Jetpack_SSO_Helpers - Code Metrics - Inspection of "Add support for SSO without a connection/confirmat..." - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/jetpack-sso-connect-false ( e59eb1 )

by Jason

created 2018-10-30 06:01 UTC

Jetpack_SSO_Helpers A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	346
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	0

Importance

Changes

Metric	Value
dl	0
loc	346
rs	9.0399
c	0
b	0
f	0
wmc	42
lcom	0
cbo	0

14 Methods

Rating	Name	Size	Complexity
A	should_hide_login_form()	12	1
A	match_by_email()	15	3
A	new_user_override()	27	5
A	is_two_step_required()	12	1
A	bypass_login_forward_wpcom()	12	1
A	show_sso_login()	16	2
A	is_require_two_step_checkbox_disabled()	3	1
A	is_match_by_email_checkbox_disabled()	3	2
A	allowed_redirect_hosts()	18	5
B	generate_user()	41	6
A	extend_auth_cookie_expiration_for_sso()	13	1
A	display_sso_form_for_action()	17	1
B	should_connect()	21	6
B	get_json_api_auth_environment()	28	7

How to fix Complexity

<?php

if ( ! class_exists( 'Jetpack_SSO_Helpers' ) ) :

/**
 * A collection of helper functions used in the SSO module.
 *
 * @since 4.1.0
 */
class Jetpack_SSO_Helpers {
	/**
	 * Determine if the login form should be hidden or not
	 *
	 * @return bool
	 **/
	static function should_hide_login_form() {
		/**
		 * Remove the default log in form, only leave the WordPress.com log in button.
		 *
		 * @module sso
		 *
		 * @since 3.1.0
		 *
		 * @param bool get_option( 'jetpack_sso_remove_login_form', false ) Should the default log in form be removed. Default to false.
		 */
		return (bool) apply_filters( 'jetpack_remove_login_form', get_option( 'jetpack_sso_remove_login_form', false ) );
	}

	/**
	 * Returns a boolean value for whether logging in by matching the WordPress.com user email to a
	 * Jetpack site user's email is allowed.
	 *
	 * @return bool
	 */
	static function match_by_email() {
		$match_by_email = ( 1 == get_option( 'jetpack_sso_match_by_email', true ) ) ? true: false;
		$match_by_email = defined( 'WPCC_MATCH_BY_EMAIL' ) ? WPCC_MATCH_BY_EMAIL : $match_by_email;

		/**
		 * Link the local account to an account on WordPress.com using the same email address.
		 *
		 * @module sso
		 *
		 * @since 2.6.0
		 *
		 * @param bool $match_by_email Should we link the local account to an account on WordPress.com using the same email address. Default to false.
		 */
		return (bool) apply_filters( 'jetpack_sso_match_by_email', $match_by_email );
	}

	/**
	 * Returns a boolean for whether users are allowed to register on the Jetpack site with SSO,
	 * even though the site disallows normal registrations.
	 *
	 * @return bool
	 */
	static function new_user_override( $user_data = null ) {
		$new_user_override = defined( 'WPCC_NEW_USER_OVERRIDE' ) ? WPCC_NEW_USER_OVERRIDE : false;

		/**
		 * Allow users to register on your site with a WordPress.com account, even though you disallow normal registrations.
		 * If you return a string that corresponds to a user role, the user will be given that role.
		 *
		 * @module sso
		 *
		 * @since 2.6.0
		 * @since 4.6   $user_data object is now passed to the jetpack_sso_new_user_override filter
		 *
		 * @param bool        $new_user_override Allow users to register on your site with a WordPress.com account. Default to false.
		 * @param object|null $user_data         An object containing the user data returned from WordPress.com.
		 */
		$role = apply_filters( 'jetpack_sso_new_user_override', $new_user_override, $user_data );

		if ( $role ) {
			if ( is_string( $role ) && get_role( $role ) ) {
				return $role;
			} else {
				return get_option( 'default_role' );
			}
		}

		return false;
	}

	/**
	 * Returns a boolean value for whether two-step authentication is required for SSO.
	 *
	 * @since 4.1.0
	 *
	 * @return bool
	 */
	static function is_two_step_required() {
		/**
		 * Is it required to have 2-step authentication enabled on WordPress.com to use SSO?
		 *
		 * @module sso
		 *
		 * @since 2.8.0
		 *
		 * @param bool get_option( 'jetpack_sso_require_two_step' ) Does SSO require 2-step authentication?
		 */
		return (bool) apply_filters( 'jetpack_sso_require_two_step', get_option( 'jetpack_sso_require_two_step', false ) );
	}

