Google Apps Login - Version 1.1

Version Description

Upgrade recommended Increased security - uses an extra authenticity check Better support for mal-configured Google credentials No longer uses PHP-based sessions - will work on even more WordPress configurations

Download this release

Release Info

Developer danlester
Plugin Icon 128x128 Google Apps Login
Version 1.1
Comparing to
See all releases

Code changes from version 1.0 to 1.1

Files changed (3) hide show
  1. google_apps_login.php +130 -90
  2. readme.txt +6 -0
  3. uninstall.php +15 -0
google_apps_login.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
  * Description: Easy login for your Wordpress users by using their Google accounts (uses OAuth2 and requires a Google Apps domain).
7
- * Version: 1.0
8
  * Author: Dan Lester
9
  * Author URI: http://danlester.com/
10
  * License: GPL3
@@ -12,12 +12,27 @@
12
 
13
  class google_apps_login {
14
 
15
- function createGoogleClient() {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
16
  require_once 'googleclient/Google_Client.php';
17
  require_once 'googleclient/contrib/Google_Oauth2Service.php';
18
 
19
- $options = get_option('galogin');
20
-
21
  $client = new Google_Client();
22
  $client->setApplicationName("Wordpress Blog");
23
 
@@ -33,7 +48,7 @@ class google_apps_login {
33
  return Array($client, $oauthservice);
34
  }
35
 
36
- function ga_login_styles() { ?>
37
  <style type="text/css">
38
  form#loginform div.galogin {
39
  float: right;
@@ -64,23 +79,22 @@ class google_apps_login {
64
  </style>
65
  <?php }
66
 
67
- function ga_login_form() {
68
- self::_ga_unset_session();
69
-
70
- $clients = self::createGoogleClient();
71
  $client = $clients[0];
72
 
73
  // Generate a CSRF token
74
- $state = md5(rand());
75
- $_SESSION['galogin_state'] = $state;
76
- $client->setState($state);
77
-
78
- // Store following WP page if any
79
- if (array_key_exists('redirect_to', $_REQUEST)) {
80
- $_SESSION['galogin_redirect_to'] = $_REQUEST['redirect_to'];
81
- }
82
 
83
  $authUrl = $client->createAuthUrl();
 
 
 
84
  ?>
85
  <div class="galogin">
86
  <a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
@@ -88,21 +102,40 @@ class google_apps_login {
88
  <?php
89
  }
90
 
91
- function ga_authenticate($user) {
92
  if (isset($_REQUEST['error'])) {
93
  $user = new WP_Error('ga_login_error', $_REQUEST['error'] == 'access_denied' ? 'You did not grant access' : $_REQUEST['error']);
94
- return self::displayAndReturnError($user);
95
  }
96
 
97
- $clients = self::createGoogleClient();
 
98
  $client = $clients[0];
99
  $oauthservice = $clients[1];
100
 
101
  if (isset($_GET['code'])) {
102
- if (session_id() && (!isset($_REQUEST['state']) || !isset($_SESSION['galogin_state'])
103
- || $_REQUEST['state'] != $_SESSION['galogin_state'])) {
104
- $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting cookies");
105
- return self::displayAndReturnError($user);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
106
  }
107
 
108
  try {
@@ -138,9 +171,10 @@ class google_apps_login {
138
  $user = new WP_Error('ga_login_error', 'User '.$google_email.' not registered in Wordpress');
139
  }
140
  else {
141
- if (session_id() && array_key_exists('galogin_redirect_to', $_SESSION)) {
142
- $_SESSION['galogin_do_redirect_to'] = $_SESSION['galogin_redirect_to'];
143
- }
 
144
  }
145
  }
146
  }
@@ -152,17 +186,14 @@ class google_apps_login {
152
  }
153
  }
154
 
155
- // Tidy things up for next time
156
- self::_ga_unset_session();
157
-
158
  if (is_wp_error($user)) {
159
- self::displayAndReturnError($user);
160
  }
161
 
162
  return $user;
163
  }
164
 
165
- function displayAndReturnError($user) {
166
  if (is_wp_error($user) && get_bloginfo('version') < 3.7) {
167
  // Only newer wordpress versions display errors from $user for us
168
  global $error;
@@ -171,52 +202,42 @@ class google_apps_login {
171
  return $user;
172
  }
173
 
