Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- namespace wp_cassify;
- class WP_Cassify_Plugin {
- public $wp_cassify_network_activated;
- public $wp_cassify_default_xpath_query_to_extact_cas_user;
- public $wp_cassify_default_xpath_query_to_extact_cas_attributes;
- public $wp_cassify_default_redirect_parameter_name;
- public $wp_cassify_default_service_ticket_parameter_name;
- public $wp_cassify_default_service_service_parameter_name;
- public $wp_cassify_default_gateway_parameter_name;
- public $wp_cassify_default_bypass_parameter_name;
- public $wp_cassify_default_cachetimes_for_authrecheck;
- public $wp_cassify_default_wordpress_blog_http_port;
- public $wp_cassify_default_wordpress_blog_https_port;
- public $wp_cassify_default_ssl_check_certificate;
- public $wp_cassify_default_login_servlet;
- public $wp_cassify_default_logout_servlet;
- public $wp_cassify_default_service_validate_servlet;
- public $wp_cassify_default_allow_deny_order;
- public $wp_cassify_match_first_level_parenthesis_group_pattern;
- public $wp_cassify_match_second_level_parenthesis_group_pattern;
- public $wp_cassify_match_cas_variable_pattern;
- public $wp_cassify_allowed_operators;
- public $wp_cassify_operator_prefix;
- public $wp_cassify_allowed_parenthesis;
- public $wp_cassify_allowed_get_parameters;
- public $wp_cassify_error_messages;
- public $wp_cassify_user_error_codes;
- private $wp_cassify_allow_rules = array();
- private $wp_cassify_deny_rules = array();
- private $wp_cassify_current_blog_id;
- /**
- * Constructor
- */
- public function __construct() {
- }
- /**
- * Initialize the plugin with parameters
- *
- * param string $wp_cassify_network_activated
- * param string $wp_cassify_default_xpath_query_to_extact_cas_user
- * param string $wp_cassify_default_xpath_query_to_extact_cas_attributes
- * param string $wp_cassify_default_redirect_parameter_name
- * param string $wp_cassify_default_service_ticket_parameter_name
- * param string $wp_cassify_default_service_service_parameter_name
- * param string $wp_cassify_default_gateway_parameter_name
- * param string $wp_cassify_default_bypass_parameter_name
- * param int $wp_cassify_default_cachetimes_for_authrecheck
- * param string $wp_cassify_default_wordpress_blog_http_port
- * param string $wp_cassify_default_wordpress_blog_https_port
- * param string $wp_cassify_default_ssl_check_certificate
- * param string $wp_cassify_default_login_servlet
- * param string $wp_cassify_default_logout_servlet
- * param string $wp_cassify_default_service_validate_servlet
- * param string $wp_cassify_default_allow_deny_order
- * param string $wp_cassify_match_first_level_parenthesis_group_pattern
- * param string $wp_cassify_match_second_level_parenthesis_group_pattern
- * param string $wp_cassify_match_cas_variable_pattern
- * param string $wp_cassify_allowed_operators
- * param string $wp_cassify_operator_prefix
- * param string $wp_cassify_allowed_parenthesis
- * param array $wp_cassify_allowed_get_parameters
- * param array $wp_cassify_error_messages
- * param array $wp_cassify_user_error_codes
- */
- public function init_parameters(
- $wp_cassify_network_activated,
- $wp_cassify_default_xpath_query_to_extact_cas_user,
- $wp_cassify_default_xpath_query_to_extact_cas_attributes,
- $wp_cassify_default_redirect_parameter_name,
- $wp_cassify_default_service_ticket_parameter_name,
- $wp_cassify_default_service_service_parameter_name,
- $wp_cassify_default_gateway_parameter_name,
- $wp_cassify_default_bypass_parameter_name,
- $wp_cassify_default_cachetimes_for_authrecheck,
- $wp_cassify_default_wordpress_blog_http_port,
- $wp_cassify_default_wordpress_blog_https_port,
- $wp_cassify_default_ssl_check_certificate,
- $wp_cassify_default_login_servlet,
- $wp_cassify_default_logout_servlet,
- $wp_cassify_default_service_validate_servlet,
- $wp_cassify_default_allow_deny_order,
- $wp_cassify_match_first_level_parenthesis_group_pattern,
- $wp_cassify_match_second_level_parenthesis_group_pattern,
- $wp_cassify_match_cas_variable_pattern,
- $wp_cassify_allowed_operators,
- $wp_cassify_operator_prefix,
- $wp_cassify_allowed_parenthesis,
- $wp_cassify_allowed_get_parameters,
- $wp_cassify_error_messages,
- $wp_cassify_user_error_codes
- ) {
- $this->wp_cassify_network_activated = $wp_cassify_network_activated;
- $this->wp_cassify_default_xpath_query_to_extact_cas_user = $wp_cassify_default_xpath_query_to_extact_cas_user;
- $this->wp_cassify_default_xpath_query_to_extact_cas_attributes = $wp_cassify_default_xpath_query_to_extact_cas_attributes;
- $this->wp_cassify_default_redirect_parameter_name = $wp_cassify_default_redirect_parameter_name;
- $this->wp_cassify_default_service_ticket_parameter_name = $wp_cassify_default_service_ticket_parameter_name;
- $this->wp_cassify_default_service_service_parameter_name = $wp_cassify_default_service_service_parameter_name;
- $this->wp_cassify_default_gateway_parameter_name = $wp_cassify_default_gateway_parameter_name;
- $this->wp_cassify_default_bypass_parameter_name = $wp_cassify_default_bypass_parameter_name;
- $this->wp_cassify_default_cachetimes_for_authrecheck = $wp_cassify_default_cachetimes_for_authrecheck;
- $this->wp_cassify_default_wordpress_blog_http_port = $wp_cassify_default_wordpress_blog_http_port;
- $this->wp_cassify_default_wordpress_blog_https_port = $wp_cassify_default_wordpress_blog_https_port;
- $this->wp_cassify_default_ssl_check_certificate = $wp_cassify_default_ssl_check_certificate;
- $this->wp_cassify_default_login_servlet = $wp_cassify_default_login_servlet;
- $this->wp_cassify_default_logout_servlet = $wp_cassify_default_logout_servlet;
- $this->wp_cassify_default_service_validate_servlet = $wp_cassify_default_service_validate_servlet;
- $this->wp_cassify_default_allow_deny_order = $wp_cassify_default_allow_deny_order;
- $this->wp_cassify_match_first_level_parenthesis_group_pattern = $wp_cassify_match_first_level_parenthesis_group_pattern;
- $this->wp_cassify_match_second_level_parenthesis_group_pattern = $wp_cassify_match_second_level_parenthesis_group_pattern;
- $this->wp_cassify_match_cas_variable_pattern = $wp_cassify_match_cas_variable_pattern;
- $this->wp_cassify_allowed_operators = $wp_cassify_allowed_operators;
- $this->wp_cassify_operator_prefix = $wp_cassify_operator_prefix;
- $this->wp_cassify_allowed_parenthesis = $wp_cassify_allowed_parenthesis;
- $this->wp_cassify_allowed_get_parameters = $wp_cassify_allowed_get_parameters;
- $this->wp_cassify_error_messages = $wp_cassify_error_messages;
- $this->wp_cassify_user_error_codes = $wp_cassify_user_error_codes;
- // Check if CAS Authentication must be bypassed.