	/**
	 * Returns a boolean for whether a user that is attempting to log in will be automatically
	 * redirected to WordPress.com to begin the SSO flow.
	 *
	 * @return bool
	 */
	static function bypass_login_forward_wpcom() {
		/**
		 * Redirect the site's log in form to WordPress.com's log in form.
		 *
		 * @module sso
		 *
		 * @since 3.1.0
		 *
		 * @param bool false Should the site's log in form be automatically forwarded to WordPress.com's log in form.
		 */
		return (bool) apply_filters( 'jetpack_sso_bypass_login_forward_wpcom', false );
	}

	/**
	 * Returns a boolean for whether the SSO login form should be displayed as the default
	 * when both the default and SSO login form allowed.
	 *
	 * @since 4.1.0
	 *
	 * @return bool
	 */
	static function show_sso_login() {
		if ( self::should_hide_login_form() ) {
			return true;
		}

		/**
		 * Display the SSO login form as the default when both the default and SSO login forms are enabled.
		 *
		 * @module sso
		 *
		 * @since 4.1.0
		 *
		 * @param bool true Should the SSO login form be displayed by default when the default login form is also enabled?
		 */
		return (bool) apply_filters( 'jetpack_sso_default_to_sso_login', true );
	}

	/**
	 * Returns a boolean for whether the two step required checkbox, displayed on the Jetpack admin page, should be disabled.
	 *
	 * @since 4.1.0
	 *
	 * @return bool
	 */
	static function is_require_two_step_checkbox_disabled() {
		return (bool) has_filter( 'jetpack_sso_require_two_step' );
	}

	/**
	 * Returns a boolean for whether the match by email checkbox, displayed on the Jetpack admin page, should be disabled.
	 *
	 * @since 4.1.0
	 *
	 * @return bool
	 */
	static function is_match_by_email_checkbox_disabled() {
		return defined( 'WPCC_MATCH_BY_EMAIL' ) || has_filter( 'jetpack_sso_match_by_email' );
	}

	/**
	 * Returns an array of hosts that SSO will redirect to.
	 *
	 * Instead of accessing JETPACK__API_BASE within the method directly, we set it as the
	 * default for $api_base due to restrictions with testing constants in our tests.
	 *
	 * @since 4.3.0
	 * @since 4.6.0 Added public-api.wordpress.com as an allowed redirect
	 *
	 * @param array $hosts
	 * @param string $api_base
	 *
	 * @return array
	 */
	static function allowed_redirect_hosts( $hosts, $api_base = JETPACK__API_BASE ) {
		if ( empty( $hosts ) ) {
			$hosts = array();
		}

		$hosts[] = 'wordpress.com';
		$hosts[] = 'jetpack.wordpress.com';
		$hosts[] = 'public-api.wordpress.com';

		if ( false === strpos( $api_base, 'jetpack.wordpress.com/jetpack' ) ) {
			$base_url_parts = parse_url( esc_url_raw( $api_base ) );
			if ( $base_url_parts && ! empty( $base_url_parts[ 'host' ] ) ) {
				$hosts[] = $base_url_parts[ 'host' ];
			}
		}

		return array_unique( $hosts );
	}

	static function generate_user( $user_data ) {
		$username = $user_data->login;
		/**
		 * Determines how many times the SSO module can attempt to randomly generate a user.
		 *
		 * @module sso
		 *
		 * @since 4.3.2
		 *
		 * @param int 5 By default, SSO will attempt to random generate a user up to 5 times.
		 */
		$num_tries = intval( apply_filters( 'jetpack_sso_allowed_username_generate_retries', 5 ) );

