Skip to content

Commit

Permalink
Add /userinfo fallback during login
Browse files Browse the repository at this point in the history 
Some customers are having trouble with the upgrade process in 3.5.2 while others made make changes to their account disabling management API access. This fallback allows user data to be pulled for logging-in users. Also adds requested scopes for auth code login to make this possible.
  • Loading branch information
@joshcanhelp
joshcanhelp committed Apr 10, 2018
1 parent fb23eb3 commit 9850da0
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 40 deletions.
20 changes: 10 additions & 10 deletions lib/WP_Auth0_Api_Client.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,17 +260,17 @@ public static function get_client_token() {
return ! empty( $response->access_token ) ? $response->access_token : '';
}

/**
* @param string $domain - tenant domain
* @param string $access_token - access token with at least `openid` scope
*
* @return array|WP_Error
*/
public static function get_user_info( $domain, $access_token ) {

$endpoint = "https://$domain/";

$headers = self::get_info_headers();
$headers['Authorization'] = "Bearer $access_token";

return wp_remote_get( $endpoint . 'userinfo/' , array(
'headers' => $headers,
) );

return wp_remote_get(
self::get_endpoint( 'userinfo', $domain ),
array( 'headers' => self::get_headers( $access_token ) )
);
}

public static function search_users( $domain, $jwt, $q = "", $page = 0, $per_page = 100, $include_totals = false, $sort = "user_id:1" ) {
Expand Down
5 changes: 4 additions & 1 deletion lib/WP_Auth0_ErrorManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,12 @@ public static function insert_auth0_error( $section, $error ) {
} elseif ( $error instanceof Exception ) {
$code = $error->getCode();
$message = $error->getMessage();
} elseif ( is_array( $error ) && ! empty( $error['response'] ) ) {
$code = ! empty( $error['response']['code'] ) ? $error['response']['code'] : 'N/A';
$message = ! empty( $error['response']['message'] ) ? $error['response']['message'] : 'N/A';
} else {
$code = 'N/A';
$message = $error;
$message = is_object( $error ) || is_array( $error ) ? serialize( $error ) : $error;
}

$log = get_option( 'auth0_error_log' );
Expand Down
10 changes: 4 additions & 6 deletions lib/WP_Auth0_Lock10_Options.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ class WP_Auth0_Lock10_Options {

protected $wp_options;
protected $extended_settings;

protected $#_mode = false;
protected $_scopes = 'openid email name nickname picture';

public function __construct( $extended_settings = array() ) {
$this->wp_options = WP_Auth0_Options::Instance();
Expand Down Expand Up @@ -187,12 +187,11 @@ public function has_custom_#_fields() {
}

public function get_sso_options() {
$options["scope"] = "openid email identities ";
$options["scope"] = $this->_scopes;

if ( $this->get_auth0_implicit_workflow() ) {
$options["responseType"] = 'id_token';
$options["redirectUri"] = $this->get_implicit_callback_url();
$options["scope"] .= "name email picture nickname email_verified";
} else {
$options["responseType"] = 'code';
$options["redirectUri"] = $this->get_code_callback_url();
Expand Down Expand Up @@ -233,11 +232,10 @@ public function get_lock_options() {
),
);

$extraOptions["auth"]["params"]["scope"] = "openid ";
$extraOptions["auth"]["params"]["scope"] = apply_filters( 'auth0_auth_param_scopes', $this->_scopes );

if ( $this->get_auth0_implicit_workflow() ) {
$extraOptions["auth"]["params"]["scope"] .= "name email picture nickname email_verified";
$extraOptions["auth"]["responseType"] = 'token';
$extraOptions["auth"]["responseType"] = 'id_token';
$extraOptions["auth"]["redirectUrl"] = $this->get_implicit_callback_url();
$extraOptions["autoParseHash"] = false;
} else {
Expand Down
12 changes: 7 additions & 5 deletions lib/WP_Auth0_Lock_Options.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,10 +94,12 @@ public function modal_button_name() {
}

public function get_state_obj( $redirect_to = null ) {
$stateObj = array(
'interim' => ( isset( $_GET['interim-login'] ) && $_GET['interim-login'] == 1 ),
'nonce' => WP_Auth0_Nonce_Handler::getInstance()->get()
);
if ( isset( $_GET['interim-login'] ) && $_GET['interim-login'] == 1 ) {
$interim_login = true;
} else {
$interim_login = false;
}
$stateObj = array( "interim" => $interim_login, "uuid" =>uniqid() );
if ( !empty( $redirect_to ) ) {
$stateObj["redirect_to"] = addslashes( $redirect_to );
}
Expand Down Expand Up @@ -155,7 +157,7 @@ protected function build_settings( $settings ) {
$options_obj['icon'] = $settings['icon_url'];
}
if ( $this->_is_valid( $settings, 'lock_connections' ) ) {
$options_obj['connections'] = $this->wp_options->get_lock_connections();
$options_obj['connections'] = explode( ",", $settings['lock_connections'] );
}
if ( isset( $settings['extra_conf'] ) && trim( $settings['extra_conf'] ) !== '' ) {
$extra_conf_arr = json_decode( $settings['extra_conf'], true );
Expand Down
34 changes: 16 additions & 18 deletions lib/WP_Auth0_LoginManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,6 @@ public function init_auth0() {
public function redirect_login() {

$domain = $this->a0_options->get( 'domain' );

$client_id = $this->a0_options->get( 'client_id' );
$client_secret = $this->a0_options->get( 'client_secret' );

Expand Down Expand Up @@ -243,30 +242,29 @@ public function redirect_login() {

// Attempt to authenticate with the Management API
$client_credentials_token = WP_Auth0_Api_Client::get_client_token();
$userinfo_resp = null;
$userinfo_resp_code = $userinfo_resp_body = null;

if ( $client_credentials_token ) {

$userinfo_resp = WP_Auth0_Api_Client::get_user(
$this->a0_options->get( 'domain' ),
$client_credentials_token,
$decoded_token->sub
);
$userinfo_resp = WP_Auth0_Api_Client::get_user( $domain, $client_credentials_token, $decoded_token->sub );
$userinfo_resp_code = (int) wp_remote_retrieve_response_code( $userinfo_resp );
$userinfo_resp_body = wp_remote_retrieve_body( $userinfo_resp );
}

$userinfo_resp_code = (int) wp_remote_retrieve_response_code( $userinfo_resp );
$userinfo_resp_body = wp_remote_retrieve_body( $userinfo_resp );

// Management API call failed
// Management API call failed, fallback to userinfo
if ( 200 !== $userinfo_resp_code || empty( $userinfo_resp_body ) ) {

// TODO: fallback to /userinfo with access token
$userinfo_resp = WP_Auth0_Api_Client::get_user_info( $domain, $data->access_token );
$userinfo_resp_code = (int) wp_remote_retrieve_response_code( $userinfo_resp );
$userinfo_resp_body = wp_remote_retrieve_body( $userinfo_resp );

WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__ . ' => WP_Auth0_Api_Client::get_user()', $userinfo_resp );
throw new WP_Auth0_LoginFlowValidationException(
__( 'Error getting user information', 'wp-auth0' ),
$userinfo_resp_code
);
if ( 200 !== $userinfo_resp_code || empty( $userinfo_resp_body ) ) {

WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__ . ' L:' . __LINE__, $userinfo_resp );
throw new WP_Auth0_LoginFlowValidationException(
__( 'Error getting user information', 'wp-auth0' ),
$userinfo_resp_code
);
}
}

$userinfo = json_decode( $userinfo_resp_body );
Expand Down

0 comments on commit 9850da0

Please # to comment.