PluginProbe ʕ •ᴥ•ʔ
Firebase Authentication / 1.3.4
Firebase Authentication v1.3.4
1.7.0 trunk 1.0.0 1.1.1 1.1.2 1.1.3 1.1.4 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.8 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9
firebase-authentication / class-mo-firebase-config.php
firebase-authentication Last commit date
admin 6 years ago includes 6 years ago js 6 years ago languages 6 years ago public 6 years ago views 6 years ago README.txt 6 years ago class-contact-us.php 6 years ago class-mo-firebase-config.php 6 years ago firebase-authentication.php 6 years ago index.php 6 years ago uninstall.php 6 years ago
class-mo-firebase-config.php
211 lines
1 <?php
2
3 class Mo_Firebase_Config {
4 function __construct() {
5 add_action('init', array( $this, 'testconfig' ));
6 }
7 function testconfig() {
8 if ( isset($_POST['fb_jwt']) ) {
9 $user = $this->sample();
10 }
11
12 if( isset( $_REQUEST['mo_action'] ) && 'firebaselogin' === sanitize_text_field( wp_unslash( $_REQUEST['mo_action'] ) ) && isset( $_REQUEST['test'] ) && 'true' === wp_unslash( $_REQUEST['test'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_auth_test_config_field'] ) ), 'mo_firebase_auth_test_config_form' ) ) {
13
14 $project_id = get_option('mo_firebase_auth_project_id');
15 $api_key = get_option('mo_firebase_auth_api_key');
16 wp_register_script( 'mo_firebase_app_main_script', plugins_url( 'admin/js/firebase-auth-main-script.js', __FILE__), [ 'jquery' ], false, true );
17 wp_enqueue_script( 'mo_firebase_app_main_script' );
18 wp_register_script( 'mo_firebase_testconfig_script', plugins_url( 'js/firebase-test-config.js', __FILE__), [ 'jquery' ] );
19 $data = [];
20 $data['api_key'] = get_option( 'mo_firebase_auth_api_key' );
21 $data['project_id'] = get_option( 'mo_firebase_auth_project_id' );
22 $data['test_username'] = isset( $_POST['test_username'] ) ? sanitize_text_field( $_POST['test_username'] ) : '';
23 $data['test_password'] = isset( $_POST['test_password'] ) ? sanitize_text_field( $_POST['test_password'] ) : '';
24 $data['test_check_field'] = isset( $_POST['test_check_field'] ) ? sanitize_text_field( $_POST['test_check_field'] ) : '';
25 wp_localize_script( 'mo_firebase_testconfig_script', 'firebase_data_testconfig', $data );
26 wp_enqueue_script( 'mo_firebase_testconfig_script', plugins_url( 'js/firebase-test-config.js', __FILE__), ['jquery'], false, true );
27 }
28 }
29
30 function sample() {
31 if ( isset( $_POST['fb_jwt'] ) && sanitize_text_field( wp_unslash( $_POST['fb_jwt'] ) ) == 'empty_string' ) {
32 if ( isset( $_POST['fb_is_test'] ) && sanitize_text_field( wp_unslash( $_POST['fb_is_test'] ) ) == 'test_check_true' ) {
33
34 $error = sanitize_text_field( wp_unslash( $_POST['fb_error_msg'] ) );
35 if (strpos($error, 'API key not valid. Please pass a valid API key.') !== false) {
36 $error = "API key not valid. Please pass a valid API key.";
37 }
38 echo '<div style="font-family:Calibri;padding: 0 30%;">';
39 echo '<h1 style="color:#d9534f;text-align:center;">test failed</h1>';
40 if ( isset( $_POST['fb_error_msg'] ) ) {
41 echo '<h4 style="text-align:center;"><b>ERROR :</b>'.$error.'</h4>';
42 }
43 echo '</div>';
44 echo '<div style="padding: 10px;"></div><div style="position:absolute;padding:0 46%;"><input style="padding:1%;width:100px;height:30px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Close" onClick="self.close();"></div>';
45 exit();
46 }
47 $error = new WP_Error();
48 $error->add( "error_fetching_user", __( "<strong>ERROR</strong>: user doesn't exist !!." ) );
49 return $error;
50 }
51
52 if ( isset( $_POST['fb_jwt'] ) && sanitize_text_field( wp_unslash( $_POST['fb_jwt'] ) ) != 'empty_string' ) {
53 $payload = $this->decode_jwt( sanitize_text_field( wp_unslash( $_POST['fb_jwt'] ) ) );
54
55 if ( isset( $_POST['fb_is_test'] ) && sanitize_text_field( wp_unslash( $_POST['fb_is_test'] ) ) == 'test_check_true' ) {
56 echo '<div style="font-family:Calibri;margin: auto;padding:5%;">';
57 echo '<h1 style="color:#00C851;text-align:center;">Test Successful !</h1>';
58 echo '<style>table{border-collapse:collapse;}th {background-color: #eee; text-align: center; padding: 8px; border-width:1px; border-style:solid; border-color:#212121;}tr:nth-child(odd) {background-color: #f2f2f2;} td{padding:8px;border-width:1px; border-style:solid; border-color:#212121;}</style>';
59 echo '<h3 style="text-align:center;">Test Configuration</h3><table style="margin: auto;"><tr><th>Attribute Name</th><th>Attribute Value</th></tr>';
60 $this->testattrmappingconfig( "", $payload );
61 echo '</table></div>';
62 echo '<div style="margin: auto;padding: 10px;></div><div style="margin: auto;position:absolute;padding:0 46%;"><input style="padding:8px;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>';
63 exit();
64 }
65
66 $user = $this->getUser( $payload );
67 if ( $user ) {
68 $user_id = $user->ID;
69 wp_set_auth_cookie( $user_id, true );
70 wp_redirect( home_url() );
71 exit;
72 }
73
74 //$user = get_user_by('email',$email);
75
76 }
77 }
78
79 function testattrmappingconfig( $nestedprefix, $payload ) {
80 foreach ( $payload as $key => $value ){
81 if ( is_array( $value ) || is_object( $value ) ) {
82 if ( ! empty( $nestedprefix ) ) {
83 $nestedprefix .= ".";
84 }
85 $this->testattrmappingconfig( $nestedprefix.$key, $value );
86 } else {
87 echo '<tr><td>';
88 if ( ! empty( $nestedprefix ) )
89 echo $nestedprefix.".";
90 echo $key.'</td><td>'.$value.'</td></tr>';
91 }
92 }
93 }
94
95 function decode_jwt( $jwt_token ) {
96 $flag = 0;
97 $pieces = explode( ".", $jwt_token );
98 $jwt_data = $pieces[0].".".$pieces[1];
99 $jwt_signature = str_replace( ['-','_'], ['+','/'], $pieces[2] );
100 $jwt_signature = base64_decode( $jwt_signature );
101 $jwt_header = json_decode( base64_decode( str_replace( ['-','_'], ['+','/'], $pieces[0] ) ), true );
102
103 $alg = $jwt_header['alg'];
104 $kid = $jwt_header['kid'];
105
106 if ( strpos( $alg, "RS" ) !== false ) {
107 $algorithm = "RSA";
108 $sha = explode( "RS", $alg )[1];
109 }
110
111 $kid_stored = get_option( 'mo_firebase_auth_kid1' );
112 if ( $kid_stored != $kid ) {
113 $flag = 1;
114 $kid_stored = get_option( 'mo_firebase_auth_kid2' );
115 if( $kid_stored != $kid ){
116 $flag = 2;
117 $kid_stored = get_option( 'mo_firebase_auth_kid3' );
118 }
119 }
120 if ( $kid_stored == $kid ) {
121 if ( $flag == 0 ) {
122 $jwt_raw_certificate = get_option( 'mo_firebase_auth_cert1' );
123 } else if ( $flag == 1 ) {
124 $jwt_raw_certificate = get_option( 'mo_firebase_auth_cert2' );
125 } else if ( $flag == 2 ) {
126 $jwt_raw_certificate = get_option( 'mo_firebase_auth_cert3' );
127 }
128 } else {
129 echo "Please update your information by clicking on <b>Configuration</b> button in Firebase Authentication plugin and then try.";
130 exit;
131 }
132
133 $public_key = "";
134 $parts = explode( "-----", $jwt_raw_certificate );
135
136 if ( preg_match( '/\r\n|\r|\n/', $parts[2] ) ) {
137 $public_key = $jwt_raw_certificate;
138 } else {
139 $encoding = "-----".$parts[1]."-----\n";
140 $offset = 0;
141 while ( $segment = substr( $parts[2], $offset, 64 ) ) {
142 $encoding .= $segment."\n";
143 $offset += 64;
144 }
145 $encoding .= "-----".$parts[3]."-----\n";
146 $public_key = $encoding;
147 }
148
149 switch ( $sha ) {
150 case '256':
151 $verified = openssl_verify( $jwt_data, $jwt_signature, $public_key, OPENSSL_ALGO_SHA256 );
152 break;
153 case '384':
154 $verified = openssl_verify( $jwt_data, $jwt_signature, $public_key, OPENSSL_ALGO_SHA384 );
155 break;
156 case '512':
157 $verified = openssl_verify( $jwt_data, $jwt_signature, $public_key, OPENSSL_ALGO_SHA512 );
158 break;
159 default:
160 $verified = false;
161 break;
162 }
163
164 if ( ! $verified ) {
165 echo "Invalid Token";
166 exit();
167 }
168
169 $jwt_payload = json_decode( base64_decode( $pieces[1] ), true );
170 return $jwt_payload;
171
172 }
173
174 function getUser( $jwt_payload )
175 {
176 if ( isset( $jwt_payload['email'] ) ){
177 $email = $jwt_payload['email'];
178 $user = get_user_by( "email", $email );
179 if ( ! $user ) {
180 $user = get_user_by( 'login', $email );
181 if ( $user ) {
182 return $user;
183 } else {
184 $user_password = wp_generate_password( 10, false );
185
186 $userdata = array(
187 'user_login' => $email,
188 'user_pass' => $user_password,
189 'user_email' => $email,
190 );
191
192 $user_id = wp_insert_user( $userdata );
193
194 if ( ! is_wp_error( $user_id ) )
195 {
196 //Store disting
197 // shedName in User Meta
198 update_user_meta( $user_id, 'mo_firebase_user_dn', false );
199 }
200
201 $user = get_user_by( 'email', $email );
202 return $user;
203 }
204 } else if( $user ) {
205 return $user;
206 }
207 }
208 }
209 }
210
211 $mo_firebase_config_obj = new Mo_Firebase_Config();