- if (! $this->wp_cassify_bypass() ) {
- // Add the filters
- add_filter( 'query_vars', array( $this , 'add_custom_query_var' ) );
- add_filter( 'login_url', array( $this, 'wp_cassify_clear_reauth' ) );
- add_filter( 'the_content', array( $this, 'wp_cassify_display_message' ) );
- // Add the actions
- add_action( 'init', array( $this , 'wp_cassify_session_start' ), 1 );
- add_action( 'init', array( $this , 'wp_cassify_grab_service_ticket' ) , 2 );
- add_action( 'wp_authenticate', array( $this , 'wp_cassify_redirect' ) , 1 );
- add_action( 'wp_logout', array( $this , 'wp_cassify_logout' ) , 10 );
- add_action( 'wp_cassify_send_notification', array( $this, 'wp_cassify_send_notification_message' ), 1, 1 );
- add_action( 'template_redirect', array ( $this, 'wp_cassify_gateway_mode') , 1 );
- add_action( 'init', array ( $this, 'wp_cassify_sso' ) , 1 );
- }
- // Get current blog id to store information session in $_SESSION['wp_cassify'][$blogid]
- $this->wp_cassify_current_blog_id = get_current_blog_id();
- }
- /**
- * Allow custom get parameters in url
- * @param array $vars An array of GET allowed parameters
- * @return array $vars An array of GET allowed parameters filled with extra parameters
- */
- public function add_custom_query_var( $vars ){
- $vars[] = $this->wp_cassify_default_service_ticket_parameter_name;
- $vars[] = $this->wp_cassify_default_service_service_parameter_name;
- $vars[] = $this->wp_cassify_default_bypass_parameter_name;
- $vars[] = $this->wp_cassify_default_gateway_parameter_name;
- foreach ( $this->wp_cassify_allowed_get_parameters as $allowed_get_parameter ) {
- $vars[] = $allowed_get_parameter;
- }
- return $vars;
- }
- /**
- * Display information messages from plugin on front-ofice
- * @param string $content Page content to replace by message to display
- */
- public function wp_cassify_display_message( $content ) {
- $wp_cassify_message_parameter = get_query_var( 'wp-cassify-message' );
- if (! empty( $wp_cassify_message_parameter ) ) {
- $content = '<h1>'. $this->wp_cassify_user_error_codes[ $wp_cassify_message_parameter ] . '</h1>';
- }
- return $content;
- }
- /**
- * Clear reauth parameter from login url to login directly from CAS server.
- */
- public function wp_cassify_clear_reauth( $login_url ) {
- $login_url = remove_query_arg( 'reauth', $login_url );
- return $login_url;
- }
- /**
- * Start the php session inside the plugin because session is needed to store callback url.
- */
- public function wp_cassify_session_start() {
- if(! session_id() ) {
- session_start();
- }
- }
- /**
- * This function store CAS User authentication state into session.
- * @param bool $is_authenticated If true, CAS User authentication state is set to true.
- */
- public function wp_cassify_set_authenticated( $is_authenticated ) {
- $this->wp_cassify_session_start();
- if ( $is_authenticated ) {
- $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['user_auth'] = true;
- }
- else {
- $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['user_auth'] = false;
- }
- }
- /**
- * This function informed if user is already authenticated by CAS.
- */
- public function wp_cassify_is_authenticated() {
- $is_authenticated = false;
- $this->wp_cassify_session_start();
- if ( isset( $_SESSION['wp_cassify'] ) ) {
- if ( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['user_auth'] == true ) {
- $is_authenticated = true;
- }
- }
- return $is_authenticated;
- }
- /**
- * This function return cas user attributes populated into php session by plugin.
- * @return array $cas_user_datas Associative array containing user attributes and id. Use print_r to expect variable.
- */
- public function wp_cassify_get_cas_user_datas() {
- $this->wp_cassify_session_start();
- $cas_user_datas = false;
- if ( isset( $_SESSION['wp_cassify'] ) ) {
- $cas_user_datas = $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['wp_cassify_cas_user_datas'];
- }
- return $cas_user_datas;
- }
- /**
- * Get the times authentication will be cached before really accessing
- * the CAS server in gateway mode.
- *
- * @return int $cache_times_for_auth_recheck
- */
- public function wp_cassify_get_cache_times_for_auth_recheck() {
- $cachetimes_for_authrecheck = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_cachetimes_for_authrecheck' );
- if ( empty( $cachetimes_for_authrecheck ) ) {
- $cachetimes_for_authrecheck = $this->wp_cassify_default_cachetimes_for_authrecheck;
- }
- return $cachetimes_for_authrecheck;
- }
- /**
- * Perform a redirection to cas server to obtain service ticket.
- */
- public function wp_cassify_grab_service_ticket() {
- $service_url = null;
- $service_ticket = null;
- $wordpress_user_account_created = false;
- $current_blog_id = get_current_blog_id();
- $wp_cassify_base_url = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_base_url' );
- $wp_cassify_create_user_if_not_exist = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_create_user_if_not_exist' );
- $wp_cassify_ssl_cipher = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_ssl_cipher' );
- $wp_cassify_ssl_check_certificate = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_ssl_check_certificate' );
- $wp_cassify_attributes_list = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_attributes_list' );
- $wp_cassify_login_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_login_servlet' );
- $wp_cassify_logout_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_logout_servlet' );
- $wp_cassify_service_validate_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_service_validate_servlet' );
- $wp_cassify_allow_deny_order = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_allow_deny_order' );
- $wp_cassify_autorization_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_autorization_rules' ) );
- $wp_cassify_user_role_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_user_role_rules' ) );
- $wp_cassify_user_attributes_mapping_list = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_user_attributes_mapping_list' ) );
- $wp_cassify_notification_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notification_rules' ) );
- $wp_cassify_expiration_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_expiration_rules' ) );
- if ( empty( $wp_cassify_login_servlet ) ) {
- $wp_cassify_login_servlet = $this->wp_cassify_default_login_servlet;
- }
- if ( empty( $wp_cassify_logout_servlet ) ) {
- $wp_cassify_logout_servlet = $this->wp_cassify_default_logout_servlet;
- }
- if ( empty( $wp_cassify_service_validate_servlet ) ) {
- $wp_cassify_service_validate_servlet = $this->wp_cassify_default_service_validate_servlet;
- }
- if (! empty( $wp_cassify_ssl_cipher ) ) {
- $wp_cassify_ssl_cipher_selected = $wp_cassify_ssl_cipher;
- }
- else {
- $wp_cassify_ssl_cipher_selected = '0';
- }
- if ( empty( $wp_cassify_ssl_check_certificate ) ) {
- $wp_cassify_ssl_check_certificate = $this->wp_cassify_default_ssl_check_certificate;
- }
- if ( empty( $wp_cassify_allow_deny_order ) ) {
- $wp_cassify_allow_deny_order = $this->wp_cassify_default_allow_deny_order;
- }
- if ( ( is_array( $wp_cassify_autorization_rules ) ) && ( count( $wp_cassify_autorization_rules ) > 0 ) ) {
- foreach ( $wp_cassify_autorization_rules as $rule_key => $rule_value ) {
- $wp_cassify_autorization_rules[ $rule_key ] = stripslashes( $rule_value );
- }
- }
- else {
- $wp_cassify_autorization_rules = array();
- }
- $service_url = $this->wp_cassify_get_service_callback_url();
- $service_ticket = $this->wp_cassify_get_service_ticket();
- $gateway_mode = $this->wp_cassify_is_gateway_request( null );
- if ( (! is_user_logged_in() ) || (! is_user_member_of_blog() ) ) {
- if (! empty( $service_ticket ) ) {
- $service_validate_url = $wp_cassify_base_url .
- $wp_cassify_service_validate_servlet . '?' .
