PluginProbe ʕ •ᴥ•ʔ
Firebase Authentication / 1.4.2
Firebase Authentication v1.4.2
1.7.0 trunk 1.0.0 1.1.1 1.1.2 1.1.3 1.1.4 1.2.0 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.8 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9
firebase-authentication / class-mo-firebase-config.php
firebase-authentication Last commit date
admin 5 years ago includes 5 years ago js 5 years ago languages 5 years ago public 5 years ago views 5 years ago README.txt 5 years ago class-contact-us.php 5 years ago class-mo-firebase-config.php 5 years ago firebase-authentication.php 5 years ago index.php 5 years ago uninstall.php 5 years ago
class-mo-firebase-config.php
232 lines
1 <?php
2
3 class Mo_Firebase_Config {
4 function __construct() {
5 add_action('init', array( $this, 'testconfig' ));
6 }
7 function testconfig() {
8 if ( isset($_POST['fb_jwt']) ) {
9 $user = $this->sample();
10 }
11
12 if( isset( $_REQUEST['mo_action'] ) && 'firebaselogin' === sanitize_text_field( wp_unslash( $_REQUEST['mo_action'] ) ) && isset( $_REQUEST['test'] ) && 'true' === wp_unslash( $_REQUEST['test'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['mo_firebase_auth_test_config_field'] ) ), 'mo_firebase_auth_test_config_form' ) ) {
13
14 $project_id = get_option('mo_firebase_auth_project_id');
15 $api_key = get_option('mo_firebase_auth_api_key');
16 wp_register_script( 'mo_firebase_app_main_script', plugins_url( 'admin/js/firebase-auth-main-script.js', __FILE__), [ 'jquery' ], false, true );
17 wp_enqueue_script( 'mo_firebase_app_main_script' );
18 wp_register_script( 'mo_firebase_testconfig_script', plugins_url( 'js/firebase-test-config.js', __FILE__), [ 'jquery' ] );
19 $data = [];
20 $data['api_key'] = get_option( 'mo_firebase_auth_api_key' );
21 $data['project_id'] = get_option( 'mo_firebase_auth_project_id' );
22 $data['test_username'] = isset( $_POST['test_username'] ) ? sanitize_text_field( $_POST['test_username'] ) : '';
23 $data['test_password'] = isset( $_POST['test_password'] ) ? sanitize_text_field( $_POST['test_password'] ) : '';
24 $data['test_check_field'] = isset( $_POST['test_check_field'] ) ? sanitize_text_field( $_POST['test_check_field'] ) : '';
25 wp_localize_script( 'mo_firebase_testconfig_script', 'firebase_data_testconfig', $data );
26 wp_enqueue_script( 'mo_firebase_testconfig_script', plugins_url( 'js/firebase-test-config.js', __FILE__), ['jquery'], false, true );
27 }
28 }
29
30 function sample() {
31 if ( isset( $_POST['fb_jwt'] ) && sanitize_text_field( wp_unslash( $_POST['fb_jwt'] ) ) == 'empty_string' ) {
32 if ( isset( $_POST['fb_is_test'] ) && sanitize_text_field( wp_unslash( $_POST['fb_is_test'] ) ) == 'test_check_true' ) {
33
34 $error = sanitize_text_field( wp_unslash( $_POST['fb_error_msg'] ) );
35 if (strpos($error, 'API key not valid. Please pass a valid API key.') !== false) {
36 $error = "API key not valid. Please pass a valid API key.";
37 }
38 echo '<div style="font-family:Calibri;padding: 0 30%;">';
39 echo '<h1 style="color:#d9534f;text-align:center;">test failed</h1>';
40 if ( isset( $_POST['fb_error_msg'] ) ) {
41 echo '<h4 style="text-align:center;"><b>ERROR :</b>'.$error.'</h4>';
42 }
43 echo '</div>';
44 echo '<div style="padding: 10px;"></div><div style="position:absolute;padding:0 46%;"><input style="padding:1%;width:100px;height:30px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Close" onClick="self.close();"></div>';
45 exit();
46 }
47 $error = new WP_Error();
48 $error->add( "error_fetching_user", __( "<strong>ERROR</strong>: user doesn't exist !!." ) );
49 return $error;
50 }
51
52 if ( isset( $_POST['fb_jwt'] ) && sanitize_text_field( wp_unslash( $_POST['fb_jwt'] ) ) != 'empty_string' ) {
53 $payload = $this->decode_jwt( sanitize_text_field( wp_unslash( $_POST['fb_jwt'] ) ) );
54
55 if ( isset( $_POST['fb_is_test'] ) && sanitize_text_field( wp_unslash( $_POST['fb_is_test'] ) ) == 'test_check_true' ) {
56 echo '<div style="font-family:Calibri;margin: auto;padding:5%;">';
57 echo '<h1 style="color:#00C851;text-align:center;">Test Successful !</h1>';
58 echo '<style>table{border-collapse:collapse;}th {background-color: #eee; text-align: center; padding: 8px; border-width:1px; border-style:solid; border-color:#212121;}tr:nth-child(odd) {background-color: #f2f2f2;} td{padding:8px;border-width:1px; border-style:solid; border-color:#212121;}</style>';
59 echo '<h3 style="text-align:center;">Test Configuration</h3><table style="margin: auto;"><tr><th>Attribute Name</th><th>Attribute Value</th></tr>';
60 $this->testattrmappingconfig( "", $payload );
61 echo '</table></div>';
62 echo '<div style="margin: auto;padding: 10px;></div><div style="margin: auto;position:absolute;padding:0 46%;"><input style="padding:8px;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>';
63 exit();
64 }
65
66 $user = $this->getUser( $payload );
67 if ( $user ) {
68 $user_id = $user->ID;
69 wp_set_auth_cookie( $user_id, true );
70 wp_redirect( home_url() );
71 exit;
72 }
73
74 //$user = get_user_by('email',$email);
75
76 }
77 }
78
79 function testattrmappingconfig( $nestedprefix, $payload ) {
80 foreach ( $payload as $key => $value ){
81 if ( is_array( $value ) || is_object( $value ) ) {
82 if ( ! empty( $nestedprefix ) ) {
83 $nestedprefix .= ".";
84 }
85 $this->testattrmappingconfig( $nestedprefix.$key, $value );
86 } else {
87 echo '<tr><td>';
88 if ( ! empty( $nestedprefix ) )
89 echo $nestedprefix.".";
90 echo $key.'</td><td>'.$value.'</td></tr>';
91 }
92 }
93 }
94
95 function decode_jwt( $jwt_token ) {
96 $flag = 0;
97 $pieces = explode( ".", $jwt_token );
98 $jwt_data = $pieces[0].".".$pieces[1];
99 $jwt_signature = str_replace( ['-','_'], ['+','/'], $pieces[2] );
100 $jwt_signature = base64_decode( $jwt_signature );
101 $jwt_header = json_decode( base64_decode( str_replace( ['-','_'], ['+','/'], $pieces[0] ) ), true );
102
103 $alg = $jwt_header['alg'];
104 $kid = $jwt_header['kid'];
105
106 if ( strpos( $alg, "RS" ) !== false ) {
107 $algorithm = "RSA";
108 $sha = explode( "RS", $alg )[1];
109 }
110
111 $jwt_raw_certificate = $this->mo_firebase_auth_get_cert_from_kid($kid);
112
113 $public_key = "";
114 $parts = explode( "-----", $jwt_raw_certificate );
115
116 if ( preg_match( '/\r\n|\r|\n/', $parts[2] ) ) {
117 $public_key = $jwt_raw_certificate;
118 } else {
119 $encoding = "-----".$parts[1]."-----\n";
120 $offset = 0;
121 while ( $segment = substr( $parts[2], $offset, 64 ) ) {
122 $encoding .= $segment."\n";
123 $offset += 64;
124 }
125 $encoding .= "-----".$parts[3]."-----\n";
126 $public_key = $encoding;
127 }
128
129 switch ( $sha ) {
130 case '256':
131 $verified = openssl_verify( $jwt_data, $jwt_signature, $public_key, OPENSSL_ALGO_SHA256 );
132 break;
133 case '384':
134 $verified = openssl_verify( $jwt_data, $jwt_signature, $public_key, OPENSSL_ALGO_SHA384 );
135 break;
136 case '512':
137 $verified = openssl_verify( $jwt_data, $jwt_signature, $public_key, OPENSSL_ALGO_SHA512 );
138 break;
139 default:
140 $verified = false;
141 break;
142 }
143
144 if ( ! $verified ) {
145 echo "Invalid Token";
146 exit();
147 }
148
149 $jwt_payload = json_decode( base64_decode( $pieces[1] ), true );
150 return $jwt_payload;
151
152 }
153
154 function mo_firebase_auth_get_cert_from_kid( $kid ) {
155 $flag = $this->mo_firebase_auth_get_kid( $kid );
156 if( $flag === 0 ) {
157 $firebaselogin = new mo_firebase_authentication_login();
158 $firebaselogin->mo_firebase_auth_store_certificates();
159 $flag = $this->mo_firebase_auth_get_kid( $kid );
160 }
161 if ( $flag !== 0 ) {
162 if ( $flag === 1 ) {
163 $jwt_raw_certificate = get_option( 'mo_firebase_auth_cert1' );
164 } else if( $flag === 2 ) {
165 $jwt_raw_certificate = get_option( 'mo_firebase_auth_cert2' );
166 } else if ( $flag === 3 ) {
167 $jwt_raw_certificate = get_option( 'mo_firebase_auth_cert3' );
168 }
169 } else {
170 echo "Please provide a valid certificate. Contact your administrator.";
171 exit;
172 }
173 return $jwt_raw_certificate;
174 }
175
176 function mo_firebase_auth_get_kid($kid) {
177 $flag = 0;
178 $kid_stored = get_option( 'mo_firebase_auth_kid1' );
179 if ( $kid_stored != $kid ) {
180 $flag = 2;
181 $kid_stored = get_option( 'mo_firebase_auth_kid2' );
182 if ( $kid_stored != $kid ) {
183 $flag = 3;
184 $kid_stored = get_option( 'mo_firebase_auth_kid3' );
185 if( $kid_stored != $kid ) {
186 $flag = 0;
187 }
188 }
189 } else {
190 $flag = 1;
191 }
192 return $flag;
193 }
194
195 function getUser( $jwt_payload )
196 {
197 if ( isset( $jwt_payload['email'] ) ){
198 $email = $jwt_payload['email'];
199 $user = get_user_by( "email", $email );
200 if ( ! $user ) {
201 $user = get_user_by( 'login', $email );
202 if ( $user ) {
203 return $user;
204 } else {
205 $user_password = wp_generate_password( 10, false );
206
207 $userdata = array(
208 'user_login' => $email,
209 'user_pass' => $user_password,
210 'user_email' => $email,
211 );
212
213 $user_id = wp_insert_user( $userdata );
214
215 if ( ! is_wp_error( $user_id ) )
216 {
217 //Store disting
218 // shedName in User Meta
219 update_user_meta( $user_id, 'mo_firebase_user_dn', false );
220 }
221
222 $user = get_user_by( 'email', $email );
223 return $user;
224 }
225 } else if( $user ) {
226 return $user;
227 }
228 }
229 }
230 }
231
232 $mo_firebase_config_obj = new Mo_Firebase_Config();