		$tries = 0;
		while ( ( $exists = username_exists( $username ) ) && $tries++ < $num_tries ) {
			$username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
		}

		if ( $exists ) {
			return false;
		}

		$user = (object) array();
		$user->user_pass    = wp_generate_password( 20 );
		$user->user_login   = wp_slash( $username );
		$user->user_email   = wp_slash( $user_data->email );
		$user->display_name = $user_data->display_name;
		$user->first_name   = $user_data->first_name;
		$user->last_name    = $user_data->last_name;
		$user->url          = $user_data->url;
		$user->description  = $user_data->description;

		if ( isset( $user_data->role ) && $user_data->role ) {
			$user->role     = $user_data->role;
		}

		$created_user_id = wp_insert_user( $user );

		update_user_meta( $created_user_id, 'wpcom_user_id', $user_data->ID );
		return get_userdata( $created_user_id );
	}

	static function extend_auth_cookie_expiration_for_sso() {
		/**
		 * Determines how long the auth cookie is valid for when a user logs in with SSO.
		 *
		 * @module sso
		 *
		 * @since 4.4.0
		 * @since 6.1.0 Fixed a typo. Filter was previously jetpack_sso_auth_cookie_expirtation.
		 *
		 * @param int YEAR_IN_SECONDS
		 */
		return intval( apply_filters( 'jetpack_sso_auth_cookie_expiration', YEAR_IN_SECONDS ) );
	}

	/**
	 * Determines if the SSO form should be displayed for the current action.
	 *
	 * @since 4.6.0
	 *
	 * @param string $action
	 *
	 * @return bool  Is SSO allowed for the current action?
	 */
	static function display_sso_form_for_action( $action ) {
		/**
		 * Allows plugins the ability to overwrite actions where the SSO form is allowed to be used.
		 *
		 * @module sso
		 *
		 * @since 4.6.0
		 *
		 * @param array $allowed_actions_for_sso
		 */
		$allowed_actions_for_sso = (array) apply_filters( 'jetpack_sso_allowed_actions', array(
			'login',
			'jetpack-sso',
			'jetpack_json_api_authorization',
		) );
		return in_array( $action, $allowed_actions_for_sso );
	}

	/**
	 * Checks the initial `$_REQUEST` to see if `?connect` was set explicitly.
	 *
	 * Default behavior is to connect every SSO request, but if `?connect=0`
	 * (or another falsy value) then we allow a user to log in without connecting.
	 *
	 * @since 6.8
	 *
	 * @return bool
	 */
	static function should_connect() {
		if ( empty( $_COOKIE['jetpack_sso_original_request'] ) ) {
			return false;
		}

		$original_request = esc_url_raw( $_COOKIE['jetpack_sso_original_request'] );

		$parsed_url = wp_parse_url( $original_request );
		if ( empty( $parsed_url ) || empty( $parsed_url['query'] ) ) {
			return false;
		}

		$args = array();
		wp_parse_str( $parsed_url['query'], $args );

		if ( empty( $args ) || ! isset( $args['connect'] ) ) {
			return true;
		}

		return filter_var( $args['connect'], FILTER_VALIDATE_BOOLEAN );
	}

	/**
	 * This method returns an environment array that is meant to simulate `$_REQUEST` when the initial
	 * JSON API auth request was made.
	 *
	 * @since 4.6.0
	 *
	 * @return array|bool
	 */
	static function get_json_api_auth_environment() {
		if ( empty( $_COOKIE['jetpack_sso_original_request'] ) ) {
			return false;
		}

		$original_request = esc_url_raw( $_COOKIE['jetpack_sso_original_request'] );

		$parsed_url = wp_parse_url( $original_request );
		if ( empty( $parsed_url ) || empty( $parsed_url['query'] ) ) {
			return false;
		}

		$args = array();
		wp_parse_str( $parsed_url['query'], $args );

		if ( empty( $args ) || empty( $args['action'] ) ) {
			return false;
		}

		if ( 'jetpack_json_api_authorization' != $args['action'] ) {
			return false;
		}

		return array_merge(
			$args,
			array( 'jetpack_json_api_original_query' => $original_request )
		);
	}
}

endif;


