Merge pull request #277 from auth0/fix-edit-profile

glena · web-flow · commit 5ad796d68532 · 2017-01-24T16:35:49.000-03:00
Fix edit profile
diff --git a/lib/WP_Auth0_Api_Operations.php b/lib/WP_Auth0_Api_Operations.php
@@ -162,7 +162,6 @@ public function create_wordpress_connection( $app_token, $migration_enabled, $pa
 	 */
 	public function social_validation( $app_token, $old_options, $input, $strategy, $connection_options ) {
 		$domain = $this->a0_options->get( 'domain' );
-		$secret = $this->a0_options->get( 'client_secret' );
 		$client_id = $this->a0_options->get( 'client_id' );
 
 		$main_key = "social_$strategy";
diff --git a/lib/WP_Auth0_Configure_JWTAUTH.php b/lib/WP_Auth0_Configure_JWTAUTH.php
@@ -53,7 +53,7 @@ public function setupjwt() {
 		if ( self::is_jwt_auth_enabled() ) {
 			JWT_AUTH_Options::set( 'aud', $this->a0_options->get( 'client_id' ) );
 			JWT_AUTH_Options::set( 'secret', $this->a0_options->get( 'client_secret' ) );
-			JWT_AUTH_Options::set( 'secret_base64_encoded', true );
+			JWT_AUTH_Options::set( 'secret_base64_encoded', $this->a0_options->get( 'client_secret_b64_encoded' ) );
 			JWT_AUTH_Options::set( 'override_user_repo', 'WP_Auth0_UsersRepo' );
 			$this->a0_options->set( 'jwt_auth_integration', true );
 		}
@@ -75,7 +75,7 @@ public static function is_jwt_configured() {
 		return (
 			JWT_AUTH_Options::get( 'aud' ) === $options->get( 'client_id' ) &&
 			JWT_AUTH_Options::get( 'secret' ) === $options->get( 'client_secret' ) &&
-			JWT_AUTH_Options::get( 'secret_base64_encoded' ) &&
+			JWT_AUTH_Options::get( 'secret_base64_encoded' ) === $options->get( 'client_secret_b64_encoded' ) &&
 			$options->get( 'jwt_auth_integration' ) &&
 			JWT_AUTH_Options::get( 'jwt_attribute' ) === 'sub'
 		);
diff --git a/lib/WP_Auth0_EditProfile.php b/lib/WP_Auth0_EditProfile.php
@@ -268,8 +268,8 @@ public function override_email_update() {
 			$errors = new WP_Error();
 		}
 
-    $current_user = get_currentauth0user();
-    $user_profile = $current_user->auth0_obj;
+    $current_user = wp_get_current_user();
+    $user_profile =  get_currentauth0userinfo();
 
 		$app_token = $this->a0_options->get( 'auth0_app_token' );;
 
diff --git a/lib/WP_Auth0_Lock10_Options.php b/lib/WP_Auth0_Lock10_Options.php
@@ -205,7 +205,7 @@ public function get_sso_options() {
     if ( $this->get_auth0_implicit_workflow() ) {
       $options["callbackOnLocationHash"] = true;
       $options["callbackURL"] = $this->get_implicit_callback_url();
-      $options["scope"] .= "name email picture nickname email_verified identities";
+      $options["scope"] .= "name email picture nickname email_verified";
     } else {
       $options["callbackOnLocationHash"] = false;
       $options["callbackURL"] = $this->get_code_callback_url();
diff --git a/lib/WP_Auth0_LoginManager.php b/lib/WP_Auth0_LoginManager.php
@@ -240,8 +240,18 @@ public function redirect_login() {
 