- $this->wp_cassify_default_service_ticket_parameter_name . '=' . $service_ticket . '&' .
- $this->wp_cassify_default_service_service_parameter_name .'=' . $service_url;
- $cas_server_xml_response = WP_Cassify_Utils::wp_cassify_do_ssl_web_request(
- $service_validate_url,
- $wp_cassify_ssl_cipher_selected,
- $wp_cassify_ssl_check_certificate
- );
- // Dump xml cas server response if debug option is enabled.
- if ( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_xml_response_dump' ) == 'enabled' ) {
- if ( $this->wp_cassify_network_activated ) {
- update_site_option( 'wp_cassify_xml_response_value' , $cas_server_xml_response );
- }
- else {
- update_option( 'wp_cassify_xml_response_value' , $cas_server_xml_response );
- }
- }
- // Parse CAS Server response and store into associative array.
- $cas_user_datas = $this->wp_cassify_parse_xml_response( $cas_server_xml_response );
- if ( empty( $cas_user_datas['cas_user_id'] ) ) {
- die( 'CAS Authentication failed ! ');
- }
- else {
- $this->wp_cassify_set_authenticated( true );
- }
- // Define custom plugin filter to build your custom parsing function
- if( has_filter( 'wp_cassify_custom_parsing_cas_xml_response' ) ) {
- $cas_user_datas = apply_filters( 'wp_cassify_custom_parsing_cas_xml_response', $cas_server_xml_response, $cas_user_datas );
- }
- // Evaluate authorization rules
- if ( ( is_array( $wp_cassify_autorization_rules ) ) && ( count( $wp_cassify_autorization_rules ) > 0 ) ) {
- $this->wp_cassify_separate_rules( $wp_cassify_autorization_rules );
- // Force logout if user is not allowed.
- if (! $this->wp_cassify_is_user_allowed( $cas_user_datas, $wp_cassify_allow_deny_order ) ) {
- $this->wp_cassify_logout_if_not_allowed( 'user_is_not_allowed' );
- }
- }
- // Evaluate expiration rules
- if ( ( is_array( $wp_cassify_expiration_rules ) ) && ( count( $wp_cassify_expiration_rules ) > 0 ) ) {
- if ( $this->wp_cassify_is_user_account_expired( $cas_user_datas, $wp_cassify_expiration_rules ) ) {
- $notification_rule_matched = $this->wp_cassify_notification_rule_matched(
- $cas_user_datas,
- $wp_cassify_notification_rules,
- 'when_user_account_expire'
- );
- if ( $notification_rule_matched ) {
- // Define custom plugin hook to send notification after user account has expired.
- do_action( 'wp_cassify_send_notification', 'User ' . $cas_user_datas[ 'cas_user_id' ] . ' : user account has expired.' );
- }
- // Force logout if user account has expired.
- $this->wp_cassify_logout_if_not_allowed( 'user_account_expired' );
- }
- }
- // Define custom plugin hook after cas authentication.
- // For example, for two factor authentication, you can plug another authentication plugin to fired custom action here.
- do_action( 'wp_cassify_after_cas_authentication', $cas_user_datas );
- // Populate selected attributes into session
- $this->wp_cassify_populate_attributes_into_session( $cas_user_datas, $wp_cassify_attributes_list );
- // Create wordpress user account if not exist
- if ( $wp_cassify_create_user_if_not_exist == 'create_user_if_not_exist' ) {
- if ( WP_Cassify_Utils::wp_cassify_is_wordpress_user_exist( $cas_user_datas[ 'cas_user_id' ] ) == false ) {
- $wordpress_user_id = WP_Cassify_Utils::wp_cassify_create_wordpress_user( $cas_user_datas[ 'cas_user_id' ], null );
- if ( $wordpress_user_id > 0 ) {
- $wordpress_user_account_created = true;
- $notification_rule_matched = $this->wp_cassify_notification_rule_matched(
- $cas_user_datas,
- $wp_cassify_notification_rules,
- 'after_user_account_created'
- );
- if ( $notification_rule_matched ) {
- // Define custom plugin hook to send notification after user account has been created.
- do_action( 'wp_cassify_send_notification', 'User account has been created :' . $cas_user_datas[ 'cas_user_id' ] );
- }
- }
- }
- }
- // Set wordpress user roles if defined in plugin admin settings
- $roles_to_push = $this->wp_cassify_get_roles_to_push( $cas_user_datas, $wp_cassify_user_role_rules, $this->wp_cassify_network_activated, $current_blog_id );
- // Define custom plugin filter to override list roles to push.
- if( has_filter( 'wp_cassify_grab_service_ticket_roles_to_push' ) ) {
- $roles_to_push = apply_filters( 'wp_cassify_grab_service_ticket_roles_to_push', $roles_to_push );
- }
- foreach ( $roles_to_push as $role ) {
- WP_Cassify_Utils::wp_cassify_add_role_to_wordpress_user( $cas_user_datas[ 'cas_user_id' ], $role );
- }
- // Sync CAS User attributes with Wordpress User meta
- $this->wp_cassify_sync_user_metadata(
- $cas_user_datas[ 'cas_user_id' ],
- $cas_user_datas,
- $wp_cassify_user_attributes_mapping_list
- );
- $cas_service_ticket = get_user_meta( get_user_by( 'login', $cas_user_datas[ 'cas_user_id' ] ), 'cas_service_ticket', true );
- update_user_meta(
- get_user_by( 'login', $cas_user_datas[ 'cas_user_id' ] )->ID,
- 'cas_service_ticket',
- $service_ticket
- );
- // Custom hook to perform action before wordpress authentication.
- do_action( 'wp_cassify_before_auth_user_wordpress', $cas_user_datas );
- // Auth user into wordpress
- WP_Cassify_Utils::wp_cassify_auth_user_wordpress( $cas_user_datas[ 'cas_user_id' ] );
- $notification_rule_matched = $this->wp_cassify_notification_rule_matched(
- $cas_user_datas,
- $wp_cassify_notification_rules,
- 'after_user_login'
- );
- if ( $notification_rule_matched ) {
- // Define custom plugin hook to send notification after user has been logged in
- do_action( 'wp_cassify_send_notification', 'User ' . $cas_user_datas[ 'cas_user_id' ] . ' is logged in' );
- }
- // Redirect to the service url.
- WP_Cassify_Utils::wp_cassify_redirect_url( $service_url );
- }
- }
- }
- /**
- * Perform a redirection to cas server to obtain service ticket.
- * @param bool $gateway_mode Make gateway request. See CAS documentation here : https://wiki.jasig.org/display/CAS/gateway.
- */
- public function wp_cassify_redirect( $gateway_mode = false ) {
- do_action( 'wp_cassify_before_redirect' );
- $service_url = null;
- $service_ticket = null;
- $wp_cassify_base_url = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_base_url' );
- $wp_cassify_login_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_login_servlet' );
- $wp_cassify_logout_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_logout_servlet' );
- // Define default values if options values empty.
- if ( empty( $wp_cassify_login_servlet ) ) {
- $wp_cassify_login_servlet = $this->wp_cassify_default_login_servlet;
- }
- if ( empty( $wp_cassify_logout_servlet ) ) {
- $wp_cassify_logout_servlet = $this->wp_cassify_default_logout_servlet;
- }
- if ( empty( $wp_cassify_service_validate_servlet ) ) {
- $wp_cassify_service_validate_servlet = $this->wp_cassify_default_service_validate_servlet;
- }
- $service_url = $this->wp_cassify_get_service_callback_url();
- $service_ticket = $this->wp_cassify_get_service_ticket();
- $current_user = null;
- if ( ( (! is_user_logged_in() ) && (! empty( $wp_cassify_base_url ) ) ) || ( $gateway_mode == TRUE ) ) {
- if (! $this->wp_cassify_is_in_while_list( $service_url ) ) {
- if ( empty( $service_url ) ) {
- die( 'CAS Service URL not set !' );
- }
- elseif ( empty( $service_ticket ) ) {
- if ( parse_url( $service_url, PHP_URL_QUERY) ) {
- $service_url = WP_Cassify_Utils::wp_cassify_encode_query_in_url( $service_url );
- }
- // Test if service url must be overriden by plugin options.