1			<?php
2
3			if ( ! class_exists( 'Jetpack_SSO_Helpers' ) ) :
4
5			/**
6			* A collection of helper functions used in the SSO module.
7			*
8			* @since 4.1.0
9			*/
10			class Jetpack_SSO_Helpers {
11			/**
12			* Determine if the login form should be hidden or not
13			*
14			* @return bool
15			**/
16			static function should_hide_login_form() {
17			/**
18			* Remove the default log in form, only leave the WordPress.com log in button.
19			*
20			* @module sso
21			*
22			* @since 3.1.0
23			*
24			* @param bool get_option( 'jetpack_sso_remove_login_form', false ) Should the default log in form be removed. Default to false.
25			*/
26			return (bool) apply_filters( 'jetpack_remove_login_form', get_option( 'jetpack_sso_remove_login_form', false ) );
27			}
28
29			/**
30			* Returns a boolean value for whether logging in by matching the WordPress.com user email to a
31			* Jetpack site user's email is allowed.
32			*
33			* @return bool
34			*/
35			static function match_by_email() {
36			$match_by_email = ( 1 == get_option( 'jetpack_sso_match_by_email', true ) ) ? true: false;
37			$match_by_email = defined( 'WPCC_MATCH_BY_EMAIL' ) ? WPCC_MATCH_BY_EMAIL : $match_by_email;
38
39			/**
40			* Link the local account to an account on WordPress.com using the same email address.
41			*
42			* @module sso
43			*
44			* @since 2.6.0
45			*
46			* @param bool $match_by_email Should we link the local account to an account on WordPress.com using the same email address. Default to false.
47			*/
48			return (bool) apply_filters( 'jetpack_sso_match_by_email', $match_by_email );
49			}
50
51			/**
52			* Returns a boolean for whether users are allowed to register on the Jetpack site with SSO,
53			* even though the site disallows normal registrations.
54			*
55			* @return bool
56			*/
57			static function new_user_override( $user_data = null ) {
58			$new_user_override = defined( 'WPCC_NEW_USER_OVERRIDE' ) ? WPCC_NEW_USER_OVERRIDE : false;
59
60			/**
61			* Allow users to register on your site with a WordPress.com account, even though you disallow normal registrations.
62			* If you return a string that corresponds to a user role, the user will be given that role.
63			*
64			* @module sso
65			*
66			* @since 2.6.0
67			* @since 4.6 $user_data object is now passed to the jetpack_sso_new_user_override filter
68			*
69			* @param bool $new_user_override Allow users to register on your site with a WordPress.com account. Default to false.
70			* @param object\|null $user_data An object containing the user data returned from WordPress.com.
71			*/
72			$role = apply_filters( 'jetpack_sso_new_user_override', $new_user_override, $user_data );
73
74			if ( $role ) {
75			if ( is_string( $role ) && get_role( $role ) ) {
76			return $role;
77			} else {
78			return get_option( 'default_role' );
79			}
80			}
81
82			return false;
83			}
84
85			/**
86			* Returns a boolean value for whether two-step authentication is required for SSO.
87			*
88			* @since 4.1.0
89			*
90			* @return bool
91			*/
92			static function is_two_step_required() {
93			/**
94			* Is it required to have 2-step authentication enabled on WordPress.com to use SSO?
95			*
96			* @module sso
97			*
98			* @since 2.8.0
99			*
100			* @param bool get_option( 'jetpack_sso_require_two_step' ) Does SSO require 2-step authentication?
101			*/
102			return (bool) apply_filters( 'jetpack_sso_require_two_step', get_option( 'jetpack_sso_require_two_step', false ) );
103			}
104
105			/**
106			* Returns a boolean for whether a user that is attempting to log in will be automatically
107			* redirected to WordPress.com to begin the SSO flow.
108			*
109			* @return bool
110			*/
111			static function bypass_login_forward_wpcom() {
112			/**
113			* Redirect the site's log in form to WordPress.com's log in form.
114			*
115			* @module sso