 			if ( !isset( $data->id_token ) ) {
 				$data->id_token = null;
+				$response = WP_Auth0_Api_Client::get_user_info( $domain, $data->access_token );
+			} else {
+				// grab the user ID from the id_token to call get_user
+				$decodedToken = JWT::decode( $data->id_token, $this->a0_options->get_client_secret_as_key(), array( 'HS256' ) );
+
+				// validate that this JWT was made for us
+				if ( $this->a0_options->get( 'client_id' ) !== $decodedToken->aud ) {
+					throw new Exception( 'This token is not intended for us.' );
+				}
+
+				$response = WP_Auth0_Api_Client::get_user( $domain, $data->id_token, $decodedToken->sub );
 			}
-			$response = WP_Auth0_Api_Client::get_user_info( $domain, $data->access_token );
 
 			if ( $response instanceof WP_Error ) {
 				WP_Auth0_ErrorManager::insert_auth0_error( 'init_auth0_userinfo', $response );
@@ -302,9 +312,7 @@ public function implicit_login() {
 		$token = $_POST['token'];
 		$stateFromGet = json_decode( base64_decode( $_POST['state'] ) );
 
-		$secret = $this->a0_options->get( 'client_secret' );
-
-		$secret = JWT::urlsafeB64Decode( $secret );
+		$secret = $this->a0_options->get_client_secret_as_key();
 
 		try {
 			// Decode the user
@@ -498,9 +506,7 @@ public function login_with_credentials( $username, $password, $connection="Usern
 
 		$response = WP_Auth0_Api_Client::ro( $domain, $client_id, $username, $password, $connection, 'openid name email nickname email_verified identities' );
 
-		$secret = $this->a0_options->get( 'client_secret' );
-
-		$secret = JWT::urlsafeB64Decode( $secret );
+		$secret = $this->a0_options->get_client_secret_as_key();
 
 		try {
 			// Decode the user
diff --git a/lib/WP_Auth0_Options.php b/lib/WP_Auth0_Options.php
@@ -43,6 +43,12 @@ public function get_default($key) {
 		return $defaults[$key];
 	}
 
+	public function get_client_secret_as_key() {
+		$secret = $this->get('client_secret', '');
+		$isEncoded = $this->get('client_secret_b64_encoded', false);
+		return $isEncoded ? JWT::urlsafeB64Decode($secret) : $secret;
+	}
+
 	protected function defaults() {
 		return array(
 			'version' => 1,
@@ -52,6 +58,7 @@ protected function defaults() {
 			'auto_login_method' => '',
 			'client_id' => '',
 			'client_secret' => '',
+			'client_secret_b64_enabled' => true,
 			'domain' => '',
 			'form_title' => '',
 			'icon_url' => '',
diff --git a/lib/WP_Auth0_Routes.php b/lib/WP_Auth0_Routes.php
@@ -84,7 +84,7 @@ protected function migration_ws_login() {
 		$authorization = $this->getAuthorizationHeader();
 		$authorization = trim( str_replace( 'Bearer ', '', $authorization ) );
 
-		$secret = $this->a0_options->get( 'client_secret' );
+		$secret = $this->a0_options->get_client_secret_as_key();
 		$token_id = $this->a0_options->get( 'migration_token_id' );
 
 		$user = null;
@@ -94,7 +94,7 @@ protected function migration_ws_login() {
 				throw new Exception( 'Unauthorized: missing authorization header' );
 			}
 
-			$token = JWT::decode( $authorization, JWT::urlsafeB64Decode( $secret ), array( 'HS256' ) );
+			$token = JWT::decode( $authorization, $secret, array( 'HS256' ) );
 
 			if ( $token->jti != $token_id ) {
 				throw new Exception( 'Invalid token id' );
@@ -145,7 +145,7 @@ protected function migration_ws_get_user() {
 		$authorization = $this->getAuthorizationHeader();
 		$authorization = trim(str_replace('Bearer ', '', $authorization));
 
-		$secret = $this->a0_options->get( 'client_secret' );
+		$secret = $this->a0_options->get_client_secret_as_key();
 		$token_id = $this->a0_options->get( 'migration_token_id' );
 
 		$user = null;
@@ -155,7 +155,7 @@ protected function migration_ws_get_user() {
 				throw new Exception('Unauthorized: missing authorization header');
 			}
 