- $wp_cassify_override_service_url = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_override_service_url' );
- if (! empty( $wp_cassify_override_service_url ) ) {
- if ( strpos( $wp_cassify_override_service_url, "{WP_CASSIFY_CURRENT_SERVICE_URL}" ) !== FALSE ) {
- $wp_cassify_override_service_url = str_replace( "{WP_CASSIFY_CURRENT_SERVICE_URL}" , $service_url, $wp_cassify_override_service_url );
- }
- $service_url = $wp_cassify_override_service_url;
- }
- // Define custom plugin filter to build service url with your own value.
- if( has_filter( 'wp_cassify_redirect_service_url_filter' ) ) {
- $service_url = apply_filters( 'wp_cassify_redirect_service_url_filter', $service_url );
- }
- $redirect_url = $wp_cassify_base_url .
- $wp_cassify_login_servlet . '?' .
- $this->wp_cassify_default_service_service_parameter_name . '=' . $service_url;
- if ( $gateway_mode ) {
- $redirect_url .= '&gateway=true';
- }
- WP_Cassify_Utils::wp_cassify_redirect_url( $redirect_url );
- }
- }
- }
- else {
- $current_user = wp_get_current_user();
- }
- do_action( 'wp_cassify_after_redirect', $current_user->user_login );
- }
- /**
- * Enable support for auto-login (Gateway Mode).
- */
- public function wp_cassify_gateway_mode() {
- $wp_cassify_enable_gateway_mode = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_enable_gateway_mode' );
- if ( $wp_cassify_enable_gateway_mode ) {
- if ( ((! is_user_logged_in() ) || (! is_user_member_of_blog() ) ) && ( $_SESSION['wp_cassify'][get_current_blog_id()]['user_auth'] ) && (! get_query_var( 'wp_cassify_bypass' ) ) ) {
- if ( isset($GLOBALS['wp-cassify']) ) {
- $_SESSION['wp_cassify'][get_current_blog_id()]['user_auth'] = false;
- $GLOBALS['wp-cassify']->wp_cassify_check_authentication();
- }
- }
- else if ( (! is_user_logged_in() ) && (! get_query_var( 'wp_cassify_bypass' ) ) ){
- if ( isset($GLOBALS['wp-cassify']) ) {
- $GLOBALS['wp-cassify']->wp_cassify_check_authentication();
- }
- }
- else if ( ! is_user_member_of_blog() ) {
- if ( isset($GLOBALS['wp-cassify']) ) {
- $GLOBALS['wp-cassify']->wp_cassify_check_authentication();
- }
- }
- }
- }
- /**
- * Enable support for central logout (Single Sign Out).
- */
- public function wp_cassify_sso() {
- $wp_cassify_enable_sso = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_enable_sso' );
- $wp_cassify_base_url = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_base_url' );
- if ( $wp_cassify_enable_sso ) {
- if ( !empty($_POST['logoutRequest']) ) {
- $decoded_logout_rq = urldecode($_POST['logoutRequest']);
- $client_ip = $_SERVER['REMOTE_ADDR'];
- if ( $client_ip == gethostbyname(parse_url($wp_cassify_base_url, PHP_URL_HOST)) ) {
- preg_match(
- "|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|",
- $decoded_logout_rq, $tick, PREG_OFFSET_CAPTURE, 3
- );
- $wrappedSamlSessionIndex = preg_replace(
- '|<samlp:SessionIndex>|', '', $tick[0][0]
- );
- $ticket2logout = preg_replace(
- '|</samlp:SessionIndex>|', '', $wrappedSamlSessionIndex
- );
- $ticket2logout = preg_replace('/[^a-zA-Z0-9\-]/', '', $ticket2logout);
- $cas_users = get_users( array( 'meta_key' => 'cas_service_ticket', 'meta_value' => $ticket2logout) );
- if ( !empty( $cas_users ) ) {
- foreach ( $cas_users as $cas_user ) {
- delete_user_meta( $cas_user->ID, 'cas_service_ticket' );
- wp_set_current_user ( $cas_user->ID );
- wp_destroy_all_sessions();
- exit();
- }
- }
- }
- }
- }
- }
- /**
- * Logout from CAS and Wordpress
- */
- function wp_cassify_logout() {
- $wp_cassify_logout_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_logout_servlet' );
- $wp_cassify_base_url = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_base_url' );
- $wp_cassify_redirect_url_after_logout = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_redirect_url_after_logout' );
- // Define default values if options values empty.
- if ( empty( $wp_cassify_logout_servlet ) ) {
- $wp_cassify_logout_servlet = $this->wp_cassify_default_logout_servlet;
- }
- if ( empty ( $wp_cassify_redirect_url_after_logout ) ) {
- $wp_cassify_redirect_url_after_logout = get_home_url();
- }
- // Send logout notification if rule is matched.
- if ( isset( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['wp_cassify_cas_user_datas'] ) ) {
- $cas_user_datas = $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['wp_cassify_cas_user_datas'];
- $wp_cassify_notification_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notification_rules' ) );
- $notification_rule_matched = $this->wp_cassify_notification_rule_matched(
- $cas_user_datas,
- $wp_cassify_notification_rules,
- 'after_user_logout'
- );
- if ( $notification_rule_matched ) {
- do_action( 'wp_cassify_send_notification', 'User account has been logged out :' . $cas_user_datas[ 'cas_user_id' ] );
- }
- }
- // Detect if user has been authenticated using CAS.
- $authenticated_by_cas = $this->wp_cassify_is_authenticated();
- if ( $authenticated_by_cas ) {
- $cas_service_ticket = get_user_meta( wp_get_current_user()->ID, 'cas_service_ticket', true );
- if ( !empty( $cas_service_ticket) ) {
- delete_user_meta( wp_get_current_user()->ID, 'cas_service_ticket' );
- }
- }
- // Destroy wordpress session;
- session_destroy();
- if ( $authenticated_by_cas ) {
- // Redirect to the logout CAS end point.
- $redirect_url = $wp_cassify_base_url .
- $wp_cassify_logout_servlet . '?' .
- $this->wp_cassify_default_service_service_parameter_name . '=' . $wp_cassify_redirect_url_after_logout;
- }
- else {
- // If user not authenticated by CAS redirect to home_url.
- $redirect_url = home_url();
- }
- WP_Cassify_Utils::wp_cassify_redirect_url( $redirect_url );
- }
- /**
- * Get the service ticket from cas server request.
- */
- public function wp_cassify_get_service_ticket() {
- $wp_cassify_service_ticket = get_query_var( $this->wp_cassify_default_service_ticket_parameter_name );
- if ( empty( $wp_cassify_service_ticket ) ) {
- $current_url = WP_Cassify_Utils::wp_cassify_get_current_url(
- $this->wp_cassify_default_wordpress_blog_http_port,
- $this->wp_cassify_default_wordpress_blog_https_port
- );
- $wp_cassify_service_ticket = WP_Cassify_Utils::wp_cassify_extract_get_parameter(
- rawurldecode( $current_url ),
- $this->wp_cassify_default_service_ticket_parameter_name );
- }
- return $wp_cassify_service_ticket;
- }
- /**
- * Function used to detect if user has previously been authenticated by CAS.