116			*
117			* @since 3.1.0
118			*
119			* @param bool false Should the site's log in form be automatically forwarded to WordPress.com's log in form.
120			*/
121			return (bool) apply_filters( 'jetpack_sso_bypass_login_forward_wpcom', false );
122			}
123
124			/**
125			* Returns a boolean for whether the SSO login form should be displayed as the default
126			* when both the default and SSO login form allowed.
127			*
128			* @since 4.1.0
129			*
130			* @return bool
131			*/
132			static function show_sso_login() {
133			if ( self::should_hide_login_form() ) {
134			return true;
135			}
136
137			/**
138			* Display the SSO login form as the default when both the default and SSO login forms are enabled.
139			*
140			* @module sso
141			*
142			* @since 4.1.0
143			*
144			* @param bool true Should the SSO login form be displayed by default when the default login form is also enabled?
145			*/
146			return (bool) apply_filters( 'jetpack_sso_default_to_sso_login', true );
147			}
148
149			/**
150			* Returns a boolean for whether the two step required checkbox, displayed on the Jetpack admin page, should be disabled.
151			*
152			* @since 4.1.0
153			*
154			* @return bool
155			*/
156			static function is_require_two_step_checkbox_disabled() {
157			return (bool) has_filter( 'jetpack_sso_require_two_step' );
158			}
159
160			/**
161			* Returns a boolean for whether the match by email checkbox, displayed on the Jetpack admin page, should be disabled.
162			*
163			* @since 4.1.0
164			*
165			* @return bool
166			*/
167			static function is_match_by_email_checkbox_disabled() {
168			return defined( 'WPCC_MATCH_BY_EMAIL' ) \|\| has_filter( 'jetpack_sso_match_by_email' );
169			}
170
171			/**
172			* Returns an array of hosts that SSO will redirect to.
173			*
174			* Instead of accessing JETPACK__API_BASE within the method directly, we set it as the
175			* default for $api_base due to restrictions with testing constants in our tests.
176			*
177			* @since 4.3.0
178			* @since 4.6.0 Added public-api.wordpress.com as an allowed redirect
179			*
180			* @param array $hosts
181			* @param string $api_base
182			*
183			* @return array
184			*/
185			static function allowed_redirect_hosts( $hosts, $api_base = JETPACK__API_BASE ) {
186			if ( empty( $hosts ) ) {
187			$hosts = array();
188			}
189
190			$hosts[] = 'wordpress.com';
191			$hosts[] = 'jetpack.wordpress.com';
192			$hosts[] = 'public-api.wordpress.com';
193
194			if ( false === strpos( $api_base, 'jetpack.wordpress.com/jetpack' ) ) {
195			$base_url_parts = parse_url( esc_url_raw( $api_base ) );
196			if ( $base_url_parts && ! empty( $base_url_parts[ 'host' ] ) ) {
197			$hosts[] = $base_url_parts[ 'host' ];
198			}
199			}
200
201			return array_unique( $hosts );
202			}
203
204			static function generate_user( $user_data ) {
205			$username = $user_data->login;
206			/**
207			* Determines how many times the SSO module can attempt to randomly generate a user.
208			*
209			* @module sso
210			*
211			* @since 4.3.2
212			*
213			* @param int 5 By default, SSO will attempt to random generate a user up to 5 times.
214			*/
215			$num_tries = intval( apply_filters( 'jetpack_sso_allowed_username_generate_retries', 5 ) );
216
217			$tries = 0;
218			while ( ( $exists = username_exists( $username ) ) && $tries++ < $num_tries ) {
219			$username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand();
220			}
221
222			if ( $exists ) {
223			return false;
224			}
225
226			$user = (object) array();
227			$user->user_pass = wp_generate_password( 20 );
228			$user->user_login = wp_slash( $username );
229			$user->user_email = wp_slash( $user_data->email );
230			$user->display_name = $user_data->display_name;
231			$user->first_name = $user_data->first_name;
232			$user->last_name = $user_data->last_name;
