Merge pull request #214 from auth0/dev

refactor error handling, fix rules creation with site name, fix SLO

WP_Auth0.php

@@ -137,7 +137,7 @@ function check_signup_status() {
 
 					$operations->disable_signup_wordpress_connection( $app_token, !$is_wp_registration_enabled );
 
-					$rule_name = WP_Auth0_RulesLib::$disable_social_signup['name'];
+					$rule_name = WP_Auth0_RulesLib::$disable_social_signup['name'] . '-' . get_bloginfo('name');
 
 					$rule_script = WP_Auth0_RulesLib::$disable_social_signup['script'];
 					$rule_script = str_replace( 'REPLACE_WITH_YOUR_CLIENT_ID', $this->a0_options->get( 'client_id' ), $rule_script );

lib/WP_Auth0_Api_Client.php

@@ -329,13 +329,13 @@ public static function create_rule( $domain, $app_token, $name, $script, $enable
 			) );
 
 		if ( $response instanceof WP_Error ) {
-			WP_Auth0_ErrorManager::insert_auth0_error( 'WP_Auth0_Api_Client::create_rule', $response );
+			WP_Auth0_ErrorManager::insert_auth0_error( 'WP_Auth0_Api_Client::create_rule ' . $name, $response );
 			error_log( $response->get_error_message() );
 			return false;
 		}
 
 		if ( $response['response']['code'] != 201 ) {
-			WP_Auth0_ErrorManager::insert_auth0_error( 'WP_Auth0_Api_Client::create_rule', $response['body'] );
+			WP_Auth0_ErrorManager::insert_auth0_error( 'WP_Auth0_Api_Client::create_rule ' . $name, $response['body'] );
 			error_log( $response['body'] );
 			return false;
 		}

lib/WP_Auth0_Api_Operations.php

@@ -14,6 +14,7 @@ public function disable_signup_wordpress_connection( $app_token, $disable_signup
 		$connections = WP_Auth0_Api_Client::search_connection( $domain, $app_token, 'auth0' );
 
 		foreach ( $connections as $connection ) {
+
 			if ( in_array( $client_id, $connection->enabled_clients ) ) { 
 				$connection->options->disable_signup = $disable_signup;
 				$connection_id = $connection->id;
@@ -25,6 +26,7 @@ public function disable_signup_wordpress_connection( $app_token, $disable_signup
 				WP_Auth0_Api_Client::update_connection( $domain, $app_token, $connection_id, $connection );
 			}
 		}
+
 	}
 
 	public function update_wordpress_connection( $app_token, $connection_id, $password_policy, $migration_token ) {

lib/WP_Auth0_LoginManager.php

@@ -147,18 +147,28 @@ public function login_auto() {
 	public function init_auth0() {
 		global $wp_query;
 
-		// WP_Auth0_Seeder::get_me(100);
-		// exit;
-
 		if ( $this->query_vars( 'auth0' ) === null ) {
 			return;
 		}
 
-		if ( $this->query_vars( 'auth0' ) === 'implicit' ) {
-			$this->implicit_login();
-		} else {
-			$this->redirect_login();
+		try {
+			if ( $this->query_vars( 'auth0' ) === 'implicit' ) {
+				$this->implicit_login();
+			} else {
+				$this->redirect_login();
+			}	
+		} catch (WP_Auth0_LoginFlowValidationException $e) {
+
+			$msg = __( 'There was a problem with your log in', WPA0_LANG );
+			$msg .= ' '. $e->getMessage();
+			$msg .= '<br/><br/>';
+			$msg .= '<a href="' . wp_login_url() . '">' . __( '← Login', WPA0_LANG ) . '</a>';
+			wp_die( $msg );
+
+		} catch (Exception $e) {
+
 		}
+
 	}
 
 	public function redirect_login() {
@@ -169,19 +179,11 @@ public function redirect_login() {
 		}
 
 		if ( $this->query_vars( 'error_description' ) !== null && $this->query_vars( 'error_description' ) !== '' ) {
-			$msg = __( 'There was a problem with your log in:', WPA0_LANG );
-			$msg .= ' '.$this->query_vars( 'error_description' );
-			$msg .= '<br/><br/>';
-			$msg .= '<a href="' . wp_login_url() . '">' . __( '← Login', WPA0_LANG ) . '</a>';
-			wp_die( $msg );
+			throw new WP_Auth0_LoginFlowValidationException( $this->query_vars( 'error_description' ) );
 		}
 
 		if ( $this->query_vars( 'error' ) !== null && trim( $this->query_vars( 'error' ) ) !== '' ) {
-			$msg = __( 'There was a problem with your log in:', WPA0_LANG );
-			$msg .= ' '.$this->query_vars( 'error' );
-			$msg .= '<br/><br/>';
-			$msg .= '<a href="' . wp_login_url() . '">' . __( '← Login', WPA0_LANG ) . '</a>';
-			wp_die( $msg );
+			throw new WP_Auth0_LoginFlowValidationException( $this->query_vars( 'error' ) );
 		}
 