-			$token = JWT::decode($authorization, JWT::urlsafeB64Decode( $secret ), array('HS256'));
+			$token = JWT::decode($authorization, $secret, array('HS256'));
 
 			if ($token->jti != $token_id) {
 				throw new Exception('Invalid token id');
diff --git a/lib/WP_Auth0_UsersRepo.php b/lib/WP_Auth0_UsersRepo.php
@@ -74,11 +74,23 @@ public function create( $userinfo, $token, $access_token = null, $role = null, $
 
 		// If the user doesn't exist we need to either create a new one, or asign him to an existing one
 		$isDatabaseUser = false;
-		foreach ( $userinfo->identities as $identity ) {
-			if ( $identity->provider == "auth0" ) {
+
+		if (isset($userinfo->identities)) {
+			foreach ( $userinfo->identities as $identity ) {
+				if ( $identity->provider == "auth0" ) {
+					$isDatabaseUser = true;
+				}
+			}
+		} else {
+			$sub = $userinfo->sub;
+			list($provider, $id) = explode('|', $sub);
+			if ( $provider == "auth0" ) {
 				$isDatabaseUser = true;
 			}
 		}
+
+
+
 		$joinUser = null;
 
 		// If the user has a verified email or is a database user try to see if there is
diff --git a/lib/admin/WP_Auth0_Admin_Advanced.php b/lib/admin/WP_Auth0_Admin_Advanced.php
@@ -484,9 +484,9 @@ public function migration_ws_validation( $old_options, $input ) {
     if ( $old_options['migration_ws'] != $input['migration_ws'] ) {
 
       if ( 1 == $input['migration_ws'] ) {
-        $secret = $input['client_secret'];
+        $secret = $input['client_secret_b64_encoded'] ? JWT::urlsafeB64Decode( $secret) : $input['client_secret'];
         $token_id = uniqid();
-        $input['migration_token'] = JWT::encode( array( 'scope' => 'migration_ws', 'jti' => $token_id ), JWT::urlsafeB64Decode( $secret ) );
+        $input['migration_token'] = JWT::encode( array( 'scope' => 'migration_ws', 'jti' => $token_id ), $secret );
         $input['migration_token_id'] = $token_id;
 
         // if ($response === false) {
diff --git a/lib/admin/WP_Auth0_Admin_Basic.php b/lib/admin/WP_Auth0_Admin_Basic.php
@@ -17,6 +17,7 @@ public function init() {
 				array( 'id' => 'wpa0_domain', 'name' => 'Domain', 'function' => 'render_domain' ),
 				array( 'id' => 'wpa0_client_id', 'name' => 'Client ID', 'function' => 'render_client_id' ),
 				array( 'id' => 'wpa0_client_secret', 'name' => 'Client Secret', 'function' => 'render_client_secret' ),
+				array( 'id' => 'wpa0_client_secret_b64_encoded', 'name' => 'Client Secret Base64 Encoded', 'function' => 'render_client_secret_b64_encoded' ),
 				array( 'id' => 'wpa0_auth0_app_token', 'name' => 'API token', 'function' => 'render_auth0_app_token' ), //we are not going to show the token
 				array( 'id' => 'wpa0_login_enabled', 'name' => 'WordPress login enabled', 'function' => 'render_allow_wordpress_login' ),
 				array( 'id' => 'wpa0_allow_signup', 'name' => 'Allow signup', 'function' => 'render_allow_signup' ),
@@ -73,6 +74,18 @@ public function render_client_secret() {
     <?php
 	}
 
+	public function render_client_secret_b64_encoded() {
+		$v = absint( $this->options->get( 'client_secret_b64_encoded' ) );
+
+		echo $this->render_a0_switch( "Not Base64 Enabled", "Base64 Enabled", 1, 1 == $v );
+	?>
+				<div class="subelement">
+					<span class="description"><?php echo __( 'Enable if your client secret is base64 enabled.  If you are not sure, check your clients page in Auth0.  Displayed below the client secret on that page is the text "The Client Secret is not base64 encoded.
+	" when this is not encoded.', WPA0_LANG ); ?></span>
+				</div>
+			<?php
+	}
+
 	public function render_domain() {
 		$v = $this->options->get( 'domain' );
 ?>
@@ -161,6 +174,7 @@ public function basic_validation( $old_options, $input ) {
 
