Google Apps Login - Version 1.3

Version Description

Much neater support for redirecting users to most appropriate page post-login, especially on multisite installations; Better notices guiding admins through configuration

Download this release

Release Info

Developer danlester
Plugin Icon 128x128 Google Apps Login
Version 1.3
Comparing to
See all releases

Code changes from version 1.2 to 1.3

Files changed (3) hide show
  1. core/core_google_apps_login.php +168 -67
  2. google_apps_login.php +15 -4
  3. readme.txt +59 -20
core/core_google_apps_login.php CHANGED
@@ -73,22 +73,27 @@ class core_google_apps_login {
73
  </style>
74
  <?php }
75
 
76
- public function ga_login_form() {
 
77
  $options = $this->get_option_galogin();
78
  $clients = $this->createGoogleClient($options);
79
- $client = $clients[0];
80
 
81
  // Generate a CSRF token
82
- $state = wp_create_nonce('google_apps_login');
83
- $client->setState(urlencode($state
84
- .'|'.$this->get_cookie_value()
85
- .'|'.(array_key_exists('redirect_to', $_REQUEST) ? $_REQUEST['redirect_to'] : '')
86
  ));
87
 
88
  $authUrl = $client->createAuthUrl();
89
- if ($client->getClientId() == "") {
90
- $authUrl = "http://wp-glogin.com/installing-google-apps-login/#main-settings";
91
  }
 
 
 
 
 
92
  ?>
93
  <div class="galogin">
94
  <a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
@@ -96,9 +101,34 @@ class core_google_apps_login {
96
  <?php
97
  }
98
 
 
 
 
 
 
 
 
 
 
 
 
 
99
  public function ga_authenticate($user, $username=null, $password=null) {
100
  if (isset($_REQUEST['error'])) {
101
- $user = new WP_Error('ga_login_error', $_REQUEST['error'] == 'access_denied' ? 'You did not grant access' : $_REQUEST['error']);
 
 
 
 
 
 
 
 
 
 
 
 
 
102
  return $this->displayAndReturnError($user);
103
  }
104
 
@@ -114,21 +144,15 @@ class core_google_apps_login {
114
  }
115
 
116
  $statevars = explode('|', urldecode($_REQUEST['state']));
117
- if (count($statevars) != 3) {
118
- $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem computing state");
119
  return $this->displayAndReturnError($user);
120
  }
121
  $retnonce = $statevars[0];
122
- $retcookie = $statevars[1];
123
- $retredirectto = $statevars[2];
124
 
125
- if (!wp_verify_nonce($retnonce, 'google_apps_login')) {
126
- $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting nonce");
127
- return $this->displayAndReturnError($user);
128
- }
129
-
130
- if (!isset($_COOKIE['google_apps_login']) || $retcookie != $_COOKIE['google_apps_login']) {
131
- $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting cookie");
132
  return $this->displayAndReturnError($user);
133
  }
134
 
@@ -165,11 +189,10 @@ class core_google_apps_login {
165
  $user = $this->createUserOrError($userinfo, $options);
166
  }
167
 
168
- if (!$user) {
169
- // Set redirect for next load - including if "" to force reset to no redirect
170
- setcookie('galogin_do_redirect_to', $retredirectto, time()+60, '/');
171
- // Reset client-side login cookie so it doesn't expire on us next login time
172
- setcookie('google_apps_login', '', time()-3600, '/');
173
  }
174
  }
175
  }
@@ -212,26 +235,37 @@ class core_google_apps_login {
212
  return $user;
213
  }
214
 
215
- public function ga_init() {
216
- if (isset($_COOKIE['galogin_do_redirect_to'])) {
217
- $do_redirect = $_COOKIE['galogin_do_redirect_to'];
218
- setcookie('galogin_do_redirect_to', '', time()-3600, '/');
219
-
220
- if ($do_redirect != "") {
221
- wp_redirect($do_redirect);
222
- exit;
 
 
 
 
 
 
 
223
  }
224
  }
225
-
 
 
 
226
  if (!isset($_COOKIE['google_apps_login']) && $GLOBALS['pagenow'] == 'wp-login.php') {
227
- setcookie('google_apps_login', $this->get_cookie_value(), time()+1800, '/');
228
  }
229
  }
230
 
231
  protected function get_login_url() {
 
232
  $login_url = wp_login_url();
233
 
234
- if (is_multisite() && defined('SUBDOMAIN_INSTALL') && SUBDOMAIN_INSTALL === false) {
235
  $login_url = network_site_url('wp-login.php');
236
  }
237
 
@@ -253,11 +287,42 @@ class core_google_apps_login {
253
  return 'galogin_options';
254
  }
255
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
256
  public function ga_admin_init() {
257
  register_setting( $this->get_options_pagename(), $this->get_options_name(), Array($this, 'ga_options_validate') );
258
 
259
  $this->ga_admin_init_main();
260
  $this->ga_admin_init_domain();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
261
  }
262
 
263
  protected function ga_admin_init_main() {
@@ -272,6 +337,16 @@ class core_google_apps_login {
272
 
273
  protected function ga_admin_init_domain() {
274
  }
 
 
 
 
 
 
 
 
 
 
275
 
276
  public function ga_admin_menu() {
277
  if (is_multisite()) {
@@ -287,7 +362,7 @@ class core_google_apps_login {
287
  }
288
 
289
  public function ga_options_do_page() {
290
- $submit_page = is_multisite() ? 'edit.php?action='.$this->get_options_menuname() : 'options.php'; //settings.php?page=galogin_list_premium
291
 
292
  if (is_multisite()) {
293
  $this->ga_options_do_network_errors();
@@ -337,7 +412,7 @@ class core_google_apps_login {
337
  public function ga_do_settings_clientid() {
338
  $options = $this->get_option_galogin();
339
  echo "<input id='input_ga_domainname' name='".$this->get_options_name()."[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
340
- echo "<br /><span>Normally something like 1234567890123.apps.googleusercontent.com</span>";
341
  }
342
 
343
  public function ga_do_settings_clientsecret() {
@@ -356,22 +431,24 @@ class core_google_apps_login {
356
  <p>There, create a new project (any name is fine, and just leave Project ID as it is) - you may be required to
357
  accept a verification phone call or SMS from Google.</p>
358
 
359
- <p>Then create a Web application within the project. To create the application,
360
  you need to click into the new project, then click <i>APIs &amp; Auth</i> in the left-hand menu.
361
- Click <i>Registered Apps</i> beneath that, then click the red <i>Register App</i> button.
362
- You can choose any name you wish, and make sure you select <i>Web Application</i> as the Platform type.
363
  </p>
364
- <p>
365
- Once you have created the application, you may need to open up the <i>OAuth 2.0 Client ID</i> section to be able to complete
366
- the following steps.
367
- </p>
368
- <p>You must input, into your new Google application, the following items:
369
  <ul style="margin-left: 10px;">
370
- <li>Web Origin: <?php echo (is_ssl() || force_ssl_login() || force_ssl_admin() ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/'; ?></li>
371
- <li>Redirect URL: <?php echo $this->get_login_url(); ?></li>
372
  </ul>
373
  </p>
374
- <p>Click Generate. You will see a Client ID and Client Secret which you must copy
 
 
 
 
 
 
375
  and paste into the boxes below on this screen - i.e. back in your Wordpress admin, right here.</p>
376
 
377
  <p><b>Optional:</b> In the Google Cloud Console, you can configure some things your users will see when they
@@ -388,6 +465,22 @@ class core_google_apps_login {
388
  protected function ga_section_text_end() {
389
  }
390
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
391
  public function ga_options_validate($input) {
392
  $newinput = Array();
393
  $newinput['ga_clientid'] = trim($input['ga_clientid']);
@@ -408,6 +501,8 @@ class core_google_apps_login {
408
  'error'
409
  );
410
  }
 
 
411
  return $newinput;
412
  }
413
 
@@ -427,7 +522,7 @@ class core_google_apps_login {
427
  }
428
 
429
  protected function get_default_options() {
430
- return Array( 'ga_clientid' => '', 'ga_clientsecret' => '');
431
  }
432
 
433
  protected $ga_options = null;
@@ -455,13 +550,7 @@ class core_google_apps_login {
455
  if (isset($_POST[$this->get_options_name()]) && is_array($_POST[$this->get_options_name()])) {
456
  $inoptions = $_POST[$this->get_options_name()];
457
  $outoptions = $this->ga_options_validate($inoptions);
458
-
459
- $updated = false;
460
- if ( !count( get_settings_errors() ) ) {
461
- update_site_option($this->get_options_name(), $outoptions);
462
- $updated = true;
463
- }
464
-
465
  $error_code = Array();
466
  $error_setting = Array();
467
  foreach (get_settings_errors() as $e) {
@@ -470,12 +559,14 @@ class core_google_apps_login {
470
  $error_setting[] = $e['setting'];
471
  }
472
  }
473
-
 
 
474
  // redirect to settings page in network
475
  wp_redirect(
476
  add_query_arg(
477
  array( 'page' => $this->get_options_menuname(),
478
- 'updated' => $updated,
479
  'error_setting' => $error_setting,
480
  'error_code' => $error_code ),
481
  network_admin_url( 'admin.php' )
@@ -485,6 +576,17 @@ class core_google_apps_login {
485
  }
486
  }
487
 
 
 
 
 
 
 
 
 
 
 
 
488
  // HOOKS AND FILTERS
489
  // *****************
490
 
@@ -492,24 +594,23 @@ class core_google_apps_login {
492
  add_action('login_enqueue_scripts', array($this, 'ga_login_styles'));
493
  add_action('login_form', array($this, 'ga_login_form'));
494
  add_action('authenticate', array($this, 'ga_authenticate'), 5, 3);
 
 
495
  add_action('init', array($this, 'ga_init'), 1);
496
 
497
  add_action('admin_init', array($this, 'ga_admin_init'));
498
 
499
  add_action(is_multisite() ? 'network_admin_menu' : 'admin_menu', array($this, 'ga_admin_menu'));
500
-
501
  if (is_multisite()) {
 
502
  add_action('network_admin_edit_'.$this->get_options_menuname(), array($this, 'ga_save_network_options'));
503
  }
504
- }
505
-
506
- public static function my_plugin_basename($file) {
507
- $basename = plugin_basename($file);
508
- if ('/'.$basename == $file) { // Maybe due to symlink
509
- $basename = basename(dirname($file)).'/'.basename($file);
510
  }
511
- return $basename;
512
  }
 
513
  }
514
 
515
  ?>
73
  </style>
74
  <?php }
75
 
76
+ // public in case widgets want to use it
77
+ public function ga_start_auth_get_url() {
78
  $options = $this->get_option_galogin();
79
  $clients = $this->createGoogleClient($options);
80
+ $client = $clients[0];
81
 
82
  // Generate a CSRF token
83
+ $client->setState(urlencode(
84
+ wp_create_nonce('google_apps_login-'.$this->get_cookie_value())
85
+ .'|'.$this->get_redirect_url()
 
86
  ));
87
 
88
  $authUrl = $client->createAuthUrl();
89
+ if ($options['ga_clientid'] == '' || $options['ga_clientsecret'] == '') {
90
+ $authUrl = "?error=ga_needs_configuring";
91
  }
92
+ return $authUrl;
93
+ }
94
+
95
+ public function ga_login_form() {
96
+ $authUrl = $this->ga_start_auth_get_url();
97
  ?>
98
  <div class="galogin">
99
  <a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
101
  <?php
102
  }
103
 
104
+ protected function get_redirect_url() {
105
+ $options = $this->get_option_galogin();
106
+
107
+ if (array_key_exists('redirect_to', $_REQUEST) && $_REQUEST['redirect_to']) {
108
+ return $_REQUEST['redirect_to'];
109
+ } elