diff --git a/Affinidi.php b/Affinidi.php index 879fd1f..c32e9ee 100644 --- a/Affinidi.php +++ b/Affinidi.php @@ -8,7 +8,7 @@ */ class Affinidi { - public $version = '1.0.0'; + public $version = '1.1.0'; public static $_instance = null; @@ -26,7 +26,6 @@ class Affinidi public function __construct() { add_action('init', [__CLASS__, 'includes']); - //add_action('init', [__CLASS__, 'custom_login']); // when activated, Affinidi Login will become the only login option } /** @@ -50,9 +49,12 @@ public static function instance() */ public static function includes() { - require_once(AFFINIDI_PLUGIN_DIR . '/includes/functions.php'); require_once(AFFINIDI_PLUGIN_DIR . '/includes/wp-affinidi-login-admin-options.php'); + require_once(AFFINIDI_PLUGIN_DIR . '/includes/wp-affinidi-login-admin-settings.php'); require_once(AFFINIDI_PLUGIN_DIR . '/includes/wp-affinidi-login-rewrites.php'); + require_once(AFFINIDI_PLUGIN_DIR . '/includes/wp-affinidi-login-idtoken.php'); + require_once(AFFINIDI_PLUGIN_DIR . '/includes/wp-affinidi-login-wc.php'); + require_once(AFFINIDI_PLUGIN_DIR . '/includes/functions.php'); } /** @@ -60,33 +62,19 @@ public static function includes() */ public function setup() { - $options = get_option('affinidi_options'); - if (!isset($options['backend'])) { + $admin_options = get_option('affinidi_options'); + + if (!isset($admin_options['backend'])) { update_option('affinidi_options', $this->default_settings); } - $this->install(); - } - /** - * When wp-login.php was visited, redirect to the login page of affinidi - * - * @return void - */ - public static function custom_login() - { - global $pagenow; - $activated = absint(affinidi_get_option('active')); - if ('wp-login.php' == $pagenow && $_GET['action'] != 'logout' && $activated) { - $url = get_affinidi_login_url(); - wp_redirect($url); - exit(); - } + $this->install(); } public function logout() { wp_redirect(home_url()); - die(); + exit(); } /** @@ -98,9 +86,27 @@ public function wp_enqueue() { // Registers the script if $src provided (does NOT overwrite), and enqueues it. wp_enqueue_script('jquery-ui-accordion'); - // Registers the style if source provided (does NOT overwrite) and enqueues. - wp_enqueue_style('affinidi_admin'); - wp_enqueue_script('affinidi_admin'); + } + + /** + * Register and enqueue a custom stylesheet in the WordPress admin. + */ + public function affinidi_login_enqueue_admin_scripts() { + wp_register_style( 'affinidi_login_admin_css', plugins_url('/assets/css/admin.css', __FILE__), false, $this->version ); + wp_enqueue_style( 'affinidi_login_admin_css' ); + + wp_register_script( 'affinidi_login_admin_js', plugins_url('/assets/js/admin.js', __FILE__), false, $this->version, true ); + wp_enqueue_script( 'affinidi_login_admin_js' ); + } + + public function affinidi_login_enqueue_fe_scripts() + { + // Register a CSS stylesheet. + wp_register_style('affinidi_login_fe_css', plugins_url('/assets/css/affinidi-login.css', __FILE__), false, $this->version); + wp_enqueue_style( 'affinidi_login_fe_css' ); + // Register a new script. + wp_register_script('affinidi_login_fe_js', plugins_url('/assets/js/affinidi-login.js', __FILE__), array(), $this->version, true); + wp_enqueue_script( 'affinidi_login_fe_js' ); } /** diff --git a/assets/css/affinidi-login.css b/assets/css/affinidi-login.css index 24a03db..16cbeed 100644 --- a/assets/css/affinidi-login.css +++ b/assets/css/affinidi-login.css @@ -56,6 +56,12 @@ div.form-affinidi-login { text-align: center; } +div.form-affinidi-login div { + display: flex; + align-items: center; + justify-content: center; +} + div.form-affinidi-login a.affinidi-login { margin: 0 auto; } \ No newline at end of file diff --git a/includes/functions.php b/includes/functions.php index c5eba45..7862f62 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -3,73 +3,6 @@ // ABSPATH prevent public user to directly access your .php files through URL. defined('ABSPATH') or die('No script kiddies please!'); -function defaults() -{ - return [ - 'client_id' => '', - 'backend' => '', - 'redirect_user_origin' => 0, - 'enable_ecommerce_support' => '', - 'ecommerce_sync_address_info' => 'billing', - 'ecommerce_show_al_button' => 'top_form', - 'affinidi_login_loginform_header' => 'Log in passwordless with', - 'affinidi_login_regform_header' => 'Sign up seamlessly with', - ]; -} - -/** - * get option value - * - * @param string $option_name - * - * @return void|string - */ -function affinidi_get_option(string $option_name) -{ - $options = array_shift(get_options(array(WP_Affinidi_Login_Admin::OPTIONS_NAME))); - - if (!empty($v = $options[$option_name])) { - return $v; - } -} - -function affinidi_set_options(string $key, $value) -{ - $options = array_shift(get_options(array(WP_Affinidi_Login_Admin::OPTIONS_NAME))); - $options[$key] = $value; - update_option(WP_Affinidi_Login_Admin::OPTIONS_NAME, $options); -} -function remove_footer_admin () -{ - echo ''; -} - -add_filter('admin_footer_text', 'remove_footer_admin'); - -/** - * Get the login url of affinidi - * - * @param string $redirect - * - * @return string - */ -function get_affinidi_login_url(string $redirect = ''): string -{ - $params = [ - 'oauth' => 'authorize', - 'response_type' => 'code', - 'scope' => 'openid', - 'client_id' => affinidi_get_option('client_id'), - 'code_challenge' => $code_challenge, - 'code_challenge_method' => 'S256', - 'token_endpoint_auth_method' => 'none', - 'redirect_uri' => site_url('?auth=affinidi'), - 'state' => urlencode($user_redirect) - ]; - $params = http_build_query($params); - return affinidi_get_option('backend') . '/oauth2/auth?' . $params; -} - /** * Add login button for affinidi on the login form. * @@ -78,71 +11,21 @@ function get_affinidi_login_url(string $redirect = ''): string function affinidi_login_form_button() { - $redirect_to = affinidi_get_user_redirect_url(); - ?> - -
-

