Merge pull request #151 from auth0/dev

V2.1

WP_Auth0.php

@@ -2,7 +2,7 @@
 /**
  * Plugin Name: Auth0 for WordPress
  * Description: Implements the Auth0 Single Sign On solution into Wordpress
- * Version: 2.0.3
+ * Version: 2.0.4
  * Author: Auth0
  * Author URI: https://auth0.com
  */
@@ -12,7 +12,7 @@
 define( 'WPA0_PLUGIN_URL', trailingslashit( plugin_dir_url( __FILE__ ) ) );
 define( 'WPA0_LANG', 'wp-auth0' );
 define( 'AUTH0_DB_VERSION', 4 );
-define( 'WPA0_VERSION', '2.0.3' );
+define( 'WPA0_VERSION', '2.1.0' );
 
 /**
  * Main plugin class

assets/css/login.css

@@ -64,6 +64,7 @@ body.a0-widget-open>* {
     fill: #bbb;
 }
 
+#registerform,
 #loginform,
 #login #nav,
 .woocommerce-checkout .woocommerce-info,

lib/WP_Auth0_Api_Client.php

@@ -521,6 +521,35 @@ public static function delete_connection($domain, $app_token, $id) {
 		return json_decode($response['body']);
 	}
 
+	public static function delete_user_mfa($domain, $app_token, $user_id, $provider) {
+
+		$endpoint = "https://$domain/api/v2/users/$user_id/multifactor/$provider";
+
+		$headers = self::get_info_headers();
+
+		$headers['Authorization'] = "Bearer $app_token";
+		$headers['content-type'] = "application/json";
+
+		$response = wp_remote_post( $endpoint  , array(
+			'method' => 'DELETE',
+			'headers' => $headers
+		) );
+
+		if ( $response instanceof WP_Error ) {
+			WP_Auth0_ErrorManager::insert_auth0_error( 'WP_Auth0_Api_Client::delete_user_mfa', $response );
+			error_log( $response->get_error_message() );
+			return false;
+		}
+
+		if ( $response['response']['code'] != 204 ) {
+			WP_Auth0_ErrorManager::insert_auth0_error( 'WP_Auth0_Api_Client::delete_user_mfa', $response['body'] );
+			error_log( $response['body'] );
+			return false;
+		}
+
+		return json_decode($response['body']);
+	}
+
 	public static function update_user($domain, $app_token, $id, $payload) {
 		$endpoint = "https://$domain/api/v2/users/$id";
 
@@ -552,6 +581,36 @@ public static function update_user($domain, $app_token, $id, $payload) {
 		return json_decode($response['body']);
 	}
 
+	public static function change_password($domain, $payload) {
+		$endpoint = "https://$domain/dbconnections/change_password";
+
+		$headers = self::get_info_headers();
+
+		$headers['content-type'] = "application/json";
+
+		$response = wp_remote_post( $endpoint  , array(
+			'method' => 'POST',
+			'headers' => $headers,
+			'body' => json_encode($payload)
+		) );
+
+		if ( $response instanceof WP_Error ) {
+			WP_Auth0_ErrorManager::insert_auth0_error( 'WP_Auth0_Api_Client::change_password', $response );
+			error_log( $response->get_error_message() );
+			return false;
+		}
+
+		if ( $response['response']['code'] != 200 ) {
+			WP_Auth0_ErrorManager::insert_auth0_error( 'WP_Auth0_Api_Client::change_password', $response['body'] );
+			error_log( $response['body'] );
+			return false;
+		}
+
+		if ( $response['response']['code'] >= 300 ) return false;
+
+		return json_decode($response['body']);
+	}
+
 	public static function link_users($domain, $app_token, $main_user_id, $user_id, $provider, $connection_id = null) {
 		$endpoint = "https://$domain/api/v2/users/$main_user_id/identities";
 
@@ -619,6 +678,8 @@ public static function GetConsentScopestoShow() {
 		foreach ($grouped as $resource => $actions) {
 			$str = "";
 
+			sort($actions);
+
 			for($a = 0; $a < count($actions); $a++) {
 				if ($a > 0) {
 					if ($a === count($actions) - 1) {

lib/WP_Auth0_EditProfile.php

@@ -15,11 +15,165 @@ public function init() {
 
     add_action( 'personal_options_update', array( $this, 'override_email_update' ), 1 );
 