- * Performs redirection to cas server programmactically.
- * This function is used throught hook wp_cassify_check_authentication.
- *
- * @result bool $auth Return true if user has already authenticated by CAS Server.
- */
- public function wp_cassify_check_authentication() {
- $this->wp_cassify_session_start();
- $auth = false;
- if ( $this->wp_cassify_is_authenticated() ) {
- $auth = true;
- }
- else if ( isset( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['auth_checked'] ) ) {
- // the previous request has redirected the client to the CAS server with gateway=true
- unset( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['auth_checked'] );
- $auth = false;
- }
- else {
- // avoid a check against CAS on every request
- if ( !isset( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['unauth_count'] ) ) {
- $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['unauth_count'] = -2;
- }
- if ( ( ( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['unauth_count'] != -2 ) && ( $this->wp_cassify_get_cache_times_for_auth_recheck() == -1 ) ) ||
- ( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['unauth_count'] >= 0 && $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['unauth_count'] < $this->wp_cassify_get_cache_times_for_auth_recheck() )
- ) {
- $auth = false;
- if ( $this->wp_cassify_get_cache_times_for_auth_recheck() != -1 ) {
- $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['unauth_count']++;;
- }
- }
- else {
- $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['unauth_count'] = 0;
- $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['auth_checked'] = true;
- $this->wp_cassify_redirect( true );
- // never reached
- $auth = false;
- }
- }
- return $auth;
- }
- /**
- * Populate cas user_id and selected attributes from CAS into session.
- * @param array $cas_user_datas
- * @param array $wp_cassify_attributes_list
- */
- public function wp_cassify_populate_attributes_into_session( $cas_user_datas, $wp_cassify_attributes_list ) {
- $cas_user_datas_filtered = array();
- // cas_user_id is populated by default.
- $cas_user_datas_filtered[ 'cas_user_id' ] = $cas_user_datas[ 'cas_user_id' ];
- if (! empty( $wp_cassify_attributes_list ) ) {
- $cas_user_attributes_names = explode( ',', $wp_cassify_attributes_list );
- if ( is_array( $cas_user_attributes_names ) ) {
- foreach( $cas_user_attributes_names as $cas_user_attributes_name ) {
- $cas_user_datas_filtered[ $cas_user_attributes_name ] = $cas_user_datas[ $cas_user_attributes_name ];
- }
- }
- }
- $this->wp_cassify_session_start();
- $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['wp_cassify_cas_user_datas'] = $cas_user_datas_filtered;
- }
- /**
- * Get the service callback url from php session.
- * @return string
- */
- public function wp_cassify_get_service_callback_url() {
- $wp_cassify_callback_service_url = WP_Cassify_Utils::wp_cassify_get_current_url(
- $this->wp_cassify_default_wordpress_blog_http_port,
- $this->wp_cassify_default_wordpress_blog_https_port );
- // Check if request use gateway mode.
- $gateway_mode = false;
- if ( $this->wp_cassify_is_gateway_request( $wp_cassify_callback_service_url ) ) {
- $gateway_mode = true;
- }
- $wp_cassify_redirect_parameter = WP_Cassify_Utils::wp_cassify_extract_get_parameter( $wp_cassify_callback_service_url , $this->wp_cassify_default_redirect_parameter_name );
- $wp_cassify_service_ticket_parameter = WP_Cassify_Utils::wp_cassify_extract_get_parameter( $wp_cassify_callback_service_url , $this->wp_cassify_default_service_ticket_parameter_name );
- if ( !empty( $wp_cassify_redirect_parameter ) ) {
- $wp_cassify_callback_service_url = WP_Cassify_Utils::wp_cassify_extract_get_parameter(
- $wp_cassify_callback_service_url,
- $this->wp_cassify_default_redirect_parameter_name
- );
- // Append home_url if url contains only /my-slug-page/. callback service url must be fully qualified.
- if ( strrpos( $wp_cassify_callback_service_url, '/', -strlen( $wp_cassify_callback_service_url ) ) !== false ) {
- $wp_cassify_callback_service_url = WP_Cassify_Utils::wp_cassify_get_host_uri( home_url() ) .
- $wp_cassify_callback_service_url;
- }
- }
- else if ( !empty( $wp_cassify_service_ticket_parameter ) ) {
- $wp_cassify_callback_service_url = WP_Cassify_Utils::wp_cassify_strip_get_parameter( $wp_cassify_callback_service_url , $this->wp_cassify_default_service_ticket_parameter_name );
- // Append home_url if url contains only /my-slug-page/. callback service url must be fully qualified.
- if ( strrpos( $wp_cassify_callback_service_url, '/', -strlen( $wp_cassify_callback_service_url ) ) !== false ) {
- $wp_cassify_callback_service_url = WP_Cassify_Utils::wp_cassify_get_host_uri( home_url() ) .
- $wp_cassify_callback_service_url;
- }
- }
- else {
- $wp_cassify_callback_service_url = home_url() . '/';
- }
- if ( $gateway_mode ) {
- $wp_cassify_callback_service_url .= '%3Fgateway=true';
- }
- // Fix bug : slug is duplicate in return url
- if( is_multisite() ) {
- $blog_details = get_blog_details();
- $blog_path = ltrim( $blog_details->path , '/');
- $duplicate_path_to_remove = rtrim( $blog_path . $blog_path, '/' );
- $duplicate_path_to_replace = rtrim( $blog_path, '/' );
- if ( ! empty( $duplicate_path_to_remove ) && strpos( $wp_cassify_callback_service_url, $duplicate_path_to_remove ) !== false ) {
- $wp_cassify_callback_service_url = str_replace( $duplicate_path_to_remove, $duplicate_path_to_replace , $wp_cassify_callback_service_url );
- }
- }
- // End Fix bug
- return $wp_cassify_callback_service_url;
- }
- /**
- * Logout from CAS and Wordpress
- * @param string $wp_cassify_error_code Error code passing by GET to display custom error messages after logout.
- */
- private function wp_cassify_logout_if_not_allowed( $wp_cassify_error_code = '' ) {
- $wp_cassify_logout_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_logout_servlet' );
- $wp_cassify_base_url = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_base_url' );
- $wp_cassify_redirect_url_if_not_allowed = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_redirect_url_if_not_allowed' );
- // Define default values if options values empty.
- if ( empty( $wp_cassify_logout_servlet ) ) {
- $wp_cassify_logout_servlet = $this->wp_cassify_default_logout_servlet;
- }
- if ( empty ( $wp_cassify_redirect_url_if_not_allowed ) ) {
- $wp_cassify_redirect_url_if_not_allowed = get_home_url();
- if (! empty( $wp_cassify_error_code ) ) {
- $wp_cassify_redirect_url_if_not_allowed .= '%3F' . 'wp-cassify-message=' . $wp_cassify_error_code;
- }
- }
- // Destroy wordpress session;
- session_destroy();
- $redirect_url = $wp_cassify_base_url .
- $wp_cassify_logout_servlet . '?' .
- $this->wp_cassify_default_service_service_parameter_name . '=' . $wp_cassify_redirect_url_if_not_allowed;
- // Redirect to the logout CAS end point.
- WP_Cassify_Utils::wp_cassify_redirect_url( $redirect_url );
- }
- /**
- * Parse the CAS Server response
- * @param string $cas_server_xml_response Xml response stream sent by CAS Server.