 		// Only replace the secret or token if a new value was set. If not, we will keep the last one entered.
 		$input['client_secret'] = ( !empty( $input['client_secret'] ) ? $input['client_secret'] : $old_options['client_secret'] );
+		$input['client_secret_b64_encoded'] = ( isset( $input['client_secret_b64_encoded'] ) ? $input['client_secret_b64_encoded'] : 0 );
 		$input['auth0_app_token'] = ( !empty( $input['auth0_app_token'] ) ? $input['auth0_app_token'] : $old_options['auth0_app_token'] );
 
 
diff --git a/lib/initial-setup/WP_Auth0_InitialSetup_Consent.php b/lib/initial-setup/WP_Auth0_InitialSetup_Consent.php
@@ -142,9 +142,9 @@ public function consent_callback( $name ) {
 
 			if ( $connection_exists === false ) {
 
-				$secret = $this->a0_options->get( 'client_secret' );
+				$secret = $this->a0_options->get_client_secret_as_key();
 				$token_id = uniqid();
-				$migration_token = JWT::encode( array( 'scope' => 'migration_ws', 'jti' => $token_id ), JWT::urlsafeB64Decode( $secret ) );
+				$migration_token = JWT::encode( array( 'scope' => 'migration_ws', 'jti' => $token_id ), $secret );
 				$migration_token_id = $token_id;
 
 				$operations = new WP_Auth0_Api_Operations( $this->a0_options );
diff --git a/lib/initial-setup/WP_Auth0_InitialSetup_Migration.php b/lib/initial-setup/WP_Auth0_InitialSetup_Migration.php
@@ -11,9 +11,9 @@ public function __construct( WP_Auth0_Options $a0_options ) {
 	public function render( $step ) {
 		$migration_ws = $this->a0_options->get( 'migration_ws' );
 
-		$secret = $this->a0_options->get( 'client_secret' );
+		$secret = $this->a0_options->get_client_secret_as_key();
 		$token_id = uniqid();
-		$token = JWT::encode( array( 'scope' => 'migration_ws', 'jti' => $token_id ), JWT::urlsafeB64Decode( $secret ) );
+		$token = JWT::encode( array( 'scope' => 'migration_ws', 'jti' => $token_id ), $secret );
 
 		$this->a0_options->set( 'migration_token', $token );
 		$this->a0_options->set( 'migration_token_id', $token_id );
diff --git a/templates/auth0-login-form-lock10.php b/templates/auth0-login-form-lock10.php
@@ -78,8 +78,11 @@
 
     <?php if ( $lock_options->get_auth0_implicit_workflow() ) { ?>
 
-        lock.on("authenticated", function(authResult) {
+        if (window.location.hash !== '' && window.location.hash.indexOf('id_token') !== -1) {
+            ignore_sso = true;
+        }
 
+        lock.on("authenticated", function(authResult) {
             post('<?php echo home_url( '/index.php?auth0=implicit' ); ?>', {
                 token:authResult.idToken,
                 state:authResult.state

Original file line number	Diff line number	Diff line change
`@@ -268,8 +268,8 @@ public function override_email_update() {`
`268`	`268`	`$errors = new WP_Error();`
`269`	`269`	`}`
`270`	`270`
`271`		`- $current_user = get_currentauth0user();`
`272`		`- $user_profile = $current_user->auth0_obj;`
	`271`	`+ $current_user = wp_get_current_user();`
	`272`	`+ $user_profile = get_currentauth0userinfo();`
`273`	`273`
`274`	`274`	`$app_token = $this->a0_options->get( 'auth0_app_token' );;`
`275`	`275`