-    if ( $pagenow == 'profile.php' ) {
+    add_action( 'edit_user_profile', array( $this, 'show_delete_mfa' ));
+    add_action( 'show_user_profile', array( $this, 'show_delete_mfa' ));
+
+    add_action( 'wp_ajax_auth0_delete_mfa', array( $this, 'delete_mfa' ) );
+
+    add_action( 'show_user_profile', array( $this, 'show_change_password' ));
+    add_action( 'personal_options_update', array( $this, 'update_change_password' ) );
+    add_filter( 'user_profile_update_errors', array( $this, 'validate_new_password' ), 10, 3);
+
+    if ( $pagenow == 'profile.php' || $pagenow == 'user-edit.php' ) {
       add_action( 'admin_footer', array( $this, 'disable_email_field' ) );
     }
   }
 
+  public function validate_new_password($errors, $update, $user){
+    $auth0_password = $_POST['auth0_password'];
+    $auth0_repeat_password = $_POST['auth0_repeat_password'];
+
+    if (empty($auth0_password)) {
+      $errors->add( 'auth0_password', __('<strong>ERROR</strong>: The password can not be empty'), array( 'form-field' => 'auth0_password' ) );
+    }
+    if ($auth0_password != $auth0_repeat_password) {
+      $errors->add( 'auth0_password', __('<strong>ERROR</strong>: The password does not match'), array( 'form-field' => 'auth0_password' ) );
+    }
+  }
+
+
+  public function update_change_password() { 
+    $user_profiles = $this->db_manager->get_current_user_profiles();
+
+    if (empty($user_profiles)) return;
+
+    $auth0_password = $_POST['auth0_password'];
+    $auth0_repeat_password = $_POST['auth0_repeat_password'];
+
+    if (empty($auth0_password) || $auth0_password == $auth0_repeat_password) {
+      $domain = $this->a0_options->get('domain');
+      $client_id = $this->a0_options->get('client_id');
+
+      $user_profile = $user_profiles[0];
+      $connection = null;
+      $email = null;
+
+      foreach ($user_profile->identities as $identity) {
+        if ($identity->provider === 'auth0') {
+          $connection = $identity->connection;
+          if (isset($identity->email)) {
+            $email = $identity->email;
+          } else {
+            $email = $user_profile->email;
+          }
+        }
+      }
+
+      WP_Auth0_Api_Client::change_password($domain, array(
+        'client_id' => $client_id,
+        'email' => $user_profile->email,
+        'password' => $auth0_password,
+        'connection' => $connection
+      ));
+    }
+  }
+
+  public function delete_mfa() { 
+    if ( ! is_admin() ) return;
+
+    $user_id = $_POST["user_id"];
+
+    $users = $this->db_manager->get_auth0_users(array($user_id));
+    if (empty($users)) return;
+
+    $user_id = $users[0]->auth0_id;
+
+    $provider = 'google-authenticator';
+    $domain = $this->a0_options->get('domain');
+    $app_token = $this->a0_options->get('auth0_app_token');
+
+    WP_Auth0_Api_Client::delete_user_mfa($domain, $app_token, $user_id, $provider);
+  }
+
+  public function show_delete_mfa() {
+    if ( ! is_admin() ) return;
+    if ( ! $this->a0_options->get('mfa') ) return;
+
+    ?>
+    <table class="form-table">
+    <tr>
+      <th>
+        <label><?php _e('Delete MFA Provider'); ?></label>
+      </th>
+      <td>
+        <input type="button" onclick="DeleteMFA(event);" name="auth0_delete_mfa" id="auth0_delete_mfa" value="Delete MFA" class="button button-secondary" />
+      </td>
+    </tr>
+    </table>
+    <script>
+    function DeleteMFA(event) {
+      event.preventDefault();
+
+      var data = {
+        'action': 'auth0_delete_mfa',
+        'user_id': '<?php echo $_GET['user_id']; ?>'
+      };
+
+      jQuery('#auth0_delete_mfa').attr('disabled', 'true');
+
+      jQuery.post('<?php echo admin_url( 'admin-ajax.php' ); ?>', data, function(response) {
+
+        jQuery('#auth0_delete_mfa').val('Done!').attr('disabled', 'true');
+
+      }, 'json');
+
+    }
+  </script>
+
+  <?php
+  }
+
+  public function show_change_password() { 
+    $user_profiles = $this->db_manager->get_current_user_profiles();
+
+    if (empty($user_profiles)) return;
+
+    $user_profile = $user_profiles[0];
+    $connection = null;
+
+    foreach ($user_profile->identities as $identity) {
+      if ($identity->provider === 'auth0') {
+        $connection = $identity->connection;
+      }
+    }
+
+    if ($connection === null) return;
+  ?>
+    <script>
+      jQuery('.wp-pwd').parent().parent().hide();
+    </script>
+    <table class="form-table">
+    <tr>
+      <th>
+        <label for="auth0_password"><?php _e('New Password'); ?></label>
+      </th>
+      <td>
+        <input type="password" name="auth0_password" id="auth0_password" value="" class="regular-text" />
+      </td>
+    </tr>
+     <tr>
+      <th>
+        <label for="auth0_repeat_password"><?php _e('Repeat Password'); ?></label>
+      </th>
+      <td>
+        <input type="password" name="auth0_repeat_password" id="auth0_repeat_password" value="" class="regular-text" />
+      </td>
+    </tr>
+
+    </table>
+  <?php
+  }  
+
   public function disable_email_field() {
 
