-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathSettings.php
479 lines (401 loc) · 14.2 KB
/
Settings.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
<?php
/**
* Class containing all settings used by the AADSSO plugin.
*
* Installation-specific configuration settings should be kept in a JSON file and loaded with the
* load_settingsFromJSON() method rather than hard-coding here.
*/
class AADSSO_Settings {
/**
* @var \AADSSO_Settings $instance The settings instance.
*/
private static $instance = null;
/**
* @var string The OAuth 2.0 client type. Either 'confidential' or 'public'. (Not in use yet.)
*/
// public $clientType = 'confidential';
/**
* @var string The client ID obtained after registering an application in AAD.
*/
public $client_id = '';
/**
* @var string The SSO connection endpoint
*/
public $base_uri = 'https://login.windows-ppe.net/common/';
/**
* @var string The client secret key, which is generated on the app configuration page in AAD.
* Required if $clientType is 'public'.
*/
// public $client_secret = '';
/**
* @var string The display name of the organization, used only in the link in the login page.
*/
public $org_display_name = '';
/**
* @var boolean Whether or not to use AAD group memberships to set WordPress roles.
*/
// public $enable_aad_group_to_wp_role = false;
/**
* @var string[] The AAD group to WordPress role map.
* An associative array user to match up AAD group object ids (key) to WordPress roles (value).
* Since the user will be given the first role with a matching group, the order of this array
* is important!
*/
// TODO: A user-friendly method of specifying the groups.
// public $aad_group_to_wp_role_map = array();
/**
* @var string The default WordPress role to assign a user when not a member of defined AAD groups.
* This is only used if $enable_aad_group_to_wp_role is TRUE. null means that access will be denied
* to users who are not members of the groups defined in $aad_group_to_wp_role_map.
*/
public $default_wp_role = 'subscriber';
/**
* @var string The OpenID Connect configuration discovery endpoint.
*/
public $openid_configuration_endpoint = 'https://login.windows.net/common/.well-known/openid-configuration';
// These are the common endpoints that always work, but don't have tenant branding.
/**
* @var string The OAuth 2.0 authorization endpoint.
*/
public $authorization_endpoint = '';
/**
* @var string The OAuth 2.0 token endpoint.
*/
public $token_endpoint = '';
/**
* @var string The OpenID Connect JSON Web Key Set endpoint.
*/
public $jwks_uri = '';
/**
* @var string The sign out endpoint.
*/
public $end_session_endpoint = '';
/**
* @var string The URI of the Azure Active Directory Graph API.
*/
public $resourceURI = 'https://graph.windows.net';
/**
* @var string The version of the AAD Graph API to use.
*/
public $graphVersion = '2013-11-08';
/**
* @var boolean allows site admins to set the plugin to override the user registration
* settings in Settings > General to allow the plugin to create new users
**/
public $override_user_registration = false;
public function __construct() {
if ( is_admin() ) {
// Setup stuff only needed in wp-admin
add_action( 'admin_menu', array( $this, 'add_menus' ) );
add_action( 'admin_init', array( $this, 'register_settings' ) );
}
}
/**
* @return self The (only) instance of the class.
*/
public static function get_instance() {
if ( ! self::$instance ) {
self::$instance = new self;
}
return self::$instance;
}
/**
* This method loads the settins from a JSON file and uses the contents to overwrite
* any properties in the settings class.
*
* @param string $jsonFile The path to the JSON file.
*
* @return self Returns the (only) instance of the class.