174
- function ga_init() {
175
- if(!session_id()) {
176
- @session_start();
177
- }
178
- if (array_key_exists('galogin_do_redirect_to', $_SESSION)) {
179
- // Login page originally contained a redirect url, so go there now all auth is finished
180
- $url = $_SESSION['galogin_do_redirect_to'];
181
- unset($_SESSION['galogin_do_redirect_to']);
182
- wp_redirect($url);
183
- exit;
184
- }
185
- }
186
-
187
- function _ga_unset_session() {
188
- // Reset session state
189
- if (session_id()) {
190
- if (array_key_exists('galogin_redirect_to', $_SESSION)) {
191
- unset($_SESSION['galogin_redirect_to']);
192
- }
193
- if (array_key_exists('galogin_state', $_SESSION)) {
194
- unset($_SESSION['galogin_state']);
195
- unset($_SESSION['state']);
196
  }
197
  }
 
 
 
 
198
  }
199
 
200
- function ga_admin_init() {
201
 
202
- register_setting( 'galogin_options', 'galogin', Array('google_apps_login', 'ga_options_validate') );
203
 
204
  add_settings_section('galogin_main_section', 'Main Settings',
205
- array('google_apps_login', 'ga_section_text'), 'galogin');
206
 
207
  add_settings_field('ga_clientid', 'Client ID',
208
- array('google_apps_login', 'ga_do_settings_clientid'), 'galogin', 'galogin_main_section');
209
  add_settings_field('ga_clientsecret', 'Client Secret',
210
- array('google_apps_login', 'ga_do_settings_clientsecret'), 'galogin', 'galogin_main_section');
211
  }
212
 
213
- function ga_admin_menu() {
214
  add_options_page('Google Apps Login settings', 'Google Apps Login',
215
  'manage_options', 'galogin_list_options',
216
- array('google_apps_login', 'ga_options_do_page'));
217
  }
218
 
219
- function ga_options_do_page() { ?>
220
  <div>
221
  <h2>Google Apps Login setup</h2>
222
  Set up your blog to enable Google logins.
@@ -228,19 +249,19 @@ class google_apps_login {
228
  </form></div> <?php
229
  }
230
 
231
- function ga_do_settings_clientid() {
232
- $options = get_option('galogin');
233
  echo "<input id='plugin_text_string' name='galogin[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
234
  echo "<br /><span>Normally something like 1234567890123.apps.googleusercontent.com</span>";
235
  }
236
 
237
- function ga_do_settings_clientsecret() {
238
- $options = get_option('galogin');
239
  echo "<input id='plugin_text_string' name='galogin[ga_clientsecret]' size='40' type='text' value='{$options['ga_clientsecret']}' />";
240
  echo "<br /><span>Normally something like sHSfR4_jf_2jsy-kjPjgf2dT</span>";
241
  }
242
 
243
- function ga_section_text() {
244
  ?>
245
  <p>The Google Apps domain admin needs to go to
246
  <a href="https://cloud.google.com/console" target="_blank">https://cloud.google.com/console</a>. If you
@@ -261,7 +282,17 @@ class google_apps_login {
261
  </p>
262
  <p>You must input, into your new Google application, the following items:
263
  <ul style="margin-left: 10px;">
264
- <li>Web Origin: <?php echo site_url(); ?></li>
 
 
 
 
 
 
 
 
 
 
265
  <li>Redirect URL: <?php echo wp_login_url(); ?></li>
266
  <?php
267
  if (force_ssl_login() && strtolower(substr(wp_login_url(),0,7)) == 'http://') {
@@ -283,12 +314,14 @@ class google_apps_login {
283
  <i>Consent screen</i> (which is another sub-menu of <i>APIs &amp; Auth</i>).
284
  </p>
285
 
286
- <p><b>For support and premium features, please visit: <a href="http://wp-glogin.com/" target="_blank">http://wp-glogin.com/</a></b></p>
 
 
287
 
288
  <?php
289
  }
290
 
291
- function ga_options_validate($input) {
292
  $newinput = Array();
293
  $newinput['ga_clientid'] = trim($input['ga_clientid']);
294
  $newinput['ga_clientsecret'] = trim($input['ga_clientsecret']);
@@ -311,28 +344,35 @@ class google_apps_login {
311
  return $newinput;
312
  }
313
 
314
- function ga_on_uninstall() {
315
- if (!current_user_can('activate_plugins'))
316
- return;
317
-
318
- // Important: Check if the file is the one
319
- // that was registered during the uninstall hook.
320
- if (!defined( 'WP_UNINSTALL_PLUGIN' ) || __FILE__ != WP_UNINSTALL_PLUGIN)
321
- return;
322
-
323
- // Remove options for plugin
324
- delete_option('galogin');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
325
  }
326
  }
327
 
328
- add_action('login_enqueue_scripts', array('google_apps_login', 'ga_login_styles'));
329
- add_action('login_form', array('google_apps_login', 'ga_login_form'));
330
- add_action('authenticate', array('google_apps_login', 'ga_authenticate'));
331
- add_action('init', array('google_apps_login', 'ga_init'), 1);
332
-
333
- add_action('admin_init', array('google_apps_login', 'ga_admin_init'));
334
- add_action('admin_menu', array('google_apps_login', 'ga_admin_menu'));
335
-
336
- register_uninstall_hook(__FILE__, array('google_apps_login', 'ga_on_uninstall'));
337
 
338
  ?>
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
  * Description: Easy login for your Wordpress users by using their Google accounts (uses OAuth2 and requires a Google Apps domain).
7
+ * Version: 1.1
8
  * Author: Dan Lester
9
  * Author URI: http://danlester.com/
10
  * License: GPL3
12
 
13
  class google_apps_login {
14
 
15
+ public function __construct() {
16
+ $this->add_actions();
17
+ }
18
+
19
+ protected $newcookievalue = null;
20
+ protected function get_cookie_value() {
21
+ if (!$this->newcookievalue) {
22
+ if (isset($_COOKIE['google_apps_login'])) {
23
+ $this->newcookievalue = $_COOKIE['google_apps_login'];
24
+ }
25
+ else {
26
+ $this->newcookievalue = md5(rand());
27
+ }
28
+ }
29
+ return $this->newcookievalue;
30
+ }
31
+
32
+ protected function createGoogleClient($options) {
33
  require_once 'googleclient/Google_Client.php';
34
  require_once 'googleclient/contrib/Google_Oauth2Service.php';
35
 
 
 
36
  $client = new Google_Client();
37
  $client->setApplicationName("Wordpress Blog");
38
 
48
  return Array($client, $oauthservice);
49
  }
50
 
51
+ public function ga_login_styles() { ?>
52
  <style type="text/css">
53
  form#loginform div.galogin {
54
  float: right;
79
  </style>
80
  <?php }
81
 
82
+ public function ga_login_form() {
83
+ $options = $this->get_option_galogin();
84
+ $clients = $this->createGoogleClient($options);
 
85
  $client = $clients[0];
86
 
87
  // Generate a CSRF token
88
+ $state = wp_create_nonce('google_apps_login');
89
+ $client->setState(urlencode($state
90
+ .'|'.$this->get_cookie_value()
91
+ .'|'.(array_key_exists('redirect_to', $_REQUEST) ? $_REQUEST['redirect_to'] : '')
92
+ ));
 
 
 
93
 
94
  $authUrl = $client->createAuthUrl();
95
+ if ($client->getClientId() == "") {
96
+ $authUrl = "http://wp-glogin.com/installing-google-apps-login/#main-settings";
97
+ }
98
  ?>
99
  <div class="galogin">
100
  <a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
102
  <?php
103
  }
104
 
105
+ public function ga_authenticate($user) {
106
  if (isset($_REQUEST['error'])) {
107
  $user = new WP_Error('ga_login_error', $_REQUEST['error'] == 'access_denied' ? 'You did not grant access' : $_REQUEST['error']);
108
+ return $this->displayAndReturnError($user);
109
  }
110
 
111
+ $options = $this->get_option_galogin();
112
+ $clients = $this->createGoogleClient($options);
113
  $client = $clients[0];
114
  $oauthservice = $clients[1];
115
 