     $user_profiles = $this->db_manager->get_current_user_profiles();

lib/WP_Auth0_Lock_Options.php

@@ -5,6 +5,8 @@ class WP_Auth0_Lock_Options {
     protected $wp_options;
     protected $extended_settings;
 
+    protected $signup_mode = false;
+
     public function __construct($extended_settings = array()) {
         $this->wp_options = WP_Auth0_Options::Instance();
         $this->extended_settings = $extended_settings;
@@ -70,6 +72,10 @@ public function get_auth0_implicit_workflow() {
         return $this->_get_boolean( $this->wp_options->get('auth0_implicit_workflow') );
     }
 
+    public function set_signup_mode($enabled) {
+        $this->signup_mode = $enabled;
+    }
+
     public function is_registration_enabled() {
         return $this->wp_options->is_wp_registration_enabled();
     }
@@ -152,9 +158,12 @@ protected function build_settings( $settings ) {
         if ( $this->_is_valid( $settings, 'lock_connections' ) ) {
             $options_obj['connections'] = explode(",", $settings['lock_connections']);
         }
-		if ( isset( $settings['extra_conf'] ) && trim( $settings['extra_conf'] ) !== '' ) {
-			$extra_conf_arr = json_decode( $settings['extra_conf'], true );
-			$options_obj = array_merge( $extra_conf_arr, $options_obj );
+        if ( isset( $settings['extra_conf'] ) && trim( $settings['extra_conf'] ) !== '' ) {
+            $extra_conf_arr = json_decode( $settings['extra_conf'], true );
+            $options_obj = array_merge( $extra_conf_arr, $options_obj );
+        }
+		if ( $this->signup_mode ) {
+            $options_obj["mode"] = "signup";
 		}
 		return $options_obj;
 	}
@@ -172,8 +181,17 @@ public function get_sso_options() {
             $options["callbackOnLocationHash"] = false;
             $options["callbackURL"] = $this->get_code_callback_url();
         }
+
+        $redirect_to = null; 
+
+        if (isset($_GET['redirect_to'])){
+            $redirect_to = $_GET['redirect_to'];
+        } else {
+            $redirect_to = home_url($_SERVER["REQUEST_URI"]);
+        }
+
         unset($options["authParams"]);
-        $options["state"] = $this->get_state_obj(home_url($_SERVER["REQUEST_URI"]));
+        $options["state"] = $this->get_state_obj($redirect_to);
 
         return $options;
 

lib/WP_Auth0_Options.php

@@ -13,7 +13,10 @@ public static function Instance() {
     protected $options_name = 'wp_auth0_settings';
 
     public function is_wp_registration_enabled()
-    {
+    { 
+        if (is_multisite()) {
+            return users_can_register_signup_filter();
+        }
         return (get_site_option('users_can_register', 0) == 1);
     }
 

lib/WP_Auth0_Options_Generic.php

@@ -10,7 +10,7 @@ public function get_options_name() {
 
     public function get_options(){
         if(empty($this->_opt)){
-            $options = get_site_option( $this->options_name, array());
+            $options = get_option( $this->options_name, array());
 
             if(!is_array($options))
                 $options = $this->defaults();
@@ -35,12 +35,12 @@ public function set( $key, $value ){
         $options[$key] = $value;
         $this->_opt = $options;
 
-        update_site_option( $this->options_name, $options );
+        update_option( $this->options_name, $options );
     }
 
     public function save() {
         $options = $this->get_options();
-        update_site_option( $this->options_name, $options );
+        update_option( $this->options_name, $options );
     }
 
     protected function defaults(){