Log in passwordless with

- Affinidi Login -
-
- 'Affinidi Login', 'class' => 'affinidi-login', @@ -165,33 +51,24 @@ function affinidi_login_button_shortcode($atts = array()) 'text' => 'Affinidi Login' ], $atts); - $redirect_to = affinidi_get_user_redirect_url(); + $affinidi_login_button_shortcode = sprintf( + '%s', + esc_attr($a['class']), + esc_url(site_url('?auth=affinidi&state=' . $state)), + esc_attr($a['title']), + esc_attr($a['target']), + esc_html($a['text']) + ); - return '' . esc_html($a['text']) . ''; + return wp_kses_post($affinidi_login_button_shortcode); } add_shortcode('affinidi_login', 'affinidi_login_button_shortcode'); -function get_wc_login_form_button($atts = array()) { - - $options = array_shift(get_options(array('affinidi_options'))); - - $display_button_header = $options['affinidi_login_loginform_header']; - - return ' -
' . affinidi_login_button_shortcode($atts) . '
'; -} - -function get_wc_regs_form_button($atts = array()) { - - $options = array_shift(get_options(array('affinidi_options'))); - - $display_button_header = $options['affinidi_login_regform_header']; - - return ' -
' . affinidi_login_button_shortcode($atts) . '
'; -} - /** * Get user login redirect. * Just in case the user wants to redirect the user to a new url. @@ -203,6 +80,8 @@ function affinidi_get_user_redirect_url(): string // Global WP instance global $wp; + $admin_options = new Affinidi_Login_Admin_Options(); + // Homepage as default redirect $redirect_url = home_url(); @@ -211,12 +90,15 @@ function affinidi_get_user_redirect_url(): string $redirect_url = admin_url(); } + // Not processing form. + // phpcs:disable WordPress.Security.NonceVerification.Recommended + // Check if we are passing redirect_to value, use it if ( isset( $_REQUEST['redirect_to'] ) ) { $redirect_url = esc_url_raw( wp_unslash( $_REQUEST['redirect_to'] ) ); } else { // Get the current page of the user where the button is triggered (if redirect to dashboard is not set) - if ( affinidi_get_option('redirect_user_origin') == 1) { + if ( $admin_options->redirect_user_origin == 1) { if ( ! empty( $wp->request ) ) { if ( ! empty( $wp->did_permalink ) && $wp->did_permalink == true ) { // build url from the current page with query strings attached @@ -233,12 +115,14 @@ function affinidi_get_user_redirect_url(): string } } + // phpcs:enable WordPress.Security.NonceVerification.Recommended + // generate random state $state = md5( wp_rand() . microtime( true ) ); // store redirect_to transient info to options $affinidi_state_values = array( $state => array( - 'redirect_to' => $redirect_url + 'redirect_to' => sanitize_url($redirect_url) ) ); set_transient("affinidi_user_redirect_to" . $state, $affinidi_state_values, 300); @@ -247,179 +131,22 @@ function affinidi_get_user_redirect_url(): string } -function extract_claim($idToken, $field, $isCustom = true) { - - if ($isCustom) { - return isset($idToken['custom'][$field]) ? $idToken['custom'][$field] : ""; - } - // return from top-level - return isset($idToken[$field]) ? $idToken[$field] : ""; - -} - -function extract_user_info($info) { - - // extract user info - $email = extract_claim($info, 'email', false); - $firstName = extract_claim($info, 'given_name', false); - $lastName = extract_claim($info, 'family_name', false); - $displayName = trim("{$firstName} {$lastName}"); - - return array( - 'email' => $email, - 'first_name' => $firstName, - 'last_name' => $lastName, - 'display_name' => $displayName - ); - -} - -function extract_contact_info($info) { - // get list of countries for transformation - include_once(AFFINIDI_PLUGIN_DIR . '/templates/countries-list.php'); - // extract user info - $streetAddress = extract_claim($info['address'], 'street_address', false); - $locality = extract_claim($info['address'], 'locality', false); - $region = extract_claim($info['address'], 'region', false); - $postalCode = extract_claim($info['address'], 'postal_code', false); - $country = extract_claim($info['address'], 'country', false); - $phoneNumber = extract_claim($info, 'phone_number', false); - - // get the country code - $country = array_search($country, $countries_list); - - return array( - 'address_1' => $streetAddress, - 'city' => $locality, - 'state' => $region, - 'postcode' => $postalCode, - 'country' => $country, - 'phone' => $phoneNumber - ); -} - -function set_wc_billing_address($customer, $userInfo, $contactInfo) { - // set billing info - $customer->set_billing_first_name($userInfo['first_name']); - $customer->set_billing_last_name($userInfo['last_name']); - $customer->set_billing_email($userInfo['email']); - $customer->set_billing_phone($contactInfo['phone']); - - $customer->set_billing_address($contactInfo['address_1']); - $customer->set_billing_city($contactInfo['city']); - $customer->set_billing_state($contactInfo['state']); - $customer->set_billing_postcode($contactInfo['postcode']); - $customer->set_billing_country($contactInfo['country']); - - $customer->save(); -} - -function set_wc_shipping_address($customer, $userInfo, $contactInfo) { - // set billing info - $customer->set_shipping_first_name($userInfo['first_name']); - $customer->set_shipping_last_name($userInfo['last_name']); - $customer->set_shipping_phone($contactInfo['phone']); - - $customer->set_shipping_address($contactInfo['address_1']); - $customer->set_shipping_city($contactInfo['city']); - $customer->set_shipping_state($contactInfo['state']); - $customer->set_shipping_postcode($contactInfo['postcode']); - $customer->set_shipping_country($contactInfo['country']); - - $customer->save(); -} - -function sync_address_info($userId, $userInfo, $contactInfo, $isSignup) { - // is WC support enabled? - if (is_woocommerce_activated()) { - // Get the WC_Customer instance object from user ID - $customer = new WC_Customer( $userId ); - // sync address info from Vault - if ($isSignup) { - set_wc_billing_address($customer, $userInfo, $contactInfo); - set_wc_shipping_address($customer, $userInfo, $contactInfo); - } else if (affinidi_get_option('ecommerce_sync_address_info') == "billing") { - set_wc_billing_address($customer, $userInfo, $contactInfo); - } else if (affinidi_get_option('ecommerce_sync_address_info') == "billing_shipping") { - set_wc_billing_address($customer, $userInfo, $contactInfo); - set_wc_shipping_address($customer, $userInfo, $contactInfo); - } else { - // do nothing - } - } -} - - -function wp_users_can_signup() { +function affinidi_login_users_can_signup() { return is_multisite() ? users_can_register_signup_filter() : get_site_option( 'users_can_register' ); } - -function filter_woocommerce_customer_login_form( $html ) { - // display affinidi login button - // HTML attr and text already escaped - // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped - return printf(get_wc_login_form_button(array())); - // phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped -} - -function filter_woocommerce_customer_regs_form( $html ) { - // display affinidi login button - // HTML attr and text already escaped - // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped - return printf(get_wc_regs_form_button(array())); - // phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped -} - -function filter_position_al_button_wc_myaccount_form() { - - if (!is_woocommerce_activated()) { - return; - } - - $options = array_shift(get_options(array('affinidi_options'))); - - $display_button_opt = $options['ecommerce_show_al_button']; - - if ($display_button_opt == "") { - // do nothing - return; - } - - $button_position = $display_button_opt == 'top_form' ? 'woocommerce_login_form_start' : 'woocommerce_login_form_end'; - - add_filter( $button_position, 'filter_woocommerce_customer_login_form' ); -} - -function filter_position_al_button_wc_reg_form() { - - if (!is_woocommerce_activated()) { - return; - } - - $options = array_shift(get_options(array('affinidi_options'))); - - $display_button_opt = $options['ecommerce_show_al_button']; - - if ($display_button_opt == "") { - // do nothing - return; - } - - $button_position = $display_button_opt == 'top_form' ? 'woocommerce_register_form_start' : 'woocommerce_register_form_end'; - - add_filter( $button_position, 'filter_woocommerce_customer_regs_form' ); -} - /** * Check if WooCommerce is activated */ -if ( ! function_exists( 'is_woocommerce_activated' ) ) { - function is_woocommerce_activated() { +if ( ! function_exists( 'affinidi_login_wc_active' ) ) { + function affinidi_login_wc_active() { if ( class_exists( 'woocommerce' ) ) { return true; } else { return false; } } } -// filter display button for wc -filter_position_al_button_wc_myaccount_form(); -filter_position_al_button_wc_reg_form(); +// do we have active WooCommerce? +if (affinidi_login_wc_active()) { + $affinidi_login_wc = new Affinidi_Login_WooCommerce( new Affinidi_Login_Admin_Options() ); + // display buttons + $affinidi_login_wc->filter_display_affinidi_login_button(); +} \ No newline at end of file diff --git a/includes/wp-affinidi-login-admin-options.php b/includes/wp-affinidi-login-admin-options.php index ec8d646..ef5a89c 100644 --- a/includes/wp-affinidi-login-admin-options.php +++ b/includes/wp-affinidi-login-admin-options.php @@ -3,228 +3,45 @@ // ABSPATH prevent public user to directly access your .php files through URL. defined('ABSPATH') or die('No script kiddies please!'); -/** - * Class affinidi_admin - */ -class WP_Affinidi_Login_Admin -{ - const OPTIONS_NAME = 'affinidi_options'; +class Affinidi_Login_Admin_Options { - public static function init() - { - // add_action adds a callback function to an action hook. - // admin_init fires as an admin screen or script is being initialized. - add_action('admin_init', [new self, 'admin_init']); - // admin_menu fires before the administration menu loads in the admin. - // This action is used to add extra submenus and menu options to the admin panel’s menu structure. It runs after the basic admin panel menu structure is in place. - add_action('admin_menu', [new self, 'add_page']); - } + const OPTION_NAME = 'affinidi_options'; - /** - * [admin_init description] - * - * @return [type] [description] - */ - public function admin_init() - { - // A callback function that sanitizes the option's value - register_setting('affinidi_options', self::OPTIONS_NAME, [$this, 'validate']); - } + private $option_values; - /** - * Add affinidi submenu page to the settings main menu - */ - public function add_page() - { - add_options_page('Affinidi Login', 'Affinidi Login', 'manage_options', 'affinidi_settings', [$this, 'options_do_page']); - } + private $default_options; - /** - * [options_do_page description] - * - * @return [type] [description] - */ - public function options_do_page() - { - ?> -
-
-

Affinidi Login

- -
-
-

This plugin is meant to be used with Affinidi Login and uses PKCE extension of OAuth 2.0 standard.

