wp_list_text_link', //Singular label - 'plural' => 'wp_list_test_links', //plural label, also this well be one of the table css class - 'ajax' => false //We won't support Ajax for this table - ) ); - } - - /** - * Add extra markup in the toolbars before or after the list - * @param string $which, helps you decide if you add the markup after (bottom) or before (top) the list - */ - function extra_tablenav( $which ) { - if ( $which == "top" ){ - return false; - } - if ( $which == "bottom" ){ - return false; - } - } - - /** - * Overide default functionality to remove _nonce field - * @return [type] [description] - */ - function display_tablenav ( $which ) - { - //if ( 'top' == $which ) - //wp_nonce_field( 'bulk-' . $this->_args['plural'] ); - ?> -
-
- bulk_actions( $which ); ?> -
- extra_tablenav( $which ); - $this->pagination( $which ); - ?> -
-
- __('Name'), - 'description' => __('Description'), - //'user_id' => __('User ID'), - 'client_id' => __('Client ID') //, - //'redirect_uri' => __('Redirect URI') - ); - } - - /** - * Decide which columns to activate the sorting functionality on - * @return array $sortable, the array of columns that can be sorted by the user - */ - public function get_sortable_columns() { - return $sortable = array( - //'name' => array('name'), - //'user_id'=>array('user_id') - ); - } - - /** - * Prepare the table with different parameters, pagination, columns and table elements - */ - function prepare_items() { - global $wpdb, $_wp_column_headers; - $screen = get_current_screen(); - - /* -- Preparing your query -- */ - $query = "SELECT * FROM {$wpdb->prefix}oauth_clients"; - - /* -- Ordering parameters -- */ - //Parameters that are going to be used to order the result - $orderby = !empty($_GET["orderby"]) ? mysql_real_escape_string($_GET["orderby"]) : 'ASC'; - $order = !empty($_GET["order"]) ? mysql_real_escape_string($_GET["order"]) : ''; - if(!empty($orderby) & !empty($order)){ $query.=' ORDER BY '.$orderby.' '.$order; } - - /* -- Pagination parameters -- */ - //Number of elements in your table? - $totalitems = $wpdb->query($query); //return the total number of affected rows - //How many to display per page? - $perpage = 5; - //Which page is this? - $paged = !empty($_GET["paged"]) ? mysql_real_escape_string($_GET["paged"]) : ''; - //Page Number - if(empty($paged) || !is_numeric($paged) || $paged<=0 ){ $paged=1; } - //How many pages do we have in total? - $totalpages = ceil($totalitems/$perpage); - //adjust the query to take pagination into account - if(!empty($paged) && !empty($perpage)){ - $offset=($paged-1)*$perpage; - $query.=' LIMIT '.(int)$offset.','.(int)$perpage; - } - - /* -- Register the pagination -- */ - $this->set_pagination_args( array( - "total_items" => $totalitems, - "total_pages" => $totalpages, - "per_page" => $perpage, - ) ); - //The pagination links are automatically built according to those parameters - - /* — Register the Columns — */ - $columns = $this->get_columns(); - $hidden = array(); - $sortable = $this->get_sortable_columns(); - $this->_column_headers = array($columns, $hidden, $sortable); - - /* -- Fetch the items -- */ - $this->items = $wpdb->get_results($query); - } - - /** - * Display the rows of records in the table - * @return string, echo the markup of the rows - */ - function display_rows() { - //Get the records registered in the prepare_items method - $records = $this->items; - - //Get the columns registered in the get_columns and get_sortable_columns methods - list( $columns, $hidden ) = $this->get_column_info(); - - //Loop for each record - if(!empty($records)){foreach($records as $rec){ - - //Open the line - echo ''; - foreach ( $columns as $column_name => $column_display_name ) { - - //Style attributes for each col - $class = "class='$column_name column-$column_name'"; - $style = ""; - if ( in_array( $column_name, $hidden ) ) $style = ' style="display:none;"'; - $attributes = $class . $style; - - //edit link - //$editlink = '/wp-admin/link.php?action=edit&link_id='.(int)$rec->client_id; - - //Display the cell - switch ( $column_name ) { - case "name": - $edit_link = site_url() . '?wpoauthincludes=edit&_wp_nonce=' . wp_create_nonce( 'wpo-edit-client' ) . '&client_id='.$rec->client_id.'&TB_iframe=true&width=600&height=420'; - echo ''.stripslashes($rec->name).'
Edit | client_id).'\');" href="#">Delete | Show Secret
'; break; - - case "description": echo ''.stripslashes($rec->description).''; break; - //case "user_id": echo ''.stripslashes($rec->user_id).''; break; - case "client_id": echo ''.$rec->client_id.''; break; - // case "redirect_uri": echo ''.$rec->redirect_uri.''; break; - case "col_link_visible": echo ''.$rec->link_visible.''; break; - } - } - - //Close the line - echo''; - }} - } + /** + * Constructor, we override the parent to pass our own arguments + * We usually focus on three parameters: singular and plural labels, as well as whether the class supports AJAX. + */ + function __construct() { + parent::__construct( array( + 'singular'=> 'wp_list_text_link', //Singular label + 'plural' => 'wp_list_test_links', //plural label, also this well be one of the table css class + 'ajax' => false //We won't support Ajax for this table + ) ); + } + + /** + * Add extra markup in the toolbars before or after the list + * @param string $which, helps you decide if you add the markup after (bottom) or before (top) the list + */ + function extra_tablenav( $which ) { + if ( $which == "top" ){ + return false; + } + if ( $which == "bottom" ){ + return false; + } + } + + /** + * Overide default functionality to remove _nonce field + * @return [type] [description] + */ + function display_tablenav ( $which ) { + ?> +
+
+ bulk_actions( $which ); ?> +
+ extra_tablenav( $which ); + $this->pagination( $which ); + ?> +
+
+ __('Name'), + 'description' => __('Description'), + //'user_id' => __('User ID'), + 'client_id' => __('Client ID') //, + //'redirect_uri' => __('Redirect URI') + ); + } + + /** + * Decide which columns to activate the sorting functionality on + * @return array $sortable, the array of columns that can be sorted by the user + */ + public function get_sortable_columns() { + return $sortable = array( + //'name' => array('name'), + //'user_id'=>array('user_id') + ); + } + + /** + * Prepare the table with different parameters, pagination, columns and table elements + */ + function prepare_items() { + global $wpdb, $_wp_column_headers; + $screen = get_current_screen(); + + $query = "SELECT * FROM {$wpdb->prefix}oauth_clients"; + + $orderby = ! empty( $_GET['orderby'] ) ? mysql_real_escape_string( $_GET['orderby'] ) : 'ASC'; + $order = ! empty( $_GET['order'] ) ? mysql_real_escape_string( $_GET['order'] ) : ''; + + if( ! empty( $orderby ) & ! empty( $order ) ) { + $query .= ' ORDER BY ' . $orderby . ' ' . $order; + } + + $totalitems = $wpdb->query( $query ); + $perpage = 5; + $paged = ! empty( $_GET['paged'] ) ? mysql_real_escape_string( $_GET['paged'] ) : ''; + + if( empty( $paged ) || ! is_numeric( $paged ) || $paged <= 0 ) { + $paged = 1; + } + + $totalpages = ceil( $totalitems / $perpage ); + + if( ! empty( $paged ) && ! empty( $perpage ) ) { + $offset = ( $paged - 1 ) * $perpage; + $query.= ' LIMIT ' . (int) $offset . ',' . (int) $perpage; + } + + $this->set_pagination_args( array( + 'total_items' => $totalitems, + 'total_pages' => $totalpages, + 'per_page' => $perpage, + ) ); + + $columns = $this->get_columns(); + $hidden = array(); + $sortable = $this->get_sortable_columns(); + $this->_column_headers = array( $columns, $hidden, $sortable ); + $this->items = $wpdb->get_results($query); + } + + /** + * Display the rows of records in the table + * @return string, echo the markup of the rows + */ + function display_rows() { + //Get the records registered in the prepare_items method + $records = $this->items; + + //Get the columns registered in the get_columns and get_sortable_columns methods + list( $columns, $hidden ) = $this->get_column_info(); + + //Loop for each record + if(!empty($records)){foreach($records as $rec){ + + //Open the line + echo ''; + foreach ( $columns as $column_name => $column_display_name ) { + + //Style attributes for each col + $class = "class='$column_name column-$column_name'"; + $style = ""; + if ( in_array( $column_name, $hidden ) ) $style = ' style="display:none;"'; + $attributes = $class . $style; + + //edit link + //$editlink = '/wp-admin/link.php?action=edit&link_id='.(int)$rec->client_id; + + //Display the cell + switch ( $column_name ) { + case "name": + $edit_link = site_url() . '?wpoauthincludes=edit&_wp_nonce=' . wp_create_nonce( 'wpo-edit-client' ) . '&client_id='.$rec->client_id.'&TB_iframe=true&width=600&height=420'; + echo ''.stripslashes($rec->name).'
Edit | client_id).'\');" href="#">Delete | Show Secret
'; break; + + case "description": echo ''.stripslashes($rec->description).''; break; + //case "user_id": echo ''.stripslashes($rec->user_id).''; break; + case "client_id": echo ''.$rec->client_id.''; break; + // case "redirect_uri": echo ''.$rec->redirect_uri.''; break; + case "col_link_visible": echo ''.$rec->link_visible.''; break; + } + } + + //Close the line + echo''; + }} + } } ?> \ No newline at end of file diff --git a/library/keys/private_key.pem b/library/keys/private_key.pem deleted file mode 100644 index 12f2281..0000000 --- a/library/keys/private_key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA0B0sd82KRixVjpmB6aM4skQxM6kfQs5zjMVUKaKf9Pol0dPO -CKjki9pVjU17yX4HenCdsl0W5msQM7X/15SOuUBUzp1Afmcz/ehh0/+98qfh3vkK -7NXSlriOGHkmNOmy31/qY1I5hNLvsVmtuQ3dX2okirPrGRPkqpVyF8CYeoHEiIE+ -7dhKbyLgSoMo6D7nXdBS8vNlNVAlsxfQg9EprmjwgnKUbTQj3VdHHy4NuOwCNlT7 -zcDuYRMrb1OfKrpCTTvrEnPCsAiC7DPqRKP0pOZa/O8YSbH5EikRSOuOAsAC5HC9 -ITFm1qzWkrBq0GweOqJ85hLi47CMyvl0AEcEAwIDAQABAoIBACF1DzkTai9t4TNT -qncNLog6Pk632ba7ygfPkYBADMctj/bzviPWQyfYqfhVhJkYEcu1XyTVomDYxXoK -wF7AG1Hc7cVpsnyfytP/D/stGjRwmPdnwkHg/kIM2YtFrsbC62bN3Liq92RLJQ22 -BR/DAtvcDJPf6OPXNuPVssnuxJStDcsJ7vT1XJsUPys1pfqVNnQYBiKH79DfAXuh -BmZNIx6E/SLJSKz9HA3YQFbicRbDbKzeFVkZCO+J1rX8HhkGwHMtATUO54SqsCkV -bu6TkjCT64LIRQUkTdlFyF5BW0dMilAtF3U9ArSmmszvylGMmxOEoMFivNDrzzsC -33cbYUECgYEA8NxKHh5AUmr8izF48Rqg3XVWqpP/nCnEBVKlB9GqI8Pdq/OfSeBO -HKp/6wWoMiIGdhbW5XiMavOcz9WTM0623Eh6OIR02AtsLtGHcqvk8w4V1vDxA261 -4NZ3Lgxfmc9KUWCPY7a5kF6gmowCP1z3rN+GlMIR3MAiLydjZBn7jX0CgYEA3TH0 -y7LqJ287qOOplOf5wu1fKu7XWUGdLMDM7XNICIx1/c8CcRRvn+kQ8NKBlP/yfMKC -5JdVgj9TmyriukOx6rvs8B+VpSmDhlt2CkHMAtlWu92jT21SU8XPyFBU6CIqCjuV -vm//IOBmDUnfj4ZWAccxL1UY+f+UlRD4v2Cvj38CgYEAkDXlLqlAK9igwpppZjpi -TJY/wLwCFDcxhVpZMxhGvUk9hQHFwo7JVgKDumzVqsaShcvg+N23fSXFIu8mRlb/ -x16hxwsPhnc4W8PaTD89QoWRb/Ms6rgzr53ZF7oS1120ioq875/s9NKjaEUh51w7 -cscWpiSYW0qybPcxXDLuWWUCgYEAyFqRo1ih46pLXcUpO+mLP9cGlrrUcNKP7ZON -i58aJjQkRAuX6JlcKnpPj/L80Nus5vjA2xGAsINv1WLZD2J162rhSPcy8vFRYwfB -ObUzd3kpqO0vGaiqI5tPg9/PqJwZfD9Qebi0XTEk/vBlAXnquZ2VnYv1Ha01Bnji -92Y6Xz0CgYEAtZ/0jXSXC1Oj0LTfpweTi6B5EYnfwoSaxwCeDKrNvVUji2nRPIVe -E1bjujhGazYdK543LFEv36IgjL7muODhXZUZQ4R+5+OAasMmgadLc3z311m4mcVS -XGCl7bKJG4dTN48cmNmhr2Icaf6psTnlcvNEIgBajpfhWrhKTeJ6Akw= ------END RSA PRIVATE KEY----- diff --git a/library/keys/public_key.pem b/library/keys/public_key.pem deleted file mode 100644 index 746e6b1..0000000 --- a/library/keys/public_key.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0B0sd82KRixVjpmB6aM4 -skQxM6kfQs5zjMVUKaKf9Pol0dPOCKjki9pVjU17yX4HenCdsl0W5msQM7X/15SO -uUBUzp1Afmcz/ehh0/+98qfh3vkK7NXSlriOGHkmNOmy31/qY1I5hNLvsVmtuQ3d -X2okirPrGRPkqpVyF8CYeoHEiIE+7dhKbyLgSoMo6D7nXdBS8vNlNVAlsxfQg9Ep -rmjwgnKUbTQj3VdHHy4NuOwCNlT7zcDuYRMrb1OfKrpCTTvrEnPCsAiC7DPqRKP0 -pOZa/O8YSbH5EikRSOuOAsAC5HC9ITFm1qzWkrBq0GweOqJ85hLi47CMyvl0AEcE -AwIDAQAB ------END PUBLIC KEY----- diff --git a/readme.txt b/readme.txt index 7f08e9a..6c09138 100644 --- a/readme.txt +++ b/readme.txt @@ -4,8 +4,8 @@ Contributors: justingreerbbi Donate link: http://justin-greer.com/ Tags: OAuth2 Service, oauth2, OAuth provider, Provider, OAuth, OAuth client, Single Sign On, SSO, OpenID Connect, OIDC, OpenID, Connect Requires at least: 4.3 -Tested up to: 4.4.1 -Stable tag: 3.1.95 +Tested up to: 4.4.2 +Stable tag: 3.1.96 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -94,8 +94,9 @@ For any upgrade or modification, PLEASE PLEASE PLEASE make a full backup of your == Changelog == = 3.1.96 = -* Minor Tweaks -* Now sends proper config to refresh token controller +* Restructuring and clean up. +* Refresh token controller now accepts parameters properly. +* Rewrote rewrite functionality to fix issues regarding rewrites on ever load. = 3.1.95 = * Removed ALTER query. There is no need and someone updating from older version will experience issues anyways. Step by step upgrading is required. diff --git a/wp-oauth-main.php b/wp-oauth-main.php index 7340325..a64fa1a 100644 --- a/wp-oauth-main.php +++ b/wp-oauth-main.php @@ -6,16 +6,13 @@ * @author Justin Greer * @package WordPress OAuth Server */ -if (!function_exists('add_filter')) { - header('Status: 403 Forbidden'); - header('HTTP/1.1 403 Forbidden'); - exit(); -} + +defined( 'ABSPATH' ) or die( 'No script kiddies please!' ); class WO_Server { /** Plugin Version */ - public $version = "3.1.95"; + public $version = "3.1.96"; /** Server Instance */ public static $_instance = null; @@ -52,19 +49,8 @@ function __construct() { } spl_autoload_register( array( $this, 'autoload') ); - /** - * Custom Authentication Hook - * This MUST run before anything just to be safe. - * - * @since 3.1.3 - */ + add_filter( 'determine_current_user', array($this, '_wo_authenicate_bypass'), 21); - - /** - * load all dependents - * - * @since 1.0.0 - */ add_action("init", array(__CLASS__, "includes")); } diff --git a/wp-oauth.php b/wp-oauth.php index 0cde01f..fac5ab8 100644 --- a/wp-oauth.php +++ b/wp-oauth.php @@ -2,7 +2,7 @@ /** * Plugin Name: WP OAuth Server * Plugin URI: http://wp-oauth.com - * Version: 3.1.95 + * Version: 3.1.96 * Description: Use WordPress to power your OAuth Server. Provide Single Sign On and other OAuth functionality. * Author: Justin Greer * Author URI: http://wp-oauth.com @@ -32,24 +32,27 @@ * * Since PHP 5.4, WP will through notices due to the way WP calls statically */ -add_action( 'wp_loaded', '_wo_register_files' ); -function _wo_register_files() { +function _wo_server_register_files() { wp_register_style( 'wo_admin', plugins_url( '/assets/css/admin.css', __FILE__ ) ); wp_register_script( 'wo_admin', plugins_url( '/assets/js/admin.js', __FILE__ ) ); } +add_action( 'wp_loaded', '_wo_server_register_files' ); -/** Grab the main class file */ -require_once( dirname(__FILE__) . '/wp-oauth-main.php'); +require_once( dirname(__FILE__) . '/wp-oauth-main.php' ); -function _wo_server_init() { - _wo_register_rewrites(); +/** + * Adds/registers query vars + * @return void + */ +function _wo_server_register_query_vars() { + _wo_server_register_rewrites(); global $wp; $wp->add_query_var( 'oauth' ); $wp->add_query_var( 'well-known' ); $wp->add_query_var( 'wpoauthincludes' ); } -add_action( 'init', '_wo_server_init' ); +add_action( 'init', '_wo_server_register_query_vars' ); /** * Registers rewrites for OAuth2 Server @@ -61,26 +64,26 @@ function _wo_server_init() { * * @return void */ -function _wo_register_rewrites() { - add_rewrite_rule( '^oauth/authorize/?$','index.php?oauth=authorize','top' ); - add_rewrite_rule( '^oauth/token/?$','index.php?oauth=token','top' ); - add_rewrite_rule( '^oauth/.well-known/?$','index.php?well-known=$matches[1]','top' ); - add_rewrite_rule( '^oauth/wpoauthincludes/?$','index.php?wpoauthincludes=$matches[1]','top' ); +function _wo_server_register_rewrites() { + add_rewrite_rule( '^oauth/(.+)','index.php?oauth=$matches[1]','top' ); + add_rewrite_rule( '^.well-known/(.+)','index.php?well-known=$matches[1]','top' ); + add_rewrite_rule( '^wpoauthincludes/(.+)','index.php?wpoauthincludes=$matches[1]','top' ); } /** * [template_redirect_intercept description] * @return [type] [description] */ -function _wo_template_redirect_intercept( $template ) { +function _wo_server_template_redirect_intercept( $template ) { global $wp_query; + if ( $wp_query->get( 'oauth' ) || $wp_query->get( 'well-known' ) ) { - require_once dirname( __FILE__ ) . '/library/class-wo-api.php'; - exit; + //print $wp_query->get( 'oauth' ); exit; + require_once dirname( __FILE__ ) . '/library/class-wo-api.php'; + exit; } - /** @since 3.1.6 | used by admin only */ - if ( $wp_query->get('wpoauthincludes') ) { + if ( $wp_query->get( 'wpoauthincludes' ) ) { $allowed_includes = array( 'create' => dirname( WPOAUTH_FILE ) . '/library/content/create-new-client.php', 'edit' => dirname( WPOAUTH_FILE ) . '/library/content/edit-client.php' @@ -92,35 +95,35 @@ function _wo_template_redirect_intercept( $template ) { return $template; } -add_filter( 'template_include', '_wo_template_redirect_intercept', 100); +add_filter( 'template_include', '_wo_server_template_redirect_intercept', 100); /** * OAuth2 Server Activation * @param [type] $network_wide [description] * @return [type] [description] */ -function _wo_activation( $network_wide ) { +function _wo_server_activation( $network_wide ) { if ( function_exists( 'is_multisite' ) && is_multisite() && $network_wide ) { $mu_blogs = wp_get_sites(); foreach ( $mu_blogs as $mu_blog ) { switch_to_blog( $mu_blog['blog_id'] ); - _wo_register_rewrites(); + _wo_server_register_rewrites(); flush_rewrite_rules(); } restore_current_blog(); } else { - _wo_register_rewrites(); + _wo_server_register_rewrites(); flush_rewrite_rules(); } } -register_activation_hook( __FILE__, '_wo_activation' ); +register_activation_hook( __FILE__, '_wo_server_activation' ); /** * OAuth Server Deactivation * @param [type] $network_wide [description] * @return [type] [description] */ -function _wo_deactivation( $network_wide ) { +function _wo_server_deactivation( $network_wide ) { if ( function_exists( 'is_multisite' ) && is_multisite() && $network_wide ) { $mu_blogs = wp_get_sites(); foreach ( $mu_blogs as $mu_blog ) { @@ -132,7 +135,7 @@ function _wo_deactivation( $network_wide ) { flush_rewrite_rules(); } } -register_deactivation_hook( __FILE__, '_wo_deactivation' ); +register_deactivation_hook( __FILE__, '_wo_server_deactivation' ); /** * @todo Move setup and upgrade inside the function wo_plugin_activate()