233			$user->url = $user_data->url;
234			$user->description = $user_data->description;
235
236			if ( isset( $user_data->role ) && $user_data->role ) {
237			$user->role = $user_data->role;
238			}
239
240			$created_user_id = wp_insert_user( $user );
241
242			update_user_meta( $created_user_id, 'wpcom_user_id', $user_data->ID );
243			return get_userdata( $created_user_id );
244			}
245
246			static function extend_auth_cookie_expiration_for_sso() {
247			/**
248			* Determines how long the auth cookie is valid for when a user logs in with SSO.
249			*
250			* @module sso
251			*
252			* @since 4.4.0
253			* @since 6.1.0 Fixed a typo. Filter was previously jetpack_sso_auth_cookie_expirtation.
254			*
255			* @param int YEAR_IN_SECONDS
256			*/
257			return intval( apply_filters( 'jetpack_sso_auth_cookie_expiration', YEAR_IN_SECONDS ) );
258			}
259
260			/**
261			* Determines if the SSO form should be displayed for the current action.
262			*
263			* @since 4.6.0
264			*
265			* @param string $action
266			*
267			* @return bool Is SSO allowed for the current action?
268			*/
269			static function display_sso_form_for_action( $action ) {
270			/**
271			* Allows plugins the ability to overwrite actions where the SSO form is allowed to be used.
272			*
273			* @module sso
274			*
275			* @since 4.6.0
276			*
277			* @param array $allowed_actions_for_sso
278			*/
279			$allowed_actions_for_sso = (array) apply_filters( 'jetpack_sso_allowed_actions', array(
280			'login',
281			'jetpack-sso',
282			'jetpack_json_api_authorization',
283			) );
284			return in_array( $action, $allowed_actions_for_sso );
285			}
286
287			/**
288			* Checks the initial `$_REQUEST` to see if `?connect` was set explicitly.
289			*
290			* Default behavior is to connect every SSO request, but if `?connect=0`
291			* (or another falsy value) then we allow a user to log in without connecting.
292			*
293			* @since 6.8
294			*
295			* @return bool
296			*/
297			static function should_connect() {
298			if ( empty( $_COOKIE['jetpack_sso_original_request'] ) ) {
299			return false;
300			}
301
302			$original_request = esc_url_raw( $_COOKIE['jetpack_sso_original_request'] );
303
304			$parsed_url = wp_parse_url( $original_request );
305			if ( empty( $parsed_url ) \|\| empty( $parsed_url['query'] ) ) {
306			return false;
307			}
308
309			$args = array();
310			wp_parse_str( $parsed_url['query'], $args );
311
312			if ( empty( $args ) \|\| ! isset( $args['connect'] ) ) {
313			return true;
314			}
315
316			return filter_var( $args['connect'], FILTER_VALIDATE_BOOLEAN );
317			}
318
319			/**
320			* This method returns an environment array that is meant to simulate `$_REQUEST` when the initial
321			* JSON API auth request was made.
322			*
323			* @since 4.6.0
324			*
325			* @return array\|bool
326			*/
327			static function get_json_api_auth_environment() {
328			if ( empty( $_COOKIE['jetpack_sso_original_request'] ) ) {
329			return false;
330			}
331
332			$original_request = esc_url_raw( $_COOKIE['jetpack_sso_original_request'] );
333
334			$parsed_url = wp_parse_url( $original_request );
335			if ( empty( $parsed_url ) \|\| empty( $parsed_url['query'] ) ) {
336			return false;
337			}
338
339			$args = array();
340			wp_parse_str( $parsed_url['query'], $args );
341
342			if ( empty( $args ) \|\| empty( $args['action'] ) ) {
343			return false;
344			}
345
346			if ( 'jetpack_json_api_authorization' != $args['action'] ) {
347			return false;
348			}
349
350			return array_merge(
351			$args,
352			array( 'jetpack_json_api_original_query' => $original_request )
353			);
354			}
355			}
356
357			endif;
358

Automattic / jetpack

Push — add/jetpack-sso-connect-false ( e59eb1 )

Jetpack_SSO_Helpers A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

14 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like