-

- NOTE: If you want to add a - custom link anywhere in your theme, simply link to - or use the shortcode [affinidi_login] - if the user is not logged in. -

-
-

Step 1: Setup

-
- Create a Login Configuration -
    -
  1. Login to Affinidi Portal and go to the Affinidi Login service. -
    2. -
  2. Create a Login Configuration and set the following fields: -

    - Redirect URIs: -

    -

    - Auth method: None

    -
    3. -
  3. Copy the Client ID and Issuer URL and paste it in Step 2 below.
    4. -
  4. -

    Modify the Presentation Definition and ID Token Mapping using this template.

    -

    If you have activated a supported E-Commerce plugin on this WordPress site, use the template for E-Commerce.

    -
    5. -
-
-

Step 2: Configure

-
-
- - - - - - + public function __construct( $default_settings = array() ) { + $this->default_options = $default_settings; + $this->option_values = array(); - - - - + // on initialisation, retrieve the options + $this->option_values = get_option( self::OPTION_NAME, $this->default_options ); + } - - - - - - - - -
Client ID - -
Issuer URL - -

Example: https://[YOUR_PROJECT_ID].apse1.login.affinidi.io

-
Redirect user to Origin Page - /> -

By default, users will be redirected to Homepage. If the user used the wp-login.php form, they will be redirected to Dashboard.

-
Restrict flow to log in only (new users will not be allowed to signup) - -

Signup is currently enabled in the WordPress General Settings.

-

Update the WordPress settings if you wish to restrict users from signing up using their Vault.

- -

Sign up is currently disabled in the WordPress General Settings.

-

Update the WordPress settings if you wish to allow users to signup using their Vault.

- -
-
-
- -

There's no active supported e-commerce plugin configured on this WordPress site. E-Commerce Settings is disabled. To learn more about the supported e-commerce plugins, click here.

- option_values[ $key ] ) ) { + return $this->option_values[ $key ]; + } + } - if ($is_woocommerce_active) { - ?> -

WooCommerce Settings

-
- - - - - + public function __set( $key, $value ) { + $this->option_values[ $key ] = $value; + } - - - - + public function __isset( $key ) { + return isset( $this->option_values[ $key ] ); + } - - - - + public function get_options() { + return $this->option_values; + } - - - - -
Sync customer profile from Vault - -

Select whether to sync the user profile from Vault whenever the user logs in to their WooCommerce account or only sync their profile on sign-up. Sign-up will populate the customer's billing and shipping address info.

-

Remember to modify the Presentation Definition and ID Token Mapping using the E-Commerce template to request the user's profile from Affinidi Vault.

-
Display Affinidi Login button - -

If you choose "Use shortcode to display the button", use the shortcode [affinidi_login] and manually edit your desired page to display the button.

-
Affinidi Login button header (Login Form) - "/> -

Displays at the top of the Affinidi Login button in the Login Form of WooCommerce.

-
Affinidi Login button header (Registration Form) - "/> -

Displays at the top of the Affinidi Login button in the Registration Form of WooCommerce.

-
-
- -

- -

- -
-
-
-
- option_values ); + } } - -WP_Affinidi_Login_Admin::init(); diff --git a/includes/wp-affinidi-login-admin-settings.php b/includes/wp-affinidi-login-admin-settings.php new file mode 100644 index 0000000..6685d49 --- /dev/null +++ b/includes/wp-affinidi-login-admin-settings.php @@ -0,0 +1,267 @@ +admin_options = $options; + $this->option_name = $this->admin_options->get_option_name(); + } + + public static function init(Affinidi_Login_Admin_Options $options) + { + $admin_settings = new self($options); + // add_action adds a callback function to an action hook. + // admin_init fires as an admin screen or script is being initialized. + add_action('admin_init', [$admin_settings, 'admin_init']); + // admin_menu fires before the administration menu loads in the admin. + // This action is used to add extra submenus and menu options to the admin panel’s menu structure. It runs after the basic admin panel menu structure is in place. + add_action('admin_menu', [$admin_settings, 'add_page']); + } + + public function get_admin_settings() + { + return $this->admin_settings_fields; + } + + /** + * [admin_init description] + * + * @return [type] [description] + */ + public function admin_init() + { + // A callback function that sanitizes the option's value + register_setting('affinidi_options', $this->option_name, [$this, 'validate']); + } + + /** + * Add affinidi submenu page to the settings main menu + */ + public function add_page() + { + add_options_page('Affinidi Login', 'Affinidi Login', 'manage_options', 'affinidi_settings', [$this, 'options_do_page']); + } + + /** + * [options_do_page description] + * + * @return [type] [description] + */ + public function options_do_page() + { + ?> +
+
+

Affinidi Login

+ +
+
+

This plugin is meant to be used with Affinidi Login and uses PKCE extension of OAuth 2.0 standard.

