PluginProbe ʕ •ᴥ•ʔ
Firebase Authentication / 1.3.0
Firebase Authentication v1.3.0
1.7.0 trunk 1.0.0 1.1.1 1.1.2 1.1.3 1.1.4 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.8 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9
firebase-authentication / class-mo-firebase-config.php
firebase-authentication Last commit date
admin 6 years ago includes 6 years ago js 6 years ago languages 6 years ago public 6 years ago views 6 years ago README.txt 6 years ago class-contact-us.php 6 years ago class-mo-firebase-config.php 6 years ago firebase-authentication.php 6 years ago index.php 6 years ago uninstall.php 6 years ago
class-mo-firebase-config.php
205 lines
1 <?php
2
3 class Mo_Firebase_Config {
4 function __construct() {
5 add_action('init', array( $this, 'testconfig' ));
6 }
7 function testconfig() {
8 if ( isset($_POST['fb_jwt']) ) {
9 $user = $this->sample();
10 }
11
12 if( isset( $_REQUEST['mo_action'] ) && 'firebaselogin' === sanitize_text_field( wp_unslash( $_REQUEST['mo_action'] ) ) && isset( $_REQUEST['test'] ) && 'true' === wp_unslash( $_REQUEST['test'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_auth_test_config_field'] ) ), 'mo_firebase_auth_test_config_form' ) ) {
13
14 $project_id = get_option('mo_firebase_auth_project_id');
15 $api_key = get_option('mo_firebase_auth_api_key');
16 wp_register_script( 'mo_firebase_app_main_script', plugins_url( 'admin/js/firebase-auth-main-script.js', __FILE__), [ 'jquery' ], false, true );
17 wp_enqueue_script( 'mo_firebase_app_main_script' );
18 wp_register_script( 'mo_firebase_testconfig_script', plugins_url( 'js/firebase-test-config.js', __FILE__), [ 'jquery' ] );
19 $data = [];
20 $data['api_key'] = get_option( 'mo_firebase_auth_api_key' );
21 $data['project_id'] = get_option( 'mo_firebase_auth_project_id' );
22 $data['test_username'] = isset( $_POST['test_username'] ) ? sanitize_text_field( $_POST['test_username'] ) : '';
23 $data['test_password'] = isset( $_POST['test_password'] ) ? sanitize_text_field( $_POST['test_password'] ) : '';
24 $data['test_check_field'] = isset( $_POST['test_check_field'] ) ? sanitize_text_field( $_POST['test_check_field'] ) : '';
25 wp_localize_script( 'mo_firebase_testconfig_script', 'firebase_data_testconfig', $data );
26 wp_enqueue_script( 'mo_firebase_testconfig_script', plugins_url( 'js/firebase-test-config.js', __FILE__), ['jquery'], false, true );
27 }
28 }
29
30 function sample() {
31 if ( isset( $_POST['fb_jwt'] ) && sanitize_text_field( wp_unslash( $_POST['fb_jwt'] ) ) == 'empty_string' ) {
32 if ( isset( $_POST['fb_is_test'] ) && sanitize_text_field( wp_unslash( $_POST['fb_is_test'] ) ) == 'test_check_true' ) {
33
34 $error = sanitize_text_field( wp_unslash( $_POST['fb_error_msg'] ) );
35 if (strpos($error, 'API key not valid. Please pass a valid API key.') !== false) {
36 $error = "API key not valid. Please pass a valid API key.";
37 }
38 echo '<div style="font-family:Calibri;padding: 0 30%;">';
39 echo '<h1 style="color:#d9534f;text-align:center;">test failed</h1>';
40 if ( isset( $_POST['fb_error_msg'] ) ) {
41 echo '<h4 style="text-align:center;"><b>ERROR :</b>'.$error.'</h4>';
42 }
43 echo '</div>';
44 echo '<div style="padding: 10px;"></div><div style="position:absolute;padding:0 46%;"><input style="padding:1%;width:100px;height:30px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Close" onClick="self.close();"></div>';
45 exit();
46 }
47 $error = new WP_Error();
48 $error->add( "error_fetching_user", __( "<strong>ERROR</strong>: user doesn't exist !!." ) );
49 return $error;
50 }
51
52 if ( isset( $_POST['fb_jwt'] ) && sanitize_text_field( wp_unslash( $_POST['fb_jwt'] ) ) != 'empty_string' ) {
53 $payload = $this->decode_jwt( sanitize_text_field( wp_unslash( $_POST['fb_jwt'] ) ) );
54
55 if ( isset( $_POST['fb_is_test'] ) && sanitize_text_field( wp_unslash( $_POST['fb_is_test'] ) ) == 'test_check_true' ) {
56 echo '<div style="font-family:Calibri;margin: auto;padding:5%;">';
57 echo '<h1 style="color:#00C851;text-align:center;">Test Successful !</h1>';
58 echo '<style>table{border-collapse:collapse;}th {background-color: #eee; text-align: center; padding: 8px; border-width:1px; border-style:solid; border-color:#212121;}tr:nth-child(odd) {background-color: #f2f2f2;} td{padding:8px;border-width:1px; border-style:solid; border-color:#212121;}</style>';
59 echo '<h3 style="text-align:center;">Test Configuration</h3><table style="margin: auto;"><tr><th>Attribute Name</th><th>Attribute Value</th></tr>';
60 $this->testattrmappingconfig( "", $payload );
61 echo '</table></div>';
62 echo '<div style="margin: auto;padding: 10px;></div><div style="margin: auto;position:absolute;padding:0 46%;"><input style="padding:8px;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>';
63 exit();
64 }
65
66 $user = $this->getUser( $payload );
67 if ( $user ) {
68 $user_id = $user->ID;
69 wp_set_auth_cookie( $user_id, true );
70 wp_redirect( home_url() );
71 exit;
72 }
73
74 //$user = get_user_by('email',$email);
75
76 }
77 }
78
79 function testattrmappingconfig( $nestedprefix, $payload ) {
80 foreach ( $payload as $key => $value ){
81 if ( is_array( $value ) || is_object( $value ) ) {
82 if ( ! empty( $nestedprefix ) ) {
83 $nestedprefix .= ".";
84 }
85 $this->testattrmappingconfig( $nestedprefix.$key, $value );
86 } else {
87 echo '<tr><td>';
88 if ( ! empty( $nestedprefix ) )
89 echo $nestedprefix.".";
90 echo $key.'</td><td>'.$value.'</td></tr>';
91 }
92 }
93 }
94
95 function decode_jwt( $jwt_token ) {
96 $flag = 0;
97 $pieces = explode( ".", $jwt_token );
98 $jwt_data = $pieces[0].".".$pieces[1];
99 $jwt_signature = str_replace( ['-','_'], ['+','/'], $pieces[2] );
100 $jwt_signature = base64_decode( $jwt_signature );
101 $jwt_header = json_decode( base64_decode( str_replace( ['-','_'], ['+','/'], $pieces[0] ) ), true );
102
103 $alg = $jwt_header['alg'];
104 $kid = $jwt_header['kid'];
105
106 if ( strpos( $alg, "RS" ) !== false ) {
107 $algorithm = "RSA";
108 $sha = explode( "RS", $alg )[1];
109 }
110
111 $kid_stored = get_option( 'mo_firebase_auth_kid1' );
112 if ( $kid_stored != $kid ) {
113 $flag = 1;
114 $kid_stored = get_option( 'mo_firebase_auth_kid2' );
115 }
116 if ( $kid_stored == $kid ) {
117 if ( $flag == 0 ) {
118 $jwt_raw_certificate = get_option( 'mo_firebase_auth_cert1' );
119 } else {
120 $jwt_raw_certificate = get_option( 'mo_firebase_auth_cert2' );
121 }
122 } else {
123 echo "Please update your information by clicking on <b>Configuration</b> button in Firebase Authentication plugin and then try.";
124 exit;
125 }
126
127 $public_key = "";
128 $parts = explode( "-----", $jwt_raw_certificate );
129
130 if ( preg_match( '/\r\n|\r|\n/', $parts[2] ) ) {
131 $public_key = $jwt_raw_certificate;
132 } else {
133 $encoding = "-----".$parts[1]."-----\n";
134 $offset = 0;
135 while ( $segment = substr( $parts[2], $offset, 64 ) ) {
136 $encoding .= $segment."\n";
137 $offset += 64;
138 }
139 $encoding .= "-----".$parts[3]."-----\n";
140 $public_key = $encoding;
141 }
142
143 switch ( $sha ) {
144 case '256':
145 $verified = openssl_verify( $jwt_data, $jwt_signature, $public_key, OPENSSL_ALGO_SHA256 );
146 break;
147 case '384':
148 $verified = openssl_verify( $jwt_data, $jwt_signature, $public_key, OPENSSL_ALGO_SHA384 );
149 break;
150 case '512':
151 $verified = openssl_verify( $jwt_data, $jwt_signature, $public_key, OPENSSL_ALGO_SHA512 );
152 break;
153 default:
154 $verified = false;
155 break;
156 }
157
158 if ( ! $verified ) {
159 echo "Invalid Token";
160 exit();
161 }
162
163 $jwt_payload = json_decode( base64_decode( $pieces[1] ), true );
164 return $jwt_payload;
165
166 }
167
168 function getUser( $jwt_payload )
169 {
170 if ( isset( $jwt_payload['email'] ) ){
171 $email = $jwt_payload['email'];
172 $user = get_user_by( "email", $email );
173 if ( ! $user ) {
174 $user = get_user_by( 'login', $email );
175 if ( $user ) {
176 return $user;
177 } else {
178 $user_password = wp_generate_password( 10, false );
179
180 $userdata = array(
181 'user_login' => $email,
182 'user_pass' => $user_password,
183 'user_email' => $email,
184 );
185
186 $user_id = wp_insert_user( $userdata );
187
188 if ( ! is_wp_error( $user_id ) )
189 {
190 //Store disting
191 // shedName in User Meta
192 update_user_meta( $user_id, 'mo_firebase_user_dn', false );
193 }
194
195 $user = get_user_by( 'email', $email );
196 return $user;
197 }
198 } else if( $user ) {
199 return $user;
200 }
201 }
202 }
203 }
204
205 $mo_firebase_config_obj = new Mo_Firebase_Config();