diff --git a/WP_Auth0.php b/WP_Auth0.php index 47ac436f..4d4505cb 100644 --- a/WP_Auth0.php +++ b/WP_Auth0.php @@ -490,6 +490,15 @@ function get_auth0_curatedBlogName() { $name = get_bloginfo( 'name' ); + // WordPress can have a blank site title, which will cause initial client creation to fail + if ( empty( $name ) ) { + $name = parse_url( home_url(), PHP_URL_HOST ); + + if ( $port = parse_url( home_url(), PHP_URL_PORT ) ) { + $name .= ':' . $port; + } + } + $name = preg_replace("/[^A-Za-z0-9 ]/", '', $name); $name = preg_replace("/\s+/", ' ', $name); $name = str_replace(" ", "-", $name); diff --git a/lib/WP_Auth0_Api_Client.php b/lib/WP_Auth0_Api_Client.php index 7e9708dc..30c4e49b 100755 --- a/lib/WP_Auth0_Api_Client.php +++ b/lib/WP_Auth0_Api_Client.php @@ -2,6 +2,8 @@ class WP_Auth0_Api_Client { + const DEFAULT_CLIENT_ALG = 'RS256'; + private static $connect_info = null; /** @@ -428,40 +430,57 @@ public static function get_client( $app_token, $client_id ) { return json_decode( $response['body'] ); } + /** + * Create a new client for the WordPress site + * + * @see https://auth0.com/docs/clients/client-settings/regular-web-app + * @see https://auth0.com/docs/api/management/v2#!/Clients/post_clients + * + * @param string $domain - domain to use with the app_token provided + * @param string $app_token - app token for the Management API + * @param string $name - name of the new client + * + * @return bool|object|array + */ public static function create_client( $domain, $app_token, $name ) { - $endpoint = "https://$domain/api/v2/clients"; - - $headers = self::get_info_headers(); + $options = WP_Auth0_Options::Instance(); - $headers['Authorization'] = "Bearer $app_token"; - $headers['content-type'] = "application/json"; + $payload = array( + 'name' => $name, + 'app_type' => 'regular_web', + + 'callbacks' => array( + $options->get_wp_auth0_url(), + wp_login_url() + ), + + // Web origins do not take into account the path + 'web_origins' => $options->get_web_origins(), + + // Force SSL, will not work without it + 'cross_origin_loc' => $options->get_cross_origin_loc(), + 'cross_origin_auth' => true, + + // A set of URLs that are valid to redirect to after logout from Auth0 + 'allowed_logout_urls' => array( + $options->get_logout_url(), + home_url(), + ), + + 'grant_types' => self::get_client_grant_types(), + 'jwt_configuration' => array( + 'alg' => self::DEFAULT_CLIENT_ALG + ), + ); - $response = wp_remote_post( $endpoint , array( - 'method' => 'POST', - 'headers' => $headers, - 'body' => json_encode( array( - 'name' => $name, - 'callbacks' => array( - site_url( 'index.php?auth0=1' ), - wp_login_url() - ), - "allowed_origins"=>array( - wp_login_url() - ), - "jwt_configuration" => array( - "alg" => "RS256" - ), - "app_type" => "regular_web", - "grant_types" => self::get_client_grant_types(), - "cross_origin_auth" => true, - "cross_origin_loc" => site_url('index.php?auth0fallback=1','https'), - "allowed_logout_urls" => array( wp_logout_url() ), - ) ) - ) ); + $response = wp_remote_post( self::get_endpoint( 'api/v2/clients', $domain ), array( + 'headers' => self::get_headers( $app_token ), + 'body' => json_encode( $payload ) + ) ); if ( $response instanceof WP_Error ) { - WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__, $response ); + WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__, $response->get_error_message() ); error_log( $response->get_error_message() ); return false; } @@ -472,21 +491,7 @@ public static function create_client( $domain, $app_token, $name ) { return false; } - $response = json_decode( $response['body'] ); - - // Workaround: Can't add `web_origin` on create - $payload = array( - "web_origins" => ( home_url() === site_url() ? array( home_url() ) : array( home_url(), site_url() ) ) - ); - $updateResponse = WP_Auth0_Api_Client::update_client($domain, $app_token, $response->client_id, false, $payload); - - if ( $updateResponse instanceof WP_Error ) { - WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__, $updateResponse ); - error_log( $updateResponse->get_error_message() ); - return false; - } - - return $response; + return json_decode( $response['body'] ); } public static function search_clients( $domain, $app_token ) { @@ -661,11 +666,6 @@ public static function create_client_grant( $app_token, $client_id ) { return false; } - WP_Auth0_ErrorManager::insert_auth0_error( - __METHOD__, - 'Client Grant has been successfully created!' - ); - return json_decode( $response['body'] ); } diff --git a/lib/WP_Auth0_DBManager.php b/lib/WP_Auth0_DBManager.php index b453574c..81359517 100644 --- a/lib/WP_Auth0_DBManager.php +++ b/lib/WP_Auth0_DBManager.php @@ -145,9 +145,9 @@ public function install_db( $version_to_install = null, $app_token = '' ) { // Update Client if (!empty($client_id) && !empty($domain)) { $payload = array( - "cross_origin_auth" => true, - "cross_origin_loc" => site_url('index.php?auth0fallback=1','https'), - "web_origins" => ( home_url() === site_url() ? array( home_url() ) : array( home_url(), site_url() ) ) + 'cross_origin_auth' => true, + 'cross_origin_loc' => $options->get_cross_origin_loc(), + 'web_origins' => $options->get_web_origins(), ); WP_Auth0_Api_Client::update_client($domain, $app_token, $client_id, $sso, $payload); $options->set('client_signing_algorithm', 'HS256'); @@ -199,14 +199,14 @@ public function install_db( $version_to_install = null, $app_token = '' ) { $payload = array( 'app_type' => 'regular_web', 'callbacks' => array( - site_url( 'index.php?auth0=1' ), + $options->get_wp_auth0_url(), wp_login_url() ), // Duplicate of DB version 15 upgrade to account for site_url() changes 'cross_origin_auth' => true, - 'cross_origin_loc' => site_url('index.php?auth0fallback=1','https'), - 'web_origins' => ( home_url() === site_url() ? array( home_url() ) : array( home_url(), site_url() ) ), + 'cross_origin_loc' => $options->get_cross_origin_loc(), + 'web_origins' => $options->get_web_origins(), ); // Update the WP-created client @@ -221,6 +221,14 @@ public function install_db( $version_to_install = null, $app_token = '' ) { if ( $client_grant_created ) { delete_option( 'wp_auth0_client_grant_failed' ); update_option( 'wp_auth0_client_grant_success', 1 ); + + if ( 409 !== $client_grant_created[ 'statusCode' ] ) { + WP_Auth0_ErrorManager::insert_auth0_error( + __METHOD__, + 'Client Grant has been successfully created!' + ); + } + } else { WP_Auth0_ErrorManager::insert_auth0_error( __METHOD__, sprintf( __( 'Unable to automatically create Client Grant. Please go to your Auth0 Dashboard ' diff --git a/lib/WP_Auth0_Lock10_Options.php b/lib/WP_Auth0_Lock10_Options.php index 92252a9b..919768e1 100644 --- a/lib/WP_Auth0_Lock10_Options.php +++ b/lib/WP_Auth0_Lock10_Options.php @@ -34,8 +34,7 @@ public function get_lock_show_method() { public function get_code_callback_url() { $protocol = $this->_get_boolean( $this->wp_options->get( 'force_https_callback' ) ) ? 