Jetpack_SSO_Helpers

A collection of helper functions used in the SSO module.

Defined (1)

The class is defined in the following location(s).

/modules/sso/class.jetpack-sso-helpers.php  
  1. class Jetpack_SSO_Helpers { 
  2. /** 
  3. * Determine if the login form should be hidden or not 
  4. * @return bool 
  5. **/ 
  6. static function should_hide_login_form() { 
  7. /** 
  8. * Remove the default log in form, only leave the WordPress.com log in button. 
  9. * @module sso 
  10. * @since 3.1.0 
  11. * @param bool get_option( 'jetpack_sso_remove_login_form', false ) Should the default log in form be removed. Default to false. 
  12. */ 
  13. return (bool) apply_filters( 'jetpack_remove_login_form', get_option( 'jetpack_sso_remove_login_form', false ) ); 
  14.  
  15. /** 
  16. * Returns a boolean value for whether logging in by matching the WordPress.com user email to a 
  17. * Jetpack site user's email is allowed. 
  18. * @return bool 
  19. */ 
  20. static function match_by_email() { 
  21. $match_by_email = ( 1 == get_option( 'jetpack_sso_match_by_email', true ) ) ? true: false; 
  22. $match_by_email = defined( 'WPCC_MATCH_BY_EMAIL' ) ? WPCC_MATCH_BY_EMAIL : $match_by_email; 
  23.  
  24. /** 
  25. * Link the local account to an account on WordPress.com using the same email address. 
  26. * @module sso 
  27. * @since 2.6.0 
  28. * @param bool $match_by_email Should we link the local account to an account on WordPress.com using the same email address. Default to false. 
  29. */ 
  30. return (bool) apply_filters( 'jetpack_sso_match_by_email', $match_by_email ); 
  31.  
  32. /** 
  33. * Returns a boolean for whether users are allowed to register on the Jetpack site with SSO,  
  34. * even though the site disallows normal registrations. 
  35. * @return bool 
  36. */ 
  37. static function new_user_override( $user_data = null ) { 
  38. $new_user_override = defined( 'WPCC_NEW_USER_OVERRIDE' ) ? WPCC_NEW_USER_OVERRIDE : false; 
  39.  
  40. /** 
  41. * Allow users to register on your site with a WordPress.com account, even though you disallow normal registrations.  
  42. * If you return a string that corresponds to a user role, the user will be given that role. 
  43. * @module sso 
  44. * @since 2.6.0 
  45. * @since 4.6 $user_data object is now passed to the jetpack_sso_new_user_override filter 
  46. * @param bool $new_user_override Allow users to register on your site with a WordPress.com account. Default to false. 
  47. * @param object|null $user_data An object containing the user data returned from WordPress.com. 
  48. */ 
  49. $role = apply_filters( 'jetpack_sso_new_user_override', $new_user_override, $user_data ); 
  50.  
  51. if ( $role ) { 
  52. if ( is_string( $role ) && get_role( $role ) ) { 
  53. return $role; 
  54. } else { 
  55. return get_option( 'default_role' ); 
  56.  
  57. return false; 
  58.  
  59. /** 
  60. * Returns a boolean value for whether two-step authentication is required for SSO. 
  61. * @since 4.1.0 
  62. * @return bool 
  63. */ 
  64. static function is_two_step_required() { 
  65. /** 
  66. * Is it required to have 2-step authentication enabled on WordPress.com to use SSO? 
  67. * @module sso 
  68. * @since 2.8.0 
  69. * @param bool get_option( 'jetpack_sso_require_two_step' ) Does SSO require 2-step authentication? 
  70. */ 
  71. return (bool) apply_filters( 'jetpack_sso_require_two_step', get_option( 'jetpack_sso_require_two_step', false ) ); 
  72.  
  73. /** 
  74. * Returns a boolean for whether a user that is attempting to log in will be automatically 
  75. * redirected to WordPress.com to begin the SSO flow. 
  76. * @return bool 
  77. */ 
  78. static function bypass_login_forward_wpcom() { 
  79. /** 
  80. * Redirect the site's log in form to WordPress.com's log in form. 
  81. * @module sso 
  82. * @since 3.1.0 
  83. * @param bool false Should the site's log in form be automatically forwarded to WordPress.com's log in form. 
  84. */ 
  85. return (bool) apply_filters( 'jetpack_sso_bypass_login_forward_wpcom', false ); 
  86.  
  87. /** 
  88. * Returns a boolean for whether the SSO login form should be displayed as the default 
  89. * when both the default and SSO login form allowed. 
  90. * @since 4.1.0 
  91. * @return bool 
  92. */ 
  93. static function show_sso_login() { 
  94. if ( self::should_hide_login_form() ) { 
  95. return true; 
  96.  
  97. /** 
  98. * Display the SSO login form as the default when both the default and SSO login forms are enabled. 
  99. * @module sso 
  100. * @since 4.1.0 
  101. * @param bool true Should the SSO login form be displayed by default when the default login form is also enabled? 
  102. */ 
  103. return (bool) apply_filters( 'jetpack_sso_default_to_sso_login', true ); 
  104.  
  105. /** 
  106. * Returns a boolean for whether the two step required checkbox, displayed on the Jetpack admin page, should be disabled. 
  107. * @since 4.1.0 
  108. * @return bool 
  109. */ 
  110. static function is_require_two_step_checkbox_disabled() { 
  111. return (bool) has_filter( 'jetpack_sso_require_two_step' ); 