 		$code = $this->query_vars( 'code' );
@@ -195,13 +197,13 @@ public function redirect_login() {
 		$client_secret = $this->a0_options->get( 'client_secret' );
 
 		if ( empty( $client_id ) ) {
-			wp_die( __( 'Error: Your Auth0 Client ID has not been entered in the Auth0 SSO plugin settings.', WPA0_LANG ) );
+			throw new WP_Auth0_LoginFlowValidationException( __( 'Error: Your Auth0 Client ID has not been entered in the Auth0 SSO plugin settings.', WPA0_LANG ) );
 		}
 		if ( empty( $client_secret ) ) {
-			wp_die( __( 'Error: Your Auth0 Client Secret has not been entered in the Auth0 SSO plugin settings.', WPA0_LANG ) );
+			throw new WP_Auth0_LoginFlowValidationException( __( 'Error: Your Auth0 Client Secret has not been entered in the Auth0 SSO plugin settings.', WPA0_LANG ) );
 		}
 		if ( empty( $domain ) ) {
-			wp_die( __( 'Error: No Domain defined in Wordpress Administration!', WPA0_LANG ) );
+			throw new WP_Auth0_LoginFlowValidationException( __( 'Error: No Domain defined in Wordpress Administration!', WPA0_LANG ) );
 		}
 
 		$response = WP_Auth0_Api_Client::get_token( $domain, $client_id, $client_secret, 'authorization_code', array(
@@ -213,10 +215,8 @@ public function redirect_login() {
 			WP_Auth0_ErrorManager::insert_auth0_error( 'init_auth0_oauth/token', $response );
 
 			error_log( $response->get_error_message() );
-			$msg = __( 'Sorry. There was a problem logging you in.', WPA0_LANG );
-			$msg .= '<br/><br/>';
-			$msg .= '<a href="' . wp_login_url() . '">' . __( '← Login', WPA0_LANG ) . '</a>';
-			wp_die( $msg );
+
+			throw new WP_Auth0_LoginFlowValidationException( $response->get_error_message() );
 		}
 
 		$data = json_decode( $response['body'] );
@@ -233,10 +233,8 @@ public function redirect_login() {
 				WP_Auth0_ErrorManager::insert_auth0_error( 'init_auth0_userinfo', $response );
 
 				error_log( $response->get_error_message() );
-				$msg = __( 'There was a problem with your log in.', WPA0_LANG );
-				$msg .= '<br/><br/>';
-				$msg .= '<a href="' . wp_login_url() . '">' . __( '← Login', WPA0_LANG ) . '</a>';
-				wp_die( $msg );
+
+				throw new WP_Auth0_LoginFlowValidationException( );
 			}
 
 			$userinfo = json_decode( $response['body'] );
@@ -261,9 +259,8 @@ public function redirect_login() {
 			WP_Auth0_ErrorManager::insert_auth0_error( 'init_auth0_oauth/token', $error );
 
 			$msg = __( 'Error: the Client Secret configured on the Auth0 plugin is wrong. Make sure to copy the right one from the Auth0 dashboard.', WPA0_LANG );
-			$msg .= '<br/><br/>';
-			$msg .= '<a href="' . wp_login_url() . '">' . __( '← Login', WPA0_LANG ) . '</a>';
-			wp_die( $msg );
+
+			throw new WP_Auth0_LoginFlowValidationException( $msg );
 		} else {
 			$error = '';
 			$description = '';
@@ -323,14 +320,11 @@ public function implicit_login() {
 			}
 
 		} catch( UnexpectedValueException $e ) {
-
 			WP_Auth0_ErrorManager::insert_auth0_error( 'implicit_login', $e );
 
 			error_log( $e->getMessage() );
-			$msg = __( 'Sorry. There was a problem logging you in.', WPA0_LANG );
-			$msg .= '<br/><br/>';
-			$msg .= '<a href="' . wp_login_url() . '">' . __( '← Login', WPA0_LANG ) . '</a>';
-			wp_die( $msg );
+
+			throw new WP_Auth0_LoginFlowValidationException( );
 		}
 	}
 
@@ -340,13 +334,12 @@ public function login_user( $userinfo, $id_token, $access_token ) {
 		$requires_verified_email = $this->a0_options->get( 'requires_verified_email' );
 		$remember_users_session = $this->a0_options->get( 'remember_users_session' );
 
+
 		if ( ! $this->ignore_unverified_email &&  1 == $requires_verified_email ) {
 			if ( empty( $userinfo->email ) ) {
 				$msg = __( 'This account does not have an email associated, as required by your site administrator.', WPA0_LANG );
-				$msg .= '<br/><br/>';
-				$msg .= '<a href="' . home_url() . '">' . __( '← Go back', WPA0_LANG ) . '</a>';
 
