wenpai.org/wp-content/plugins/single-sign-on-client/includes/actions.php
2024-06-21 23:57:39 +08:00

138 lines
No EOL
4.6 KiB
PHP

<?php
/**
* Plugin Actions
*
* Contains
* - Login Hook: Catches the login and pass and does a user credential check for the login instead of the current WordPress user database.
*/
//add_action( 'wp_authenticate', 'onelogin_client_login_hook', 1 );
function onelogin_client_login_hook( $user ) {
// Hook into the login past generically
if ( ! empty( $_POST['log'] ) && ! empty( $_POST['pwd'] ) && isset( $_POST['wp-submit'] ) && $_POST['wp-submit'] == 'Log In' ) {
/*
* Check if the user is a current site user or not
* @todo This may be an issue and we need to figure out how we are going to handle this properly
*/
//if ( username_exists( sanitize_text_field( $_POST['log'] ) ) ) {
//}
/*
* Get the One Client Configuration
*/
$options = get_option( "wposso_options" );
// Start the One Login Flow here using the credentials of the user.
$curl_post_data = array(
'grant_type' => 'password',
'username' => sanitize_text_field( $_POST['log'] ),
'password' => $_POST['pwd'],
//'client_id' => $client_id,
//'client_secret' => $client_secret
);
/*
* @todo Add the option to do header or URL request. Some servers have issues with allowing header authentication
* @todo Add option to allow insecure connections. This is be discouraged in production. Maybe say Production/Development in the settings instead of secure/insecure?
* @todo Add option to change or add a custom user agent.
*/
$curl = curl_init( $options['server_url'] . '?oauth=token' );
//curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt( $curl, CURLOPT_USERPWD, $options['client_id'] . ':' . $options['client_secret'] );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $curl, CURLOPT_POST, true );
curl_setopt( $curl, CURLOPT_POSTFIELDS, $curl_post_data );
curl_setopt( $curl, CURLOPT_SSL_VERIFYPEER, false );
curl_setopt( $curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 GTB5' );
curl_setopt( $curl, CURLOPT_REFERER, site_url() );
$curl_response = curl_exec( $curl );
curl_close( $curl );
$response = json_decode( $curl_response );
//print_r( $response );
// If the access token is not empty, the login was valid
if ( ! empty( $response->access_token ) ) {
$user_info_request = wp_remote_get( $options['server_url'] . '?oauth=me&access_token=' . $response->access_token, array(
'timeout' => 120,
'httpversion' => '1.1',
'sslverify' => false
) );
$user_info = json_decode( wp_remote_retrieve_body( $user_info_request ) );
$user_id = username_exists( $user_info->user_login );
if ( ! $user_id && email_exists( $user_info->user_email ) == false ) {
// Does not have an account... Register and then log the user in
$random_password = wp_generate_password( $length = 12, $include_standard_special_chars = false );
$user_id = wp_create_user( $user_info->user_login, $random_password, $user_info->user_email );
if ( isset( $user_info->first_name ) ) {
update_user_meta( $user_id, 'first_name', $user_info->first_name );
}
if ( isset( $user_info->last_name ) ) {
update_user_meta( $user_id, 'last_name', $user_info->last_name );
}
do_action( 'onelogin_user_created', $user_info, 1 );
wp_clear_auth_cookie();
wp_set_current_user( $user_id );
wp_set_auth_cookie( $user_id );
if ( is_user_logged_in() ) {
wp_safe_redirect( site_url() );
exit;
}
} else {
// Already Registered... Log the User In
$random_password = __( 'User already exists. Password inherited.' );
$user = get_user_by( 'login', $user_info->user_login );
/*
* Added just in case the user is not used but the email may be. If the user returns false from the user ID,
* we should check the user by email. This may be the case when the users are preregistered outside of OAuth
*/
if ( ! $user ) {
$user = get_user_by( 'email', $user_info->user_email );
}
if ( isset( $user_info->first_name ) ) {
update_user_meta( $user->ID, 'first_name', $user_info->first_name );
}
if ( isset( $user_info->last_name ) ) {
update_user_meta( $user->ID, 'last_name', $user_info->last_name );
}
// User ID 1 is not allowed
if ( '1' === $user->ID ) {
wp_die( 'For security reasons, this user can not use Single Sign On' );
}
do_action( 'onelogin_user_login', $user_info, 1 );
wp_clear_auth_cookie();
wp_set_current_user( $user->ID );
wp_set_auth_cookie( $user->ID );
if ( is_user_logged_in() ) {
wp_safe_redirect( site_url() );
exit;
}
}
}
exit();
}
}