'https' : null; - - return site_url( 'index.php?auth0=1', $protocol ); + return $this->wp_options->get_wp_auth0_url( $protocol ); } public function get_implicit_callback_url() { diff --git a/lib/WP_Auth0_Lock_Options.php b/lib/WP_Auth0_Lock_Options.php index 1971bac9..dec1a920 100644 --- a/lib/WP_Auth0_Lock_Options.php +++ b/lib/WP_Auth0_Lock_Options.php @@ -33,9 +33,8 @@ public function get_lock_show_method() { } public function get_code_callback_url() { - $protocol = $this->_get_boolean( $this->wp_options->get( 'force_https_callback' ) ) ? 'https' : null; - - return site_url( 'index.php?auth0=1', $protocol ); + $protocol = $this->_get_boolean( $this->wp_options->get( 'force_https_callback' ) ) ? 'https' : null; + return $this->wp_options->get_wp_auth0_url( $protocol ); } public function get_implicit_callback_url() { diff --git a/lib/WP_Auth0_Options.php b/lib/WP_Auth0_Options.php index 45b5b9d0..82bcc023 100755 --- a/lib/WP_Auth0_Options.php +++ b/lib/WP_Auth0_Options.php @@ -44,7 +44,7 @@ public function get_default($key) { } public function get_client_signing_algorithm() { - $client_signing_algorithm = $this->get('client_signing_algorithm', 'RS256'); + $client_signing_algorithm = $this->get('client_signing_algorithm', WP_Auth0_Api_Client::DEFAULT_CLIENT_ALG); return $client_signing_algorithm; } @@ -81,7 +81,54 @@ public function convert_client_secret_to_key( $secret, $is_encoded, $is_RS256, $ return $is_encoded ? JWT::urlsafeB64Decode( $secret ) : $secret; } } - + + /** + * Get web_origin settings for new Clients + * + * @return array + */ + public function get_web_origins() { + $home_url_parsed = parse_url( home_url() ); + $home_url_origin = str_replace( $home_url_parsed[ 'path' ], '', home_url() ); + + $site_url_parsed = parse_url( site_url() ); + $site_url_origin = str_replace( $site_url_parsed[ 'path' ], '', site_url() ); + + return $home_url_origin === $site_url_origin + ? array( $home_url_origin ) + : array( $home_url_origin, $site_url_origin ); + } + + /** + * Get the main site URL for Auth0 processing + * + * @param string|null $protocol - forced URL protocol, use default if empty + * + * @return string + */ + public function get_wp_auth0_url( $protocol = null ) { + $site_url = site_url( 'index.php', $protocol ); + return add_query_arg( 'auth0', '1', $site_url ); + } + + /** + * Get get_cross_origin_loc URL for new Clients + * + * @return string + */ + public function get_cross_origin_loc() { + return add_query_arg( 'auth0fallback', '1', site_url( 'index.php', 'https' ) ); + } + + /** + * Get the main site logout URL, minus a nonce + * + * @return string + */ + public function get_logout_url() { + return add_query_arg( 'action', 'logout', site_url( 'wp-login.php', 'login' ) ); + } + protected function defaults() { return array( 'version' => 1, @@ -91,7 +138,7 @@ protected function defaults() { 'auto_login_method' => '', 'client_id' => '', 'client_secret' => '', - 'client_signing_algorithm' => 'RS256', + 'client_signing_algorithm' => WP_Auth0_Api_Client::DEFAULT_CLIENT_ALG, 'cache_expiration' => 1440, 'client_secret_b64_encoded' => null, 'domain' => '', diff --git a/lib/WP_Auth0_Routes.php b/lib/WP_Auth0_Routes.php index 71ec161f..a92c6437 100755 --- a/lib/WP_Auth0_Routes.php +++ b/lib/WP_Auth0_Routes.php @@ -58,7 +58,8 @@ protected function coo_fallback() { $cdn = $this->a0_options->get( 'auth0js-cdn' ); $client_id = $this->a0_options->get( 'client_id' ); $domain = $this->a0_options->get( 'domain' ); - $redirect_uri = site_url( 'index.php?auth0=1', $this->a0_options->get( 'force_https_callback' ) ); + $protocol = $this->a0_options->get( 'force_https_callback', FALSE ) ? 'https' : null; + $redirect_uri = $this->a0_options->get_wp_auth0_url( $protocol ); echo <<