-				wp_die( $msg );
+				throw new WP_Auth0_LoginFlowValidationException( 'PEPE' );
 			}
 
 			if ( ! $userinfo->email_verified ) {
@@ -399,16 +392,9 @@ public function login_user( $userinfo, $id_token, $access_token ) {
 				do_action( 'auth0_user_login' , $user_id, $userinfo, true, $id_token, $access_token );
 			}
 			catch ( WP_Auth0_CouldNotCreateUserException $e ) {
-				$msg = __( 'Error: Could not create user.', WPA0_LANG );
-				$msg = ' ' . $e->getMessage();
-				$msg .= '<br/><br/>';
-				$msg .= '<a href="' . home_url() . '">' . __( '← Go back', WPA0_LANG ) . '</a>';
-				wp_die( $msg );
+				throw new WP_Auth0_LoginFlowValidationException( $e->getMessage() );
 			} catch ( WP_Auth0_RegistrationNotEnabledException $e ) {
-				$msg = __( 'Error: Could not create user. The registration process is not available. Please contact your site’s administrator.', WPA0_LANG );
-				$msg .= '<br/><br/>';
-				$msg .= '<a href="' . home_url() . '">' . __( '← Go back', WPA0_LANG ) . '</a>';
-				wp_die( $msg );
+				throw new WP_Auth0_LoginFlowValidationException( 'Could not create user. The registration process is not available. Please contact your site’s administrator.' );
 			} catch ( WP_Auth0_EmailNotVerifiedException $e ) {
 				$this->dieWithVerifyEmail( $e->userinfo, $e->id_token );
 			}

lib/admin/WP_Auth0_Admin_Features.php

@@ -160,6 +160,7 @@ public function basic_validation( $old_options, $input ) {
 
   public function sso_validation( $old_options, $input ) {
     $input['sso'] = ( isset( $input['sso'] ) ? $input['sso'] : 0 );
+
     if ( $old_options['sso'] != $input['sso'] && 1 == $input['sso'] ) {
       if ( false === WP_Auth0_Api_Client::update_client( $input['domain'], $input['auth0_app_token'], $input['client_id'], $input['sso'] == 1 ) ) {
 

lib/exceptions/WP_Auth0_LoginFlowValidationException.php

@@ -0,0 +1,3 @@
+<?php
+
+class WP_Auth0_LoginFlowValidationException extends Exception {}

lib/initial-setup/WP_Auth0_InitialSetup_Rules.php

@@ -43,15 +43,15 @@ public function callback() {
 
 		$mfa_script = WP_Auth0_RulesLib::$google_MFA['script'];
 		$mfa_script = str_replace( 'REPLACE_WITH_YOUR_CLIENT_ID', $client_id, $mfa_script );
-		$input = $this->rule_validation( $old_options, $input, 'mfa', WP_Auth0_RulesLib::$google_MFA['name'], $mfa_script );
+		$input = $this->rule_validation( $old_options, $input, 'mfa', WP_Auth0_RulesLib::$google_MFA['name'] . '-' . get_bloginfo('name'), $mfa_script );
 
-		$input = $this->rule_validation( $old_options, $input, 'geo_rule', WP_Auth0_RulesLib::$geo['name'], WP_Auth0_RulesLib::$geo['script'] );
+		$input = $this->rule_validation( $old_options, $input, 'geo_rule', WP_Auth0_RulesLib::$geo['name'] . '-' . get_bloginfo('name'), WP_Auth0_RulesLib::$geo['script'] );
 
-		$input = $this->rule_validation( $old_options, $input, 'income_rule', WP_Auth0_RulesLib::$income['name'], WP_Auth0_RulesLib::$income['script'] );
+		$input = $this->rule_validation( $old_options, $input, 'income_rule', WP_Auth0_RulesLib::$income['name'] . '-' . get_bloginfo('name'), WP_Auth0_RulesLib::$income['script'] );
 
 		$fullcontact_script = WP_Auth0_RulesLib::$fullcontact['script'];
 		$fullcontact_script = str_replace( 'REPLACE_WITH_YOUR_CLIENT_ID', $input['fullcontact_apikey'], $fullcontact_script );
-		$input = $this->rule_validation( $old_options, $input, 'fullcontact', WP_Auth0_RulesLib::$fullcontact['name'], $fullcontact_script );
+		$input = $this->rule_validation( $old_options, $input, 'fullcontact', WP_Auth0_RulesLib::$fullcontact['name'] . '-' . get_bloginfo('name'), $fullcontact_script );
 
 		$this->a0_options->set( 'fullcontact_apikey', $input['fullcontact_apikey'] );
 

templates/auth0-singlelogout-handler.php

@@ -2,7 +2,7 @@
 <script type="text/javascript">
 (function(){
 
-  var uuids = '<?php echo $profile->user_id; ?>';
+  var uuids = '<?php echo $user_profile->user_id; ?>';
   document.addEventListener("DOMContentLoaded", function() {
     var lock = new Auth0Lock('<?php echo $client_id; ?>', '<?php echo $domain; ?>');
     lock.$auth0.getSSOData(function(err, data) {