- * @return array $cas_user_datas
- */
- private function wp_cassify_parse_xml_response( $cas_server_xml_response ) {
- $wp_cassify_xpath_query_to_extact_cas_user = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_xpath_query_to_extact_cas_user' );
- $wp_cassify_xpath_query_to_extact_cas_attributes = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_xpath_query_to_extact_cas_attributes' );
- // Define default values if options values empty.
- if ( empty( $wp_cassify_xpath_query_to_extact_cas_user ) ) {
- $wp_cassify_xpath_query_to_extact_cas_user = $this->wp_cassify_default_xpath_query_to_extact_cas_user;
- }
- if ( empty( $wp_cassify_xpath_query_to_extact_cas_attributes ) ) {
- $wp_cassify_xpath_query_to_extact_cas_attributes = $this->wp_cassify_default_xpath_query_to_extact_cas_attributes;
- }
- $cas_user_datas = array();
- $cas_user_datas_xml = new \DomDocument();
- $cas_user_datas_xml->loadXML( $cas_server_xml_response );
- $xpath = new \DOMXPath( $cas_user_datas_xml );
- // Extract cas user_id
- $query_cas_user = $wp_cassify_xpath_query_to_extact_cas_user;
- $cas_user_entries = $xpath->query( $query_cas_user );
- foreach ( $cas_user_entries as $cas_user_entry ) {
- $cas_user_datas[ 'cas_user_id' ] = $cas_user_entry->nodeValue;
- }
- // Extract attributes
- $query_cas_attributes = $wp_cassify_xpath_query_to_extact_cas_attributes;
- $cas_user_attributes = $xpath->query( $query_cas_attributes );
- if ( $cas_user_attributes->length > 0 ) {
- $cas_user_attributes_items = $cas_user_attributes->item( 0 );
- foreach ( $cas_user_attributes_items->childNodes as $cas_user_attributes_item ) {
- $cas_attribute_name = preg_replace( '#^cas:#', '', $cas_user_attributes_item->nodeName );
- // Process multivaluate fields. Test if array_key already exist.
- if ( array_key_exists( $cas_attribute_name, $cas_user_datas ) ) {
- if ( isset( $cas_user_datas[ $cas_attribute_name ] ) ) {
- if ( is_array( $cas_user_datas[ $cas_attribute_name ] ) ) {
- array_push( $cas_user_datas[ $cas_attribute_name ], $cas_user_attributes_item->nodeValue );
- }
- else {
- $cas_attribute_value = $cas_user_datas[ $cas_attribute_name ];
- $cas_user_datas[ $cas_attribute_name ] = array();
- array_push( $cas_user_datas[ $cas_attribute_name ], $cas_attribute_value );
- array_push( $cas_user_datas[ $cas_attribute_name ], $cas_user_attributes_item->nodeValue );
- }
- }
- }
- else {
- // Process single valuate field.
- $cas_user_datas[ $cas_attribute_name ] = $cas_user_attributes_item->nodeValue;
- }
- }
- }
- return $cas_user_datas;
- }
- /**
- * Check if request use gateway mode.
- * @param string $callback_service_url Url used by CAS server to return to service.
- * @return bool $is_gateway_request Return true if request to CAS Server is made in gateway mode (eg : ?gateway=true)
- */
- private function wp_cassify_is_gateway_request( $callback_service_url ) {
- $is_gateway_request = false;
- // Test current url if callback_service_url is not set.
- if ( empty( $callback_service_url ) ) {
- $callback_service_url = WP_Cassify_Utils::wp_cassify_get_current_url(
- $this->wp_cassify_default_wordpress_blog_http_port,
- $this->wp_cassify_default_wordpress_blog_https_port
- );
- }
- $gateway = WP_Cassify_Utils::wp_cassify_extract_get_parameter(
- rawurldecode( $callback_service_url ),
- $this->wp_cassify_default_gateway_parameter_name );
- if (! empty( $gateway ) ) {
- $is_gateway_request = true;
- }
- return $is_gateway_request;
- }
- /**
- * Store rules in two array according to her type (ALLOW or DENY).
- * @param array $wp_cassify_autorization_rules
- */
- private function wp_cassify_separate_rules( $wp_cassify_autorization_rules ) {
- foreach ( $wp_cassify_autorization_rules as $wp_cassify_autorization_rule ) {
- $wp_cassify_rule_parts = explode( '|', $wp_cassify_autorization_rule );
- $wp_cassify_rule_type = $wp_cassify_rule_parts[ 0 ];
- $wp_cassify_rule_expression = $wp_cassify_rule_parts[ 1 ];
- if ( $wp_cassify_rule_type == 'ALLOW' ) {
- array_push( $this->wp_cassify_allow_rules, $wp_cassify_rule_expression );
- }
- if ( $wp_cassify_rule_type == 'DENY' ) {
- array_push( $this->wp_cassify_deny_rules, $wp_cassify_rule_expression );
- }
- }
- }
- /**
- * Test if this URL must be bypassed by CAS Authentication
- * @return bool $wp_cassify_bypass
- */
- private function wp_cassify_bypass() {
- $wp_cassify_bypass = false;
- $wp_cassify_bypass_by_referrer = '';
- $wp_cassify_bypass_by_post = '';
- $wp_cassify_bypass_by_get = '';
- $wp_cassify_disable_authentication = '';
- // 1- Check if bypass GET URL parameter is set from the Referrer.
- if (! empty( $_SERVER['HTTP_REFERER'] ) ) {
- $wp_cassify_bypass_by_referrer = WP_Cassify_Utils::wp_cassify_extract_get_parameter( $_SERVER['HTTP_REFERER'], $this->wp_cassify_default_bypass_parameter_name );
- }
- // 2- Check if bypass parameter is send by POST
- if (! empty( $_POST['redirect_to'] ) ) {
- $wp_cassify_bypass_by_post = WP_Cassify_Utils::wp_cassify_extract_get_parameter( $_POST['redirect_to'], $this->wp_cassify_default_bypass_parameter_name );
- }
- // 3- Or check if bypass has been defined in admin panel.
- $wp_cassify_disable_authentication = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_disable_authentication' );
- // 4- Check $_GET['wp_cassify_bypass'] value
- if ( isset( $_GET[ $this->wp_cassify_default_bypass_parameter_name ] ) ) {
- // Can't use get_query_var function because 'query_vars' filter has not yet fired. I use $_GET instead.
- $wp_cassify_bypass_by_get = $_GET[ $this->wp_cassify_default_bypass_parameter_name ];
- }
- if ( ( $wp_cassify_bypass_by_referrer == 'bypass' ) || ( $wp_cassify_bypass_by_post == 'bypass' ) || ( $wp_cassify_bypass_by_get == 'bypass' ) || ( $wp_cassify_disable_authentication == 'disabled' ) ) {
- $wp_cassify_bypass = true;
- }
- return $wp_cassify_bypass;
- }
- /**
- * Check if url is in white list and don't be authenticated by CAS.
- * @param string $url Url of to test
- * @return bool $is_in_while_list Return true if user can acess this url without to be authenticated by CAS.
- */
- private function wp_cassify_is_in_while_list( $url ) {
- $is_in_while_list = false;
- $wp_cassify_redirect_url_white_list = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_redirect_url_white_list' );
- $white_list_urls = explode( ';', $wp_cassify_redirect_url_white_list );
- if ( ( is_array( $white_list_urls ) ) && ( count( $white_list_urls ) > 0 ) ){
- foreach( $white_list_urls as $white_url ) {
- if ( strrpos( $url, $white_url, -strlen( $url ) ) !== false ) {
- $is_in_while_list = true;
- }
- }
- }
- return $is_in_while_list;
- }
- /**
- * Check if user is allow to connect according to autorization rules.