*/
public static function load_settings() {
$settings = self::get_instance();
// Import from Settings.json
$settings->importSettingsFromDB();
// Import from openid-configuration
$settings->importSettingsFromJSON($settings->openid_configuration_endpoint);
return $settings;
}
function importSettingsFromJSON($jsonFile) {
// Load the JSON settings
//$jsonSettings = file_get_contents($jsonFile);
if( file_exists( $jsonFile ) ) {
$f = fopen( $jsonFile, "r" ) or die( "Unable to open settings file" );
$jsonSettings = fread( $f, filesize( $jsonFile ) );
fclose( $f );
} else {
if ( ! isset( $GLOBALS['pagenow'] ) ) {
$GLOBALS['pagenow'] = '';
}
$response = wp_remote_get( $jsonFile );
$jsonSettings = wp_remote_retrieve_body( $response );
}
$tmpSettings = json_decode($jsonSettings, TRUE);
// Overwrite any properties defined in the JSON
foreach ( (array) $tmpSettings as $key => $value) {
if (property_exists($this, $key)) {
$this->{$key} = $value;
}
}
return $this;
}
private function importSettingsFromDB() {
$defaults = array(
'org_display_name' => $this->org_display_name,
'client_id' => $this->client_id,
// 'client_secret' => $this->client_secret,
// 'enable_group_to_role' => $this->aad_group_to_wp_role_map,
// 'custom_roles' => '',
// 'group_map' => array(),
'base_uri' => $this->base_uri,
);
$settings = get_option( 'aad-settings', array() );
$settings = wp_parse_args( (array) $settings, $defaults );
// @todo this is broken for now, because we can't access the graph API
// @link https://github.com/WebDevStudios/aad-sso-wordpress/blob/master/GraphHelper.php#L108-L110
// $group_map = array();
// If custom roles exist
// if ( ( isset( $settings['custom_roles'] ) && $settings['custom_roles'] && is_string( $settings['custom_roles'] ) ) ) {
// // Get rows
// $custom_roles = explode( "\n", trim( $settings['custom_roles'] ) );
// // Let's add them to our group map
// foreach( (array) $custom_roles as $role ) {
// if ( $role ) {
// // get role/aad-role
// $role = explode( ' ', trim( $role ) );
// if ( isset( $role[0], $role[1] ) ) {
// // Add to our role map
// $group_map[ $role[0] ] = $role[1];
// }
// }
// }
// }
// // Ensure we have all the group mapping parts
// $settings['group_map'] = wp_parse_args( array_unique( array_merge( $settings['group_map'], $group_map ) ), array(
// 'administrator' => '',
// 'editor' => '',
// 'author' => '',
// 'contributor' => '',
// 'subscriber' => '',
// ) );
// Store the whole chunk of settings
$this->settings = $settings;
// Load the individual class properties
// Note: Legacy hack
foreach( $settings as $k => $v ) {
$this->$k = $v;
}
// @todo this is broken for now, because we can't access the graph API
// @link https://github.com/WebDevStudios/aad-sso-wordpress/blob/master/GraphHelper.php#L108-L110
// Create group to role map
// Note: Legacy hack
// foreach( $settings['group_map'] as $k => $v ) {
// $this->aad_group_to_wp_role_map[ $v ] = $k;
// }
// // Hack to preserve original functionality
// if( !empty( $settings['group_map_enabled'] ) ) {
// $this->enable_aad_group_to_wp_role = true;
// }
// if( false == get_option( 'aad-group-map-set' ) ){
// update_option( 'aad-group-map-set', 1 );
// $this->enable_aad_group_to_wp_role = true;
// }
$this->default_wp_role = isset( $settings['default_wp_role'] ) ? $settings['default_wp_role'] : $this->default_wp_role;
}
public function add_menus() {
add_options_page( 'AAD Settings', 'AAD Settings', 'manage_options', 'aad-settings', array( $this, 'render_admin_settings' ) );
}
public function render_admin_settings() {
require_once( 'views/admin/settings.php' );
}
public function register_settings() {
register_setting( 'aad-settings', 'aad-settings' );
/*
* Directory Settings
* - Org name
* - Org domain
* - Secret keys
*/
add_settings_section(
'aad-directory-settings',
__( 'Directory Settings' ),
array( $this, 'render_directory_settings_section' ),
'aad-settings'
);
add_settings_field(
'org_display_name',
__( 'Organization Display Name' ),
array( $this, 'render_org_display_name' ),
'aad-settings',
'aad-directory-settings'
);
add_settings_field(
'client_id',
__( 'Client ID' ),
array( $this, 'render_client_id' ),
'aad-settings',
'aad-directory-settings'
);
add_settings_field(
'base_uri',
__( 'Base URI' ),
array( $this, 'render_base_uri' ),
'aad-settings',
'aad-directory-settings'
);
add_settings_field(
'override_user_registration',
__( 'Override User Registration' ),
array( $this, 'render_override_user_registration' ),
'aad-settings',
'aad-directory-settings'
);
add_settings_field(
'default_wp_role',
__( 'Default role' ),
array( $this, 'render_default_wp_role' ),
'aad-settings',
'aad-directory-settings'
);
/*
* @todo this is broken for now, because we can't access the graph API
* @link https://github.com/WebDevStudios/aad-sso-wordpress/blob/master/GraphHelper.php#L108-L110
*/
/*
* Map of group hash from Azure to local groups
*/
// add_settings_section(
// 'aad-group-settings',
// __( 'Group Map' ),
// array( $this, 'render_group_settings_section' ),
// 'aad-settings'
// );
// add_settings_field(
// 'group_map_enabled',
// __( 'Enable role mapping' ),
// array( $this, 'render_group_map_enabled' ),
// 'aad-settings',
// 'aad-group-settings'
// );
// add_settings_field(
// 'group_map_admin',
// __( 'Administrator' ),
// array( $this, 'render_group_map_admin' ),
// 'aad-settings',
// 'aad-group-settings'
// );
// add_settings_field(
// 'group_map_editor',
// __( 'Editor' ),
// array( $this, 'render_group_map_editor' ),
// 'aad-settings',
// 'aad-group-settings'
// );
// add_settings_field(
// 'group_map_author',
// __( 'Author' ),
// array( $this, 'render_group_map_author' ),
// 'aad-settings',
// 'aad-group-settings'
// );
// add_settings_field(
// 'group_map_contributor',
// __( 'Contributor' ),
// array( $this, 'render_group_map_contributor' ),
// 'aad-settings',
// 'aad-group-settings'
// );
// add_settings_field(
// 'group_map_subscriber',
// __( 'Subscriber' ),
// array( $this, 'render_group_map_subscriber' ),
// 'aad-settings',
// 'aad-group-settings'
// );
// add_settings_field(
// 'custom_roles',
// __( 'Custom role mapping' ),
// array( $this, 'render_custom_roles' ),
// 'aad-settings',
// 'aad-group-settings'
// );
}
public function render_directory_settings_section() {}
public function render_org_display_name() {
echo '<input type="text" id="org_display_name" name="aad-settings[org_display_name]" value="' . $this->org_display_name . '" class="widefat" />';
echo '<p class="description">I.E. <b>Microsoft</b>. Will be displayed on login page. Optional.</p>';
}
public function render_base_uri() {
echo '<input type="text" id="base_uri" name="aad-settings[base_uri]" value="' . $this->base_uri . '" class="widefat" />';
echo '<p class="description">The SSO connection endpoint</p>';
}
public function render_client_id() {
echo '<input type="text" id="client_id" name="aad-settings[client_id]" value="' . $this->client_id . '" class="widefat" />';
}
public function render_override_user_registration() {
echo '<input type="checkbox" name="aad-settings[override_user_registration]" ' . checked( $this->override_user_registration, 1, false ) . ' value="1" class="widefat" />';
echo '<p class="description">Allow new users access to the site regardless of site registration settings</p>';
}
// public function render_group_settings_section() {}
// public function render_group_map_enabled() {
// echo '<input type="checkbox" name="aad-settings[group_map_enabled]" '
// . checked( $this->enable_aad_group_to_wp_role, 1, false )
// . ' value="1" class="widefat" />';
// echo '<p class="description">Match WordPress user role with role from AAD</p>';
// }
public function render_default_wp_role() {
echo '<select style="min-width: 200px;" name="aad-settings[default_wp_role]" id="new_role">';
echo '<option value="">No Role</option>';
wp_dropdown_roles( $this->default_wp_role );
echo '</select>';
// echo '<p class="description">If no role is selected, a user will not be added.</p>';
}
// public function render_group_map_admin() {
// $this->group_dropdown_or_input( 'administrator' );
// }
// public function render_group_map_editor() {
// $this->group_dropdown_or_input( 'editor' );
// }
// public function render_group_map_author() {
// $this->group_dropdown_or_input( 'author' );
// }
// public function render_group_map_contributor() {
// $this->group_dropdown_or_input( 'contributor' );
// }
// public function render_group_map_subscriber() {
// $this->group_dropdown_or_input( 'subscriber' );
// }
// public function render_custom_roles() {
// echo '<textarea id="custom_roles" class="widefat" name="aad-settings[custom_roles]" rows="10">';
// echo $this->custom_roles;
// echo '</textarea>';
// echo '<p class="description">Additional custom roles that should be mapped in style "[wp_role] [aad_group]". One role per line.</p>';
// }
// public function group_dropdown_or_input( $key ) {
// $groups = $this->get_groups();
// if ( ! $groups || empty( $groups->value )) {
// echo '<input type="text" id="group_map_'. $key .'" name="aad-settings[group_map]['. $key .']" value="' . $this->settings['group_map'][ $key ] . '" class="widefat" />';
// } else {
// echo '<select style="min-width: 200px;" id="group_map_'. $key .'" name="aad-settings[group_map]['. $key .']">';
// echo '<option value="" ', selected( $this->settings['group_map'][ $key ] ), '>No Mapping</option>';
// foreach ( $groups->value as $group ) {
// printf( '<option value="%s" %s>%s</option>', $group->objectId, selected( $this->settings['group_map'][ $key ], $group->objectId, false ), $group->displayName );
// }
// echo '</select>';
// }
// }
// public function get_groups() {
// static $groups = null;
// if ( ! $this->tenant_domain ) {
// return;
// }
// if ( is_null( $groups ) ) {
// AADSSO_GraphHelper::$tenant_id = $this->tenant_domain;
// AADSSO_GraphHelper::$settings = (object) array(
// 'graphVersion' => $this->graphVersion,
// 'resourceURI' => $this->resourceURI,
// );
// $groups = AADSSO_GraphHelper::getGroups();
// }
// return $groups;
// }
}