  112.  
  113. /** 
  114. * Returns a boolean for whether the match by email checkbox, displayed on the Jetpack admin page, should be disabled. 
  115. * @since 4.1.0 
  116. * @return bool 
  117. */ 
  118. static function is_match_by_email_checkbox_disabled() { 
  119. return defined( 'WPCC_MATCH_BY_EMAIL' ) || has_filter( 'jetpack_sso_match_by_email' ); 
  120.  
  121. /** 
  122. * Returns an array of hosts that SSO will redirect to. 
  123. * Instead of accessing JETPACK__API_BASE within the method directly, we set it as the 
  124. * default for $api_base due to restrictions with testing constants in our tests. 
  125. * @since 4.3.0 
  126. * @since 4.6.0 Added public-api.wordpress.com as an allowed redirect 
  127. * @param array $hosts 
  128. * @param string $api_base 
  129. * @return array 
  130. */ 
  131. static function allowed_redirect_hosts( $hosts, $api_base = JETPACK__API_BASE ) { 
  132. if ( empty( $hosts ) ) { 
  133. $hosts = array(); 
  134.  
  135. $hosts[] = 'wordpress.com'; 
  136. $hosts[] = 'jetpack.wordpress.com'; 
  137. $hosts[] = 'public-api.wordpress.com'; 
  138.  
  139. if ( 
  140. ( Jetpack::is_development_mode() || Jetpack::is_development_version() ) && 
  141. ( false === strpos( $api_base, 'jetpack.wordpress.com/jetpack' ) ) 
  142. ) { 
  143. $base_url_parts = parse_url( esc_url_raw( $api_base ) ); 
  144. if ( $base_url_parts && ! empty( $base_url_parts[ 'host' ] ) ) { 
  145. $hosts[] = $base_url_parts[ 'host' ]; 
  146.  
  147. return array_unique( $hosts ); 
  148.  
  149. static function generate_user( $user_data ) { 
  150. $username = $user_data->login; 
  151.  
  152. /** 
  153. * Determines how many times the SSO module can attempt to randomly generate a user. 
  154. * @module sso 
  155. * @since 4.3.2 
  156. * @param int 5 By default, SSO will attempt to random generate a user up to 5 times. 
  157. */ 
  158. $num_tries = intval( apply_filters( 'jetpack_sso_allowed_username_generate_retries', 5 ) ); 
  159.  
  160. $tries = 0; 
  161. while ( ( $exists = username_exists( $username ) ) && $tries++ < $num_tries ) { 
  162. $username = $user_data->login . '_' . $user_data->ID . '_' . mt_rand(); 
  163.  
  164. if ( $exists ) { 
  165. return false; 
  166.  
  167. $password = wp_generate_password( 20 ); 
  168. $user_id = wp_create_user( $username, $password, $user_data->email ); 
  169. $user = get_userdata( $user_id ); 
  170.  
  171. $user->display_name = $user_data->display_name; 
  172. $user->first_name = $user_data->first_name; 
  173. $user->last_name = $user_data->last_name; 
  174. $user->url = $user_data->url; 
  175. $user->description = $user_data->description; 
  176.  
  177. if ( isset( $user_data->role ) && $user_data->role ) { 
  178. $user->role = $user_data->role; 
  179.  
  180. wp_update_user( $user ); 
  181.  
  182. update_user_meta( $user->ID, 'wpcom_user_id', $user_data->ID ); 
  183.  
  184. return $user; 
  185.  
  186. static function extend_auth_cookie_expiration_for_sso() { 
  187. /** 
  188. * Determines how long the auth cookie is valid for when a user logs in with SSO. 
  189. * @module sso 
  190. * @since 4.4.0 
  191. * @param int YEAR_IN_SECONDS 
  192. */ 
  193. return intval( apply_filters( 'jetpack_sso_auth_cookie_expirtation', YEAR_IN_SECONDS ) ); 
  194.  
  195. /** 
  196. * Determines if the SSO form should be displayed for the current action. 
  197. * @since 4.6.0 
  198. * @param string $action 
  199. * @return bool Is SSO allowed for the current action? 
  200. */ 
  201. static function display_sso_form_for_action( $action ) { 
  202. /** 
  203. * Allows plugins the ability to overwrite actions where the SSO form is allowed to be used. 
  204. * @module sso 
  205. * @since 4.6.0 
  206. * @param array $allowed_actions_for_sso 
  207. */ 
  208. $allowed_actions_for_sso = (array) apply_filters( 'jetpack_sso_allowed_actions', array( 
  209. 'login',  
  210. 'jetpack-sso',  
  211. 'jetpack_json_api_authorization',  
  212. ) ); 
  213. return in_array( $action, $allowed_actions_for_sso ); 
  214.  
  215. /** 
  216. * This method returns an environment array that is meant to simulate `$_REQUEST` when the initial 
  217. * JSON API auth request was made. 
  218. * @since 4.6.0 
  219. * @return array|bool 
  220. */ 
  221. static function get_json_api_auth_environment() { 
  222. if ( empty( $_COOKIE['jetpack_sso_original_request'] ) ) { 
  223. return false; 
  224.  
  225. $original_request = esc_url_raw( $_COOKIE['jetpack_sso_original_request'] ); 
  226.  
  227. $parsed_url = wp_parse_url( $original_request ); 
  228. if ( empty( $parsed_url ) || empty( $parsed_url['query'] ) ) { 
  229. return false; 
  230.  
  231. $args = array(); 
  232. wp_parse_str( $parsed_url['query'], $args ); 
  233.  
  234. if ( empty( $args ) || empty( $args['action'] ) ) { 
  235. return false; 
  236.  
  237. if ( 'jetpack_json_api_authorization' != $args['action'] ) { 
  238. return false; 
  239.  
  240. return array_merge( 
  241. $args,  
  242. array( 'jetpack_json_api_original_query' => $original_request ) 
  243. );