+

+ NOTE: If you want to add a + custom link anywhere in your theme, simply link to + or use the shortcode [affinidi_login] + if the user is not logged in. +

+
+

Step 1: Setup

+
+ Create a Login Configuration +
    +
  1. Login to Affinidi Portal and go to the Affinidi Login service. +
    2. +
  2. Create a Login Configuration and set the following fields: +

    + Redirect URIs: +

    +

    + Auth method: None

    +
    3. +
  3. Copy the Client ID and Issuer URL and paste it in Step 2 below.
    4. +
  4. +

    Modify the Presentation Definition and ID Token Mapping using this template.

    +

    If you have activated a supported E-Commerce plugin on this WordPress site, use the template for E-Commerce.', 'affinid-login'); ?>

    +
    5. +
+
+

Step 2: Configure

+
+
+ + + + + + + + + + + + + + + + + + + + +
Client ID + +
Issuer URL + +

Example: https://[YOUR_PROJECT_ID].apse1.login.affinidi.io

+
Redirect user to Origin Page + admin_options->redirect_user_origin) == 1 ? 'checked="checked"' : ''; ?> /> +

By default, users will be redirected to Homepage. If the user used the wp-login.php form, they will be redirected to Dashboard.

+
Restrict user login flow + +

Signup is currently enabled in the WordPress General Settings.

+

Update the WordPress settings if you wish to restrict users from signing up using their Vault.

+ +

Sign up is currently disabled in the WordPress General Settings.

+

Update the WordPress settings if you wish to allow users to signup using their Vault.

+ +
+
+
+ +

WooCommerce Settings

+
+ + + + + + + + + + + + + + + + + + + + +
Sync customer profile from Vault + +

Select whether to sync the user profile from Vault whenever the user logs in to their WooCommerce account or only sync their profile on sign-up. Sign-up will populate the customer billing and shipping address info.

+

Remember to modify the Presentation Definition and ID Token Mapping using the E-Commerce template to request the user profile from Affinidi Vault.

+
Display Affinidi Login button + +

If you choose "Use shortcode to display the button", use the shortcode [affinidi_login] and manually edit your desired page to display the button.

+
Affinidi Login button header (Login Form) + admin_options->affinidi_login_loginform_header; + + echo esc_attr($text_value); + ?>"/> +

Displays at the top of the Affinidi Login button in the Login Form of WooCommerce.

+
Affinidi Login button header (Registration Form) + admin_options->affinidi_login_regform_header; + + echo esc_attr($text_value); + ?>"/> +

Displays at the top of the Affinidi Login button in the Registration Form of WooCommerce.

+
+
+ +

There's no active supported e-commerce plugin configured on this WordPress site. E-Commerce Settings is disabled. To learn more about the supported e-commerce plugins, click here.