116
  if (isset($_GET['code'])) {
117
+ if (!isset($_REQUEST['state'])) {
118
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting state");
119
+ return $this->displayAndReturnError($user);
120
+ }
121
+
122
+ $statevars = explode('|', urldecode($_REQUEST['state']));
123
+ if (count($statevars) != 3) {
124
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem computing state");
125
+ return $this->displayAndReturnError($user);
126
+ }
127
+ $retnonce = $statevars[0];
128
+ $retcookie = $statevars[1];
129
+ $retredirectto = $statevars[2];
130
+
131
+ if (!wp_verify_nonce($retnonce, 'google_apps_login')) {
132
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting nonce");
133
+ return $this->displayAndReturnError($user);
134
+ }
135
+
136
+ if (!isset($_COOKIE['google_apps_login']) || $retcookie != $_COOKIE['google_apps_login']) {
137
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting cookie");
138
+ return $this->displayAndReturnError($user);
139
  }
140
 
141
  try {
171
  $user = new WP_Error('ga_login_error', 'User '.$google_email.' not registered in Wordpress');
172
  }
173
  else {
174
+ // Set redirect for next load - including if "" to force reset to no redirect
175
+ setcookie('galogin_do_redirect_to', $retredirectto, time()+60, '/');
176
+ // Reset client-side login cookie so it doesn't expire on us next login time
177
+ setcookie('google_apps_login', '', time()-3600, '/');
178
  }
179
  }
180
  }
186
  }
187
  }
188
 
 
 
 
189
  if (is_wp_error($user)) {
190
+ $this->displayAndReturnError($user);
191
  }
192
 
193
  return $user;
194
  }
195
 
196
+ protected function displayAndReturnError($user) {
197
  if (is_wp_error($user) && get_bloginfo('version') < 3.7) {
198
  // Only newer wordpress versions display errors from $user for us
199
  global $error;
202
  return $user;
203
  }
204
 
205
+ public function ga_init() {
206
+ if (isset($_COOKIE['galogin_do_redirect_to'])) {
207
+ $do_redirect = $_COOKIE['galogin_do_redirect_to'];
208
+ setcookie('galogin_do_redirect_to', '', time()-3600, '/');
209
+
210
+ if ($do_redirect != "") {
211
+ wp_redirect($do_redirect);
212
+ exit;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
213
  }
214
  }
215
+
216
+ if (!isset($_COOKIE['google_apps_login']) && $GLOBALS['pagenow'] == 'wp-login.php') {
217
+ setcookie('google_apps_login', $this->get_cookie_value(), time()+1800, '/');
218
+ }
219
  }
220
 
221
+ public function ga_admin_init() {
222
 
223
+ register_setting( 'galogin_options', 'galogin', Array($this, 'ga_options_validate') );
224
 
225
  add_settings_section('galogin_main_section', 'Main Settings',
226
+ array($this, 'ga_section_text'), 'galogin');
227
 
228
  add_settings_field('ga_clientid', 'Client ID',
229
+ array($this, 'ga_do_settings_clientid'), 'galogin', 'galogin_main_section');
230
  add_settings_field('ga_clientsecret', 'Client Secret',
231
+ array($this, 'ga_do_settings_clientsecret'), 'galogin', 'galogin_main_section');
232
  }
233
 
234
+ public function ga_admin_menu() {
235
  add_options_page('Google Apps Login settings', 'Google Apps Login',
236
  'manage_options', 'galogin_list_options',
237
+ array($this, 'ga_options_do_page'));
238
  }
239
 
240
+ public function ga_options_do_page() { ?>
241
  <div>
242
  <h2>Google Apps Login setup</h2>
243
  Set up your blog to enable Google logins.
249
  </form></div> <?php
250
  }
251
 
252
+ public function ga_do_settings_clientid() {
253
+ $options = $this->get_option_galogin();
254
  echo "<input id='plugin_text_string' name='galogin[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
255
  echo "<br /><span>Normally something like 1234567890123.apps.googleusercontent.com</span>";
256
  }
257
 
258
+ public function ga_do_settings_clientsecret() {
259
+ $options = $this->get_option_galogin();
260
  echo "<input id='plugin_text_string' name='galogin[ga_clientsecret]' size='40' type='text' value='{$options['ga_clientsecret']}' />";
261
  echo "<br /><span>Normally something like sHSfR4_jf_2jsy-kjPjgf2dT</span>";
262
  }
263
 
