|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
if ( ! class_exists( 'Jetpack_SSO_Helpers' ) ) : |
|
4
|
|
|
|
|
5
|
|
|
/** |
|
6
|
|
|
* A collection of helper functions used in the SSO module. |
|
7
|
|
|
* |
|
8
|
|
|
* @since 4.1.0 |
|
9
|
|
|
*/ |
|
10
|
|
|
class Jetpack_SSO_Helpers { |
|
11
|
|
|
/** |
|
12
|
|
|
* Determine if the login form should be hidden or not |
|
13
|
|
|
* |
|
14
|
|
|
* @return bool |
|
15
|
|
|
**/ |
|
16
|
|
|
static function should_hide_login_form() { |
|
17
|
|
|
/** |
|
18
|
|
|
* Remove the default log in form, only leave the WordPress.com log in button. |
|
19
|
|
|
* |
|
20
|
|
|
* @module sso |
|
21
|
|
|
* |
|
22
|
|
|
* @since 3.1.0 |
|
23
|
|
|
* |
|
24
|
|
|
* @param bool get_option( 'jetpack_sso_remove_login_form', false ) Should the default log in form be removed. Default to false. |
|
25
|
|
|
*/ |
|
26
|
|
|
return (bool) apply_filters( 'jetpack_remove_login_form', get_option( 'jetpack_sso_remove_login_form', false ) ); |
|
27
|
|
|
} |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* Returns a boolean value for whether logging in by matching the WordPress.com user email to a |
|
31
|
|
|
* Jetpack site user's email is allowed. |
|
32
|
|
|
* |
|
33
|
|
|
* @return bool |
|
34
|
|
|
*/ |
|
35
|
|
|
static function match_by_email() { |
|
36
|
|
|
$match_by_email = ( 1 == get_option( 'jetpack_sso_match_by_email', true ) ) ? true: false; |
|
37
|
|
|
$match_by_email = defined( 'WPCC_MATCH_BY_EMAIL' ) ? WPCC_MATCH_BY_EMAIL : $match_by_email; |
|
38
|
|
|
|
|
39
|
|
|
/** |
|
40
|
|
|
* Link the local account to an account on WordPress.com using the same email address. |
|
41
|
|
|
* |
|
42
|
|
|
* @module sso |
|
43
|
|
|
* |
|
44
|
|
|
* @since 2.6.0 |
|
45
|
|
|
* |
|
46
|
|
|
* @param bool $match_by_email Should we link the local account to an account on WordPress.com using the same email address. Default to false. |
|
47
|
|
|
*/ |
|
48
|
|
|
return (bool) apply_filters( 'jetpack_sso_match_by_email', $match_by_email ); |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
/** |
|
52
|
|
|
* Returns a boolean for whether users are allowed to register on the Jetpack site with SSO, |
|
53
|
|
|
* even though the site disallows normal registrations. |
|
54
|
|
|
* |
|
55
|
|
|
* @return bool |
|
56
|
|
|
*/ |
|
57
|
|
|
static function new_user_override() { |
|
58
|
|
|
$new_user_override = defined( 'WPCC_NEW_USER_OVERRIDE' ) ? WPCC_NEW_USER_OVERRIDE : false; |
|
59
|
|
|
|
|
60
|
|
|
/** |
|
61
|
|
|
* Allow users to register on your site with a WordPress.com account, even though you disallow normal registrations. |
|
62
|
|
|
* |
|
63
|
|
|
* @module sso |
|
64
|
|
|
* |
|
65
|
|
|
* @since 2.6.0 |
|
66
|
|
|
* |
|
67
|
|
|
* @param bool $new_user_override Allow users to register on your site with a WordPress.com account. Default to false. |
|
68
|
|
|
*/ |
|
69
|
|
|
return (bool) apply_filters( 'jetpack_sso_new_user_override', $new_user_override ); |
|
70
|
|
|
} |
|
71
|
|
|
|
|
72
|
|
|
/** |
|
73
|
|
|
* Returns a boolean value for whether two-step authentication is required for SSO. |
|
74
|
|
|
* |
|
75
|
|
|
* @since 4.1.0 |
|
76
|
|
|
* |
|
77
|
|
|
* @return bool |
|
78
|
|
|
*/ |
|
79
|
|
|
static function is_two_step_required() { |
|
80
|
|
|
/** |
|
81
|
|
|
* Is it required to have 2-step authentication enabled on WordPress.com to use SSO? |
|
82
|
|
|
* |
|
83
|
|
|
* @module sso |
|
84
|
|
|
* |
|
85
|
|
|
* @since 2.8.0 |
|
86
|
|
|
* |
|
87
|
|
|
* @param bool get_option( 'jetpack_sso_require_two_step' ) Does SSO require 2-step authentication? |
|
88
|
|
|
*/ |
|
89
|
|
|
return (bool) apply_filters( 'jetpack_sso_require_two_step', get_option( 'jetpack_sso_require_two_step', false ) ); |
|
90
|
|
|
} |
|
91
|
|
|
|
|
92
|
|
|
/** |
|
93
|
|
|
* Returns a boolean for whether a user that is attempting to log in will be automatically |
|
94
|
|
|
* redirected to WordPress.com to begin the SSO flow. |
|
95
|
|
|
* |
|
96
|
|
|
* @return bool |
|
97
|
|
|
*/ |
|
98
|
|
|
static function bypass_login_forward_wpcom() { |
|
99
|
|
|
/** |
|
100
|
|
|
* Redirect the site's log in form to WordPress.com's log in form. |
|
101
|
|
|
* |
|
102
|
|
|
* @module sso |
|
103
|
|
|
* |
|
104
|
|
|
* @since 3.1.0 |
|
105
|
|
|
* |
|
106
|
|
|
* @param bool false Should the site's log in form be automatically forwarded to WordPress.com's log in form. |
|
107
|
|
|
*/ |
|
108
|
|
|
return (bool) apply_filters( 'jetpack_sso_bypass_login_forward_wpcom', false ); |
|
109
|
|
|
} |
|
110
|
|
|
|
|
111
|
|
|
/** |
|
112
|
|
|
* Returns a boolean for whether the SSO login form should be displayed as the default |
|
113
|
|
|
* when both the default and SSO login form allowed. |
|
114
|
|
|
* |
|
115
|
|
|
* @since 4.1.0 |
|
116
|
|
|
* |
|
117
|
|
|
* @return bool |
|
118
|
|
|
*/ |
|
119
|
|
|
static function show_sso_login() { |
|
120
|
|
|
if ( self::should_hide_login_form() ) { |
|
121
|
|
|
return true; |
|
122
|
|
|
} |
|
123
|
|
|
|
|
124
|
|
|
/** |
|
125
|
|
|
* Display the SSO login form as the default when both the default and SSO login forms are enabled. |
|
126
|
|
|
* |
|
127
|
|
|
* @module sso |
|
128
|
|
|
* |
|
129
|
|
|
* @since 4.1.0 |
|
130
|
|
|
* |
|
131
|
|
|
* @param bool true Should the SSO login form be displayed by default when the default login form is also enabled? |
|
132
|
|
|
*/ |
|
133
|
|
|
return (bool) apply_filters( 'jetpack_sso_default_to_sso_login', true ); |
|
134
|
|
|
} |
|
135
|
|
|
|
|
136
|
|
|
/** |
|
137
|
|
|
* Returns a boolean for whether the two step required checkbox, displayed on the Jetpack admin page, should be disabled. |
|
138
|
|
|
* |
|
139
|
|
|
* @since 4.1.0 |
|
140
|
|
|
* |
|
141
|
|
|
* @return bool |
|
142
|
|
|
*/ |
|
143
|
|
|
static function is_require_two_step_checkbox_disabled() { |
|
144
|
|
|
return (bool) has_filter( 'jetpack_sso_require_two_step' ); |
|
145
|
|
|
} |
|
146
|
|
|
|
|
147
|
|
|
/** |
|
148
|
|
|
* Returns a boolean for whether the match by email checkbox, displayed on the Jetpack admin page, should be disabled. |
|
149
|
|
|
* |
|
150
|
|
|
* @since 4.1.0 |
|
151
|
|
|
* |
|
152
|
|
|
* @return bool |
|
153
|
|
|
*/ |
|
154
|
|
|
static function is_match_by_email_checkbox_disabled() { |
|
155
|
|
|
return defined( 'WPCC_MATCH_BY_EMAIL' ) || has_filter( 'jetpack_sso_match_by_email' ); |
|
156
|
|
|
} |
|
157
|
|
|
|
|
158
|
|
|
/** |
|
159
|
|
|
* Returns an array of hosts that SSO will redirect to. |
|
160
|
|
|
* |
|
161
|
|
|
* Instead of accessing JETPACK__API_BASE within the method directly, we set it as the |
|
162
|
|
|
* default for $api_base due to restrictions with testing constants in our tests. |
|
163
|
|
|
* |
|
164
|
|
|
* @since 4.3.0 |
|
165
|
|
|
* |
|
166
|
|
|
* @param array $hosts |
|
167
|
|
|
* @param string $api_base |
|
168
|
|
|
* |
|
169
|
|
|
* @return array |
|
170
|
|
|
*/ |
|
171
|
|
|
static function allowed_redirect_hosts( $hosts, $api_base = JETPACK__API_BASE ) { |
|
172
|
|
|
if ( empty( $hosts ) ) { |
|
173
|
|
|
$hosts = array(); |
|
174
|
|
|
} |
|
175
|
|
|
|
|
176
|
|
|
$hosts[] = 'wordpress.com'; |
|
177
|
|
|
$hosts[] = 'jetpack.wordpress.com'; |
|
178
|
|
|
|
|
179
|
|
|
if ( |
|
180
|
|
|
( Jetpack::is_development_mode() || Jetpack::is_development_version() ) && |
|
181
|
|
|
( false === strpos( $api_base, 'jetpack.wordpress.com/jetpack' ) ) |
|
182
|
|
|
) { |
|
183
|
|
|
$base_url_parts = parse_url( esc_url_raw( $api_base ) ); |
|
184
|
|
|
if ( $base_url_parts && ! empty( $base_url_parts[ 'host' ] ) ) { |
|
185
|
|
|
$hosts[] = $base_url_parts[ 'host' ]; |
|
186
|
|
|
} |
|
187
|
|
|
} |
|
188
|
|
|
|
|
189
|
|
|
return array_unique( $hosts ); |
|
190
|
|
|
} |
|
191
|
|
|
|
|
192
|
|
|
static function generate_user( $user_data ) { |
|
193
|
|
|
$username = $user_data->login; |
|
194
|
|
|
|
|
195
|
|
|
/** |
|
196
|
|
|
* Determines how many times the SSO module can attempt to randomly generate a user. |
|
197
|
|
|
* |
|
198
|
|
|
* @module sso |
|
199
|
|
|
* |
|
200
|
|
|
* @since 4.4.0 |
|
201
|
|
|
* |
|
202
|
|
|
* @param int 5 By default, SSO will attempt to random generate a user up to 5 times. |
|
203
|
|
|
*/ |
|
204
|
|
|
$num_tries = intval( apply_filters( 'jetpack_sso_allowed_username_generate_retries', 5 ) ); |
|
205
|
|
|
|
|
206
|
|
|
$tries = 0; |
|
207
|
|
|
while ( ( $exists = username_exists( $username ) ) && $tries++ < $num_tries ) { |
|
208
|
|
|
$username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand(); |
|
209
|
|
|
} |
|
210
|
|
|
|
|
211
|
|
|
if ( $exists ) { |
|
212
|
|
|
return false; |
|
213
|
|
|
} |
|
214
|
|
|
|
|
215
|
|
|
$password = wp_generate_password( 20 ); |
|
216
|
|
|
$user_id = wp_create_user( $username, $password, $user_data->email ); |
|
217
|
|
|
$user = get_userdata( $user_id ); |
|
218
|
|
|
|
|
219
|
|
|
$user->display_name = $user_data->display_name; |
|
220
|
|
|
$user->first_name = $user_data->first_name; |
|
221
|
|
|
$user->last_name = $user_data->last_name; |
|
222
|
|
|
$user->url = $user_data->url; |
|
223
|
|
|
$user->description = $user_data->description; |
|
224
|
|
|
wp_update_user( $user ); |
|
225
|
|
|
|
|
226
|
|
|
update_user_meta( $user->ID, 'wpcom_user_id', $user_data->ID ); |
|
227
|
|
|
|
|
228
|
|
|
return $user; |
|
229
|
|
|
} |
|
230
|
|
|
} |
|
231
|
|
|
|
|
232
|
|
|
endif; |
|
233
|
|
|
|
Automattic /
jetpack