+ +

+ +

+ +
+
+
+
+ get_admin_settings(); + $options = array(); + + foreach ( $admin_settings as $field ) { + if ( isset( $input[ $field ] ) ) { + $options[ $field ] = sanitize_text_field( trim( $input[ $field ] ) ); + } else { + $options[ $field ] = ''; + } + } + + return $options; + } +} + +$admin_options = new Affinidi_Login_Admin_Options(); + +Affinidi_Login_Admin_Settings::init($admin_options); diff --git a/includes/wp-affinidi-login-callback.php b/includes/wp-affinidi-login-callback.php index 122cb99..3912e57 100644 --- a/includes/wp-affinidi-login-callback.php +++ b/includes/wp-affinidi-login-callback.php @@ -16,16 +16,19 @@ session_start(); } +$admin_options = new Affinidi_Login_Admin_Options(); +$idtoken_parser = new Affinidi_Login_IDToken(); + // default to homepage if the state not found or expired $user_redirect = home_url(); +// Not processing form or storing data. +// phpcs:disable WordPress.Security.NonceVerification.Recommended + // Check for error, ensure state has value if (empty($_GET['state'])) { - // log error description on server side - $log_message = "Affinidi Login: state is empty".PHP_EOL; - error_log($log_message); // redirect user with error code - wp_safe_redirect($user_redirect . "?message=affinidi_login_failed"); + wp_safe_redirect(add_query_arg(array('message' => 'affinidi_login_failed_empty_state'), $user_redirect)); exit; } @@ -48,51 +51,60 @@ 'oauth' => 'authorize', 'response_type' => 'code', 'scope' => 'openid', - 'client_id' => affinidi_get_option('client_id'), + 'client_id' => $admin_options->client_id, 'redirect_uri' => site_url('?auth=affinidi'), 'state' => urlencode($state), 'code_challenge' => $code_challenge, 'code_challenge_method' => 'S256', ]; $params = http_build_query($params); - wp_redirect(affinidi_get_option('backend') . '/oauth2/auth?' . $params); + wp_redirect(sanitize_url($admin_options->backend) . '/oauth2/auth?' . $params); exit; } +// Check for error +if (empty($_GET['code']) && !empty($_GET['error_description'])) { + // redirect user with error code + wp_safe_redirect(add_query_arg(array('message' => 'affinidi_login_failed'), $user_redirect)); + + exit; +} + +// grab the code +$auth_code = sanitize_text_field($_GET['code']); // retrieve state and get the transient info for redirect -$state = sanitize_text_field($_GET['state']); +$state = sanitize_text_field($_GET['state']); $redirect_to = get_transient("affinidi_user_redirect_to".$state); + // check if the state exists if (!empty($redirect_to) && !empty($redirect_to[$state]) && !empty($redirect_to[$state]['redirect_to'])) { // set the redirect url based on state - $user_redirect = $redirect_to[$state]['redirect_to']; + $user_redirect = sanitize_url($redirect_to[$state]['redirect_to']); // delete the transient after delete_transient("affinidi_user_redirect_to".$state); } // Check for error -if (empty($_GET['code']) && !empty($_GET['error_description'])) { - // log error description on server side - $log_message = "Affinidi Login: error={$_GET['error']}&error_description={$_GET['error_description']}".PHP_EOL; - error_log($log_message); +if (empty($auth_code) && !empty($_GET['error_description'])) { // redirect user with error code - wp_safe_redirect($user_redirect . "?message=affinidi_login_failed&error={$_GET['error']}"); + wp_safe_redirect(add_query_arg(array('message' => 'affinidi_login_failed'), esc_url($user_redirect))); exit; } +// phpcs:enable WordPress.Security.NonceVerification.Recommended + // Handle the callback from the backend is there is one. -if (!empty($_GET['code'])) { +if (!empty($auth_code)) { - $code = sanitize_text_field($_GET['code']); - $backend = affinidi_get_option('backend') . '/oauth2/token'; + $backend = sanitize_url($admin_options->backend) . '/oauth2/token'; // retrieve the code verifier from the SESSION - $code_verifier = $_SESSION[$state]; + $code_verifier = sanitize_text_field($_SESSION[$state]); $request_body = [ 'grant_type' => 'authorization_code', - 'code' => $code, - 'client_id' => affinidi_get_option('client_id'), + 'code' => $auth_code, + 'client_id' => $admin_options->client_id, 'code_verifier' => $code_verifier, 'redirect_uri' => site_url('?auth=affinidi') ]; @@ -104,39 +116,32 @@ ); if (is_wp_error($response)) { - // log error description - $error_message = $response->get_error_message(); - error_log($error_message); // redirect user with error code - wp_safe_redirect($user_redirect . "?message=wp_error_affinidi_login"); + wp_safe_redirect(add_query_arg(array('message' => 'affinidi_login_failed'), esc_url($user_redirect))); exit; } $tokens = json_decode(wp_remote_retrieve_body($response)); if (isset($tokens->error)) { - // log error description on server side - $log_message = "Affinidi Login: error={$tokens->error}&error_description={$tokens->error_description}".PHP_EOL; - error_log($log_message); // redirect user with error code - wp_safe_redirect($user_redirect . "?message=affinidi_login_failed&error={$tokens->error}"); + wp_safe_redirect(add_query_arg(array('message' => 'affinidi_login_failed'), esc_url($user_redirect))); exit; } - - $access_token = $tokens->access_token; + // parse ID Token from Affinidi Login response $id_token = $tokens->id_token; $info = json_decode(base64_decode(str_replace('_', '/', str_replace('-', '+', explode('.', $id_token)[1]))), true); // extract user info - $userInfo = extract_user_info($info); + $userInfo = $idtoken_parser->extract_user_info($info); // extract contact info - $contactInfo = extract_contact_info($info); + $contactInfo = $idtoken_parser->extract_contact_info($info); $user_id = null; if (email_exists($userInfo['email']) == false) { - if (wp_users_can_signup() == 0) { - wp_safe_redirect(home_url() . '?message=affinidi_login_only'); + if (affinidi_login_users_can_signup()) { + wp_safe_redirect(add_query_arg(array('message' => 'affinidi_login_only'), esc_url($user_redirect))); exit; } @@ -144,20 +149,31 @@ $random_password = wp_generate_password($length = 16, $extra_special_chars = true); $user_data = [ 'user_email' => $userInfo['email'], - 'user_login' => $userInfo['email'], // default to mail if not present + 'user_login' => $userInfo['email'], // default to mail 'user_pass' => $random_password, 'last_name' => $userInfo['last_name'], - 'first_name' => $userInfo['first_name'], + 'first_name' => $userInfo['first_name'], 'display_name' => (!empty($userInfo['display_name']) ? $userInfo['display_name'] : $userInfo['email']) // default to mail if not present ]; $user_id = wp_insert_user($user_data); - // set Billing and Shipping Address from Vault - sync_address_info($user_id, $userInfo, $contactInfo, true); + if (empty($user_id)) { + // redirect user with error code + wp_safe_redirect(add_query_arg(array('message' => 'affinidi_login_failed'), esc_url($user_redirect))); + exit; + } + + if (affinidi_login_wc_active()) { + // instantiate WC Affinidi Login + $affinidi_login_wc = new Affinidi_Login_WooCommerce($admin_options); + // set Billing and Shipping Address from Vault + $affinidi_login_wc->sync_customer_info($user_id, $userInfo, $contactInfo, true); + } + // Trigger new user created action so that there can be modifications to what happens after the user is created. // This can be used to collect other information about the user. - do_action('affinidi_user_created', $info, 1); + do_action('affinidi_user_created', $userInfo, 1); } else { // Already Registered... Log the User In using ID or Email @@ -168,22 +184,32 @@ * we should check the user by email. This may be the case when the users are preregistered outside of OAuth */ if (!$user) { - // Get the user by name + // Get the user by email using login $user = get_user_by('login', $userInfo['email']); } + if (!$user) { + // redirect user with error code + wp_safe_redirect(add_query_arg(array('message' => 'affinidi_login_failed'), esc_url($user_redirect))); + exit; + } + $user_id = $user->ID; - // sync the address from Vault - sync_address_info($user_id, $userInfo, $contactInfo, false); + if (affinidi_login_wc_active()) { + // instantiate WC Affinidi Login + $affinidi_login_wc = new Affinidi_Login_WooCommerce($admin_options); + // set Billing and Shipping Address from Vault + $affinidi_login_wc->sync_customer_info($user_id, $userInfo, $contactInfo, false); + } // Trigger action when a user is logged in. // This will help allow extensions to be used without modifying the core plugin. - do_action('affinidi_user_login', $info, 1); + do_action('affinidi_user_login', $userInfo, 1); } // Did we retrieved or created the user successfully? - if ($user_id) { + if (!empty($user_id)) { // set current user session wp_clear_auth_cookie(); wp_set_current_user($user_id); @@ -195,6 +221,3 @@ } } } - - - diff --git a/includes/wp-affinidi-login-idtoken.php b/includes/wp-affinidi-login-idtoken.php new file mode 100644 index 0000000..06776c1 --- /dev/null +++ b/includes/wp-affinidi-login-idtoken.php @@ -0,0 +1,64 @@ +extract_claim($info, 'email'); + $firstName = $this->extract_claim($info, 'given_name'); + $lastName = $this->extract_claim($info, 'family_name'); + $displayName = trim("{$firstName} {$lastName}"); + + return array( + 'email' => $email, + 'first_name' => $firstName, + 'last_name' => $lastName, + 'display_name' => $displayName + ); + + } + + public function extract_contact_info($info) + { + // get list of countries for transformation + include_once(AFFINIDI_PLUGIN_DIR . '/templates/countries-list.php'); + // extract user info + $streetAddress = $this->extract_claim($info['address'], 'street_address'); + $locality = $this->extract_claim($info['address'], 'locality'); + $region = $this->extract_claim($info['address'], 'region'); + $postalCode = $this->extract_claim($info['address'], 'postal_code'); + $country = $this->extract_claim($info['address'], 'country'); + $phoneNumber = $this->extract_claim($info, 'phone_number'); + + // get the country code + $country = sanitize_text_field(array_search($country, $countries_list)); + + return array( + 'address_1' => $streetAddress, + 'city' => $locality, + 'state' => $region, + 'postcode' => $postalCode, + 'country' => $country, + 'phone' => $phoneNumber + ); + } + +} \ No newline at end of file diff --git a/includes/wp-affinidi-login-rewrites.php b/includes/wp-affinidi-login-rewrites.php index 4b33417..5bf1e8e 100644 --- a/includes/wp-affinidi-login-rewrites.php +++ b/includes/wp-affinidi-login-rewrites.php @@ -7,8 +7,16 @@ * Class Rewrites * */ -class WP_Affinidi_Login_Rewrites +class Affinidi_Login_Rewrites { + + private $admin_options; + + public function __construct(Affinidi_Login_Admin_Options $admin_options) + { + $this->admin_options = new Affinidi_Login_Admin_Options(); + } + public function create_rewrite_rules($rules): array { global $wp_rewrite; @@ -33,10 +41,9 @@ public function flush_rewrite_rules() } public function template_redirect_intercept(): void - { + { global $wp_query; - $auth = $wp_query->get('auth'); - $options = get_option('affinidi_options'); + $auth = sanitize_text_field($wp_query->get('auth')); if ($auth !== '') { // affinidi will add another ? to the uri, this will make the value of auth like this : affinidi?code=c9550137370a99bc2137 @@ -53,7 +60,7 @@ public function template_redirect_intercept(): void } global $pagenow; - $message = $wp_query->get('message'); + $message = sanitize_text_field($wp_query->get('message')); if ($pagenow == 'index.php' && isset($message)) { require_once(AFFINIDI_PLUGIN_DIR . '/templates/wp-affinidi-login-error-msg.php'); } @@ -65,7 +72,8 @@ public function template_redirect_intercept(): void } } -$rewrites = new WP_Affinidi_Login_Rewrites(); +$rewrites = new Affinidi_Login_Rewrites(new Affinidi_Login_Admin_Options()); + add_filter('rewrite_rules_array', [$rewrites, 'create_rewrite_rules']); add_filter('query_vars', [$rewrites, 'add_query_vars']); add_filter('wp_loaded', [$rewrites, 'flush_rewrite_rules']); diff --git a/includes/wp-affinidi-login-wc.php b/includes/wp-affinidi-login-wc.php new file mode 100644 index 0000000..b84b1d7 --- /dev/null +++ b/includes/wp-affinidi-login-wc.php @@ -0,0 +1,103 @@ +admin_options = $options; + } + + function set_wc_billing_address(& $customer, $userInfo, $contactInfo) + { + // set billing info + $customer->set_billing_first_name($userInfo['first_name']); + $customer->set_billing_last_name($userInfo['last_name']); + $customer->set_billing_email($userInfo['email']); + $customer->set_billing_phone($contactInfo['phone']); + + $customer->set_billing_address($contactInfo['address_1']); + $customer->set_billing_city($contactInfo['city']); + $customer->set_billing_state($contactInfo['state']); + $customer->set_billing_postcode($contactInfo['postcode']); + $customer->set_billing_country($contactInfo['country']); + } + + function set_wc_shipping_address(& $customer, $userInfo, $contactInfo) + { + // set billing info + $customer->set_shipping_first_name($userInfo['first_name']); + $customer->set_shipping_last_name($userInfo['last_name']); + $customer->set_shipping_phone($contactInfo['phone']); + + $customer->set_shipping_address($contactInfo['address_1']); + $customer->set_shipping_city($contactInfo['city']); + $customer->set_shipping_state($contactInfo['state']); + $customer->set_shipping_postcode($contactInfo['postcode']); + $customer->set_shipping_country($contactInfo['country']); + } + + public function sync_customer_info($customerId, $userInfo, $contactInfo, $isSignup) + { + // Get the WC_Customer instance object from user ID + $customer = new WC_Customer( $customerId ); + + // sync address info from Vault + if ($isSignup || $this->admin_options->ecommerce_sync_address_info != "billing") { + $this->set_wc_billing_address($customer, $userInfo, $contactInfo); + $this->set_wc_shipping_address($customer, $userInfo, $contactInfo); + } else { + $this->set_wc_billing_address($customer, $userInfo, $contactInfo); + } + + // save customer data + $customer->save(); + + } + + public function filter_affinidi_login_wc_login() + { + $affinidi_login_form_button = sprintf( + '
+
+
%s
+
', + esc_html($this->admin_options->affinidi_login_loginform_header), + affinidi_login_button_shortcode() + ); + + echo wp_kses_post($affinidi_login_form_button); + } + + public function filter_affinidi_login_wc_registration() + { + $affinidi_login_form_button = sprintf( + '
+
+
%s
+
', + esc_html($this->admin_options->affinidi_login_regform_header), + affinidi_login_button_shortcode() + ); + + echo wp_kses_post($affinidi_login_form_button); + } + + public function filter_display_affinidi_login_button() + { + if ($this->admin_options->ecommerce_show_al_button == "") { + // do nothing + return; + } + + $login_button_position = $this->admin_options->ecommerce_show_al_button == 'top_form' ? 'woocommerce_login_form_start' : 'woocommerce_login_form_end'; + $reg_button_position = $this->admin_options->ecommerce_show_al_button == 'top_form' ? 'woocommerce_register_form_start' : 'woocommerce_register_form_end'; + + add_filter( $login_button_position, array($this, 'filter_affinidi_login_wc_login') ); + add_filter( $reg_button_position, array($this, 'filter_affinidi_login_wc_registration') ); + } +} diff --git a/readme.txt b/readme.txt index d98a542..e0e6674 100644 --- a/readme.txt +++ b/readme.txt @@ -2,7 +2,7 @@ Contributors: affinidi Tags: authentication, passwordless, multi-factor, sso, ecommerce Requires at least: 6.4 -Tested up to: 6.4 +Tested up to: 6.5 Requires PHP: 7.4 Stable tag: 1.1.0 License: MIT diff --git a/templates/wp-affinidi-login-error-msg.php b/templates/wp-affinidi-login-error-msg.php index d69cfbc..257aecb 100644 --- a/templates/wp-affinidi-login-error-msg.php +++ b/templates/wp-affinidi-login-error-msg.php @@ -13,8 +13,16 @@ $alert_message = 'For security reasons, this user can not use Single Sign On.'; } -if (!empty($alert_message)) : ?> -
-

Please try again'?>

-
- +if (!empty($alert_message)) { + // display error message + $alert_message_html = sprintf( + '
+

%s Please try again

+
', + esc_html($alert_message), + esc_url(site_url('?auth=affinidi')), + + ); + + echo wp_kses_post($alert_message_html); +} diff --git a/wp-affinidi-login.php b/wp-affinidi-login.php index 74e32b9..7c70e29 100644 --- a/wp-affinidi-login.php +++ b/wp-affinidi-login.php @@ -20,6 +20,7 @@ * Description: A paradigm shift in the registration and sign-in process, Affinidi Login is a game-changing solution for developers. With our revolutionary passwordless authentication solution your user's first sign-in doubles as their registration, and all the necessary data for onboarding can be requested during this streamlined sign-in/signup process. End users are in full control, ensuring that they consent to the information shared in a transparent and user-friendly manner. This streamlined approach empowers developers to create efficient user experiences with data integrity, enhanced security and privacy, and ensures compatibility with industry standards. * Version: 1.1.0 * Requires at least: 6.4 + * Tested up to: 6.5 * Requires PHP: 7.4 * Author: Affinidi * Author URI: https://affinidi.com @@ -38,31 +39,13 @@ // Require the main plugin class require_once(AFFINIDI_PLUGIN_DIR . 'Affinidi.php'); -add_action('wp_loaded', 'affinidi_register_files'); - -function affinidi_register_files() -{ - // Register a CSS stylesheet. - wp_register_style('affinidi_admin', plugins_url('/assets/css/affinidi-login.css', __FILE__), array(), '1.0.0'); - // Register a new script. - wp_register_script('affinidi_admin', plugins_url('/assets/js/affinidi-login.js', __FILE__), array(), '1.0.0', false); -} - -add_action('admin_head', 'affinidi_register_admin_files'); - -function affinidi_register_admin_files() -{ - // Register a CSS stylesheet. - $styleUrl = plugins_url('/assets/css/admin.css', __FILE__); - echo "\n"; - // Register a new script. - $jsUrl = plugins_url('/assets/js/admin.js', __FILE__); - echo "\n"; -} - $affinidi = new Affinidi(); + add_action('admin_menu', [$affinidi, 'plugin_init']); -add_action('wp_enqueue_scripts', [$affinidi, 'wp_enqueue']); +add_action( 'admin_enqueue_scripts', [$affinidi, 'affinidi_login_enqueue_admin_scripts'] ); +add_action( 'wp_enqueue_scripts', [$affinidi, 'affinidi_login_enqueue_fe_scripts'] ); +add_action( 'login_enqueue_scripts', [$affinidi, 'affinidi_login_enqueue_fe_scripts'] ); add_action('wp_logout', [$affinidi, 'logout']); + register_activation_hook(__FILE__, [$affinidi, 'setup']); register_activation_hook(__FILE__, [$affinidi, 'upgrade']);