Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 43 |
|
0.00% |
0 / 2 |
CRAP | |
0.00% |
0 / 1 |
| SSO_Helpers_Legacy | |
0.00% |
0 / 43 |
|
0.00% |
0 / 2 |
380 | |
0.00% |
0 / 1 |
| handleLegacyLogin | |
0.00% |
0 / 25 |
|
0.00% |
0 / 1 |
156 | |||
| getUser | |
0.00% |
0 / 18 |
|
0.00% |
0 / 1 |
56 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace NewfoldLabs\WP\Module\SSO; |
| 4 | |
| 5 | class SSO_Helpers_Legacy extends SSO_Helpers { |
| 6 | |
| 7 | /** |
| 8 | * SSO AJAX action. |
| 9 | */ |
| 10 | const ACTION = 'sso-check'; |
| 11 | |
| 12 | /** |
| 13 | * Handle SSO login. |
| 14 | * |
| 15 | * @param string $token |
| 16 | */ |
| 17 | public static function handleLegacyLogin( $nonce, $salt ) { |
| 18 | |
| 19 | // Not doing sso |
| 20 | if ( ! $nonce || ! $salt ) { |
| 21 | wp_safe_redirect( wp_login_url() ); |
| 22 | exit; |
| 23 | } |
| 24 | |
| 25 | $has_epoch = preg_match( '/-e(\d+)$/', $nonce, $epoch ); |
| 26 | $expired = ( $has_epoch && ( time() - $epoch[1] ) > 300 ) ? true : false; |
| 27 | |
| 28 | // Too many failed attempts |
| 29 | if ( self::shouldThrottle() ) { |
| 30 | self::triggerFailure(); |
| 31 | exit; |
| 32 | } |
| 33 | |
| 34 | // Find user |
| 35 | $user = self::getUser(); |
| 36 | if ( ! $user ) { |
| 37 | self::triggerFailure(); |
| 38 | exit; |
| 39 | } |
| 40 | |
| 41 | if ( $user ) { |
| 42 | if ( preg_match( "/['\"\\\\<|]/", $user->user_login ) ) { |
| 43 | self::triggerFailure( 'invalid_username' ); |
| 44 | exit; |
| 45 | } |
| 46 | } |
| 47 | |
| 48 | // Validate token |
| 49 | $token = substr( base64_encode( hash( 'sha256', $nonce . $salt, false ) ), 0, 64 ); |
| 50 | $stored_token = get_transient( 'sso_token' ); |
| 51 | if ( false === $stored_token ) { |
| 52 | $stored_token = get_option( 'sso_token' ); |
| 53 | delete_option( 'sso_token' ); |
| 54 | } |
| 55 | if ( $expired || $stored_token !== $token ) { |
| 56 | self::triggerFailure(); |
| 57 | exit; |
| 58 | } |
| 59 | |
| 60 | // Do login |
| 61 | self::triggerSuccess( $user ); |
| 62 | } |
| 63 | |
| 64 | /** |
| 65 | * Get the user to login with. |
| 66 | * |
| 67 | * @return \WP_User|false |
| 68 | */ |
| 69 | public static function getUser() { |
| 70 | $user = false; |
| 71 | |
| 72 | $user_reference = filter_input( INPUT_GET, 'user' ); |
| 73 | |
| 74 | if ( $user_reference ) { |
| 75 | if ( is_email( $user_reference ) ) { |
| 76 | $user = get_user_by( 'email', sanitize_email( $user_reference ) ); |
| 77 | } else { |
| 78 | $user_id = absint( $user_reference ); |
| 79 | if ( $user_id ) { |
| 80 | $user = get_user_by( 'id', $user_id ); |
| 81 | } |
| 82 | } |
| 83 | } |
| 84 | |
| 85 | // If user wasn't found, find first admin user |
| 86 | if ( ! $user ) { |
| 87 | $users = get_users( |
| 88 | array( |
| 89 | 'role' => 'administrator', |
| 90 | 'number' => 1, |
| 91 | ) |
| 92 | ); |
| 93 | if ( isset( $users[0] ) && is_a( $users[0], 'WP_User' ) ) { |
| 94 | $user = $users[0]; |
| 95 | } |
| 96 | } |
| 97 | |
| 98 | return $user; |
| 99 | } |
| 100 | } |