264
+ public function ga_section_text() {
265
  ?>
266
  <p>The Google Apps domain admin needs to go to
267
  <a href="https://cloud.google.com/console" target="_blank">https://cloud.google.com/console</a>. If you
282
  </p>
283
  <p>You must input, into your new Google application, the following items:
284
  <ul style="margin-left: 10px;">
285
+ <li>Web Origin: <?php echo (is_ssl() ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/'; ?></li>
286
+ <?php
287
+ if (is_ssl()) {
288
+ ?>
289
+ <li>
290
+ Web Origin (add a 2nd entry): http://<?php echo $_SERVER['HTTP_HOST'].'/'; ?>
291
+ </li>
292
+ <?php
293
+ }
294
+ ?>
295
+
296
  <li>Redirect URL: <?php echo wp_login_url(); ?></li>
297
  <?php
298
  if (force_ssl_login() && strtolower(substr(wp_login_url(),0,7)) == 'http://') {
314
  <i>Consent screen</i> (which is another sub-menu of <i>APIs &amp; Auth</i>).
315
  </p>
316
 
317
+ <p><b>For support and premium features, please visit:
318
+ <a href="http://wp-glogin.com/?utm_source=Admin%20Panel&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
319
+ </p>
320
 
321
  <?php
322
  }
323
 
324
+ public function ga_options_validate($input) {
325
  $newinput = Array();
326
  $newinput['ga_clientid'] = trim($input['ga_clientid']);
327
  $newinput['ga_clientsecret'] = trim($input['ga_clientsecret']);
344
  return $newinput;
345
  }
346
 
347
+ static $default_options = Array( 'ga_clientid' => '', 'ga_clientsecret' => '');
348
+ private $ga_options = null;
349
+ protected function get_option_galogin() {
350
+ if ($this->ga_options != null) {
351
+ return $this->ga_options;
352
+ }
353
+
354
+ $option = get_option('galogin');
355
+
356
+ foreach (self::$default_options as $k => $v) {
357
+ if (!isset($option[$k])) {
358
+ $option[$k] = $v;
359
+ }
360
+ }
361
+ $this->ga_options = $option;
362
+ return $this->ga_options;
363
+ }
364
+
365
+ protected function add_actions() {
366
+ add_action('login_enqueue_scripts', array($this, 'ga_login_styles'));
367
+ add_action('login_form', array($this, 'ga_login_form'));
368
+ add_action('authenticate', array($this, 'ga_authenticate'), 5, 3);
369
+ add_action('init', array($this, 'ga_init'), 1);
370
+
371
+ add_action('admin_init', array($this, 'ga_admin_init'));
372
+ add_action('admin_menu', array($this, 'ga_admin_menu'));
373
  }
374
  }
375
 
376
+ $ga_google_apps_login_plugin = new google_apps_login();
 
 
 
 
 
 
 
 
377
 
378
  ?>
readme.txt CHANGED
@@ -71,6 +71,12 @@ the Plugins section of your Wordpress admin
71
 
72
  == Upgrade Notice ==
73
 
 
 
 
 
 
 
74
  = 1.0 =
75
  All existing versions are functionally identical - no need to upgrade.
76
 
71
 
72
  == Upgrade Notice ==
73
 
74
+ = 1.1 =
75
+ Upgrade recommended
76
+ Increased security - uses an extra authenticity check
77
+ Better support for mal-configured Google credentials
78
+ No longer uses PHP-based sessions - will work on even more WordPress configurations
79
+
80
  = 1.0 =
81
  All existing versions are functionally identical - no need to upgrade.
82
 
uninstall.php ADDED
@@ -0,0 +1,15 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /*
3
+ * Remove plugin data
4
+ */
5
+
6
+ if (!defined('ABSPATH') && !defined('WP_UNINSTALL_PLUGIN')) {
7
+ exit;
8
+ }
9
+
10
+ if (!current_user_can('activate_plugins'))
11
+ exit;
12
+
13
+ delete_option('galogin');
14
+
15
+ ?>