- * @param array $cas_user_datas Associative array containing CAS userID and attributes
- * @param string $wp_cassify_allow_deny_order Order to process authorization rules.
- * @return bool $is_user_allowed Return true if user is allowed to connect. Return false on the other hand.
- */
- private function wp_cassify_is_user_allowed( $cas_user_datas = array(), $wp_cassify_allow_deny_order ) {
- $is_user_allowed = false;
- $rule_check = false;
- $solver = new \wp_cassify\wp_cassify_rule_solver();
- $solver->match_first_level_parenthesis_group_pattern = $this->wp_cassify_match_first_level_parenthesis_group_pattern;
- $solver->match_second_level_parenthesis_group_pattern = $this->wp_cassify_match_second_level_parenthesis_group_pattern;
- $solver->match_cas_variable_pattern = $this->wp_cassify_match_cas_variable_pattern;
- $solver->allowed_operators = $this->wp_cassify_allowed_operators;
- $solver->operator_prefix = $this->wp_cassify_operator_prefix;
- $solver->allowed_parenthesis = $this->wp_cassify_allowed_parenthesis;
- $solver->error_messages = $this->wp_cassify_error_messages;
- $solver->cas_user_datas = $cas_user_datas;
- // Check Allow rules first
- if ( $wp_cassify_allow_deny_order == 'allow, deny' ) {
- if ( ( is_array( $this->wp_cassify_allow_rules ) ) && ( count( $this->wp_cassify_allow_rules ) > 0 ) ) {
- foreach ( $this->wp_cassify_allow_rules as $rule ) {
- if (! $rule_check ) {
- $rule_check = $solver->solve( $rule );
- if ( $rule_check ) {
- $is_user_allowed = true;
- }
- }
- }
- }
- if ( ( is_array( $this->wp_cassify_deny_rules ) ) && ( count( $this->wp_cassify_deny_rules ) > 0 ) ) {
- foreach ( $this->wp_cassify_deny_rules as $rule ) {
- if (! $rule_check ) {
- $rule_check = $solver->solve( $rule );
- if ( $rule_check ) {
- $is_user_allowed = false;
- }
- }
- }
- }
- }
- else { // Check Deny Rules first
- if ( ( is_array( $this->wp_cassify_deny_rules ) ) && ( count( $this->wp_cassify_deny_rules ) > 0 ) ) {
- foreach ( $this->wp_cassify_deny_rules as $rule ) {
- if (! $rule_check ) {
- $rule_check = $solver->solve( $rule );
- if ( $rule_check ) {
- $is_user_allowed = false;
- }
- }
- }
- }
- if ( ( is_array( $this->wp_cassify_allow_rules ) ) && ( count( $this->wp_cassify_allow_rules ) > 0 ) ) {
- foreach ( $this->wp_cassify_allow_rules as $rule ) {
- if (! $rule_check ) {
- $rule_check = $solver->solve( $rule );
- if ( $rule_check ) {
- $is_user_allowed = true;
- }
- }
- }
- }
- }
- return $is_user_allowed;
- }
- /**
- * Check if user is matched by Conditionnal Rule
- * @param array $cas_user_datas Associative array containing CAS userID and attributes
- * @param string $wp_cassify_rule WP Cassify rule
- * @return bool $rule_matched Return true if WP Cassify rule assertion is verified. Return false on the other hand.
- */
- private function wp_cassify_rule_matched( $cas_user_datas = array(), $wp_cassify_rule ) {
- $rule_matched = false;
- $solver = new \wp_cassify\wp_cassify_rule_solver();
- $solver->match_first_level_parenthesis_group_pattern = $this->wp_cassify_match_first_level_parenthesis_group_pattern;
- $solver->match_second_level_parenthesis_group_pattern = $this->wp_cassify_match_second_level_parenthesis_group_pattern;
- $solver->match_cas_variable_pattern = $this->wp_cassify_match_cas_variable_pattern;
- $solver->allowed_operators = $this->wp_cassify_allowed_operators;
- $solver->operator_prefix = $this->wp_cassify_operator_prefix;
- $solver->allowed_parenthesis = $this->wp_cassify_allowed_parenthesis;
- $solver->error_messages = $this->wp_cassify_error_messages;
- $solver->cas_user_datas = $cas_user_datas;
- $rule_matched = $solver->solve( $wp_cassify_rule );
- return $rule_matched;
- }
- /**
- * Test if user account has expired.
- * @param array $cas_user_datas Associative array containing CAS userID and attributes
- * @param array $expiration_rules Array of WP Cassify user account expiration rules
- * @result bool $is_user_account_expired Return true if user account has expired. Return false on the other hand.
- */
- private function wp_cassify_is_user_account_expired( $cas_user_datas, $expiration_rules = array() ) {
- $is_user_account_expired = false;
- foreach ( $expiration_rules as $expiration_rule ) {
- $expiration_rule_parts = explode( '|', $expiration_rule );
- if ( ( is_array( $expiration_rule_parts ) ) && ( count( $expiration_rule_parts ) == 3 ) ) {
- $expiration_rule_type = $expiration_rule_parts[0];
- $expiration_rule_type_value = $expiration_rule_parts[1];
- $expiration_rule_value = stripslashes( $expiration_rule_parts[2] );
- if ( $this->wp_cassify_rule_matched( $cas_user_datas, $expiration_rule_value ) ) {
- switch( $expiration_rule_type ) {
- case 'after_user_account_created_time_limit' :
- $current_user = get_user_by( 'login', $cas_user_datas[ 'cas_user_id' ] );
- $expiration_date = new \DateTime( $current_user->user_registered );
- // Add expiration delay (in days) from user account registered date
- $expiration_date->add( new \DateInterval( 'P'. $expiration_rule_type_value . 'D' ) );
- break;
- case 'fixed_datetime_limit' :
- $expiration_date = new \DateTime( $expiration_rule_type_value );
- break;
- }
- $now = new \DateTime( 'now' );
- if ( $expiration_date < $now ) {
- $is_user_account_expired = true;
- }
- }
- }
- }
- return $is_user_account_expired;
- }
- /**
- * Check if user is matched by Notification Rule
- * @param array $cas_user_datas Associative array containing CAS userID and attributes
- * @param array $role_rules Array containing all role rules
- * @param bool $network_activated True if plugin is activated over the network
- * @param int $current_blog_id The id of the current blog
- * @return array $roles_to_push Array containing roles to push to user
- */
- private function wp_cassify_get_roles_to_push( $cas_user_datas = array(), $role_rules = array(), $network_activated = false, $current_blog_id ) {
- $roles_to_push = array();
- if ( ( is_array( $role_rules ) ) && ( count( $role_rules ) > 0 ) ) {
- foreach ( $role_rules as $role_rule ) {
- $role_rule_parts = explode( '|', $role_rule );
- if ( $network_activated ) {
- if ( ( is_array( $role_rule_parts ) ) && ( count( $role_rule_parts ) == 3 ) ) {
- $role_rule_key = $role_rule_parts[0];
- // Determine scope of the rule if network activated
- $role_rule_blog_id = $role_rule_parts[1];
- $role_rule_expression = stripslashes( $role_rule_parts[2] );
- // role_rule_blog_id == 0 match "ALL BLOGS"
- if ( ( $role_rule_blog_id == $current_blog_id ) || ( $role_rule_blog_id == 0 ) ) {
- if ( $this->wp_cassify_rule_matched( $cas_user_datas, $role_rule_expression ) ) {
- array_push( $roles_to_push, $role_rule_key );
- }
- }
- }
- }
- else {
- if ( ( is_array( $role_rule_parts ) ) && ( count( $role_rule_parts ) == 2 ) ) {
- $role_rule_key = $role_rule_parts[0];
- $role_rule_expression = stripslashes( $role_rule_parts[1] );
- if ( $this->wp_cassify_rule_matched( $cas_user_datas, $role_rule_expression ) ) {
- array_push( $roles_to_push, $role_rule_key );
- }
- }
- }
- }
- }
- return $roles_to_push;
- }
- /**
- * Check if user is matched by Notification Rule
- * @param array $cas_user_datas Associative array containing CAS userID and attributes
- * @param array $notification_rules Array containing all notification rules
- * @param array $trigger_name The name of the action wich fire the notification
- * @return boolean $notification_rule_matched Return true if notification rule assertion is verified. Return false on the other hand.
- */
- private function wp_cassify_notification_rule_matched( $cas_user_datas = array(), $notification_rules = array(), $trigger_name ) {
- $notification_rule_matched = false;
- if ( ( is_array( $notification_rules ) ) && ( count( $notification_rules ) > 0 ) ) {
- foreach ( $notification_rules as $notification_rule ) {
- $notification_rule_parts = explode( '|', $notification_rule );
- if ( ( is_array( $notification_rule_parts ) ) && ( count( $notification_rule_parts ) == 2 ) ) {
- $notification_rule_key = $notification_rule_parts[0];
- $notification_rule_expression = stripslashes( $notification_rule_parts[1] );
- if ( $notification_rule_key == $trigger_name ) {
- if ( $this->wp_cassify_rule_matched( $cas_user_datas, $notification_rule_expression ) ) {
- $notification_rule_matched = true;
- }
- }
- }
- }
- }
- return $notification_rule_matched;
- }
- /**
- * Synchronize CAS User attributes values with Wordpress User metadatas. Create custom user_meta if not exist.
- * @param string $cas_user_id CAS userID
- * @param array $cas_user_datas Associative array containing CAS userID and attributes
- * @param array $wp_cassify_user_attributes_mapping_list Array containing mapping between CAS user attributes and Wordpress user attributes
- */
- private function wp_cassify_sync_user_metadata( $cas_user_id, $cas_user_datas = array(), $wp_cassify_user_attributes_mapping_list = array() ) {
- if ( ( is_array( $wp_cassify_user_attributes_mapping_list ) ) && ( count( $wp_cassify_user_attributes_mapping_list ) > 0 ) ) {
- $wp_user = get_user_by( 'login', $cas_user_id );
- if ( $wp_user != false ) {
- foreach( $wp_cassify_user_attributes_mapping_list as $wp_cassify_user_attributes_mapping ) {
- $wp_cassify_user_attributes_mapping_parts = explode( '|', $wp_cassify_user_attributes_mapping );
- $wp_cassify_wordpress_user_meta = $wp_cassify_user_attributes_mapping_parts[ '0' ];
- $wp_cassify_cas_user_attribute = $wp_cassify_user_attributes_mapping_parts[ '1' ];
- $cas_user_data_formatted = null;
- if ( is_array( $cas_user_datas[ $wp_cassify_cas_user_attribute ] ) ) {
- $cas_user_data_formatted = maybe_serialize( $cas_user_datas[ $wp_cassify_cas_user_attribute ] );
- }
- else {
- $cas_user_data_formatted = $cas_user_datas[ $wp_cassify_cas_user_attribute ];
- }
- $mapping_set = false;
- if ( property_exists( $wp_user->data, $wp_cassify_wordpress_user_meta ) ) {
- $user_id = wp_update_user(
- array(
- 'ID' => $wp_user->data->ID,
- $wp_cassify_wordpress_user_meta => $cas_user_data_formatted
- )
- );
- $mapping_set = true;
- }
- if (! $mapping_set ) {
- $wp_cassify_wordpress_user_meta_value = get_user_meta( $wp_user->ID, $wp_cassify_wordpress_user_meta );
- if ( empty( $wp_cassify_wordpress_user_meta_value ) ) {
- add_user_meta(
- $wp_user->ID,
- $wp_cassify_wordpress_user_meta,
- $cas_user_data_formatted,
- true
- );
- }
- else {
- update_user_meta(
- $wp_user->ID,
- $wp_cassify_wordpress_user_meta,
- $cas_user_data_formatted
- );
- }
- }
- }
- }
- }
- }
- /**
- * Send email notification
- * @param string $message Body of email notification message.
- * @result boole $send_result Return true if message is sent successfully. Return false on the other hand.
- */
- public function wp_cassify_send_notification_message( $message ) {
- $wp_cassify_notifications_smtp_to = esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_smtp_to' ) );
- $wp_cassify_notifications_subject_prefix = esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_subject_prefix' ) );
- if ( empty( $message ) ) {
- $wp_cassify_send_notification_subject = $this->wp_cassify_default_notifications_options[ 'wp_cassify_default_notifications_subject' ];
- $wp_cassify_send_notification_message = $this->wp_cassify_default_notifications_options[ 'wp_cassify_default_notifications_message' ];
- }
- else {
- $wp_cassify_send_notification_subject = $message;
- $wp_cassify_send_notification_message = $message;
- }
- if ( empty( $wp_cassify_notifications_subject_prefix ) ) {
- $wp_cassify_send_notification_subject = $this->wp_cassify_default_notifications_options[ 'wp_cassify_default_notifications_subject_prefix' ] . $wp_cassify_send_notification_subject;
- }
- else {
- $wp_cassify_send_notification_subject = $wp_cassify_notifications_subject_prefix . $wp_cassify_send_notification_subject;
- }
- $wp_cassify_notifications_smtp_auth = esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_smtp_auth' ) );
- $wp_cassify_notifications_smtp_auth_enabled = false;
- $wp_cassify_notifications_encryption_type = null;
- if ( $wp_cassify_notifications_smtp_auth == 'enabled' ) {
- $wp_cassify_notifications_smtp_auth_enabled = true;
- $wp_cassify_notifications_encryption_type = esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_encryption_type' ) );
- }
- $wp_cassify_notifications_priority = esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_priority' ) );
- $wp_cassify_notifications_smtp_user = esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_smtp_user' ) );
- $wp_cassify_notifications_smtp_password = esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_smtp_password' ) );
- $wp_cassify_notifications_salt = esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_salt' ) );
- if (! empty( $wp_cassify_notifications_salt ) ) {
- $wp_cassify_notifications_smtp_password = WP_Cassify_Utils::wp_cassify_simple_decrypt(
- $wp_cassify_notifications_smtp_password,
- $wp_cassify_notifications_salt
- );
- }
- else {
- $wp_cassify_notifications_smtp_password = WP_Cassify_Utils::wp_cassify_simple_decrypt(
- $wp_cassify_notifications_smtp_password
- );
- }
- $send_result = WP_Cassify_Utils::wp_cassify_sendmail(
- esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_smtp_from' ) ),
- $wp_cassify_notifications_smtp_to,
- $wp_cassify_send_notification_subject,
- $wp_cassify_send_notification_message,
- $wp_cassify_notifications_priority,
- esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_smtp_host' ) ),
- esc_attr( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notifications_smtp_port' ) ),
- $wp_cassify_notifications_smtp_auth_enabled,
- $wp_cassify_notifications_encryption_type,
- $wp_cassify_notifications_smtp_user,
- $wp_cassify_notifications_smtp_password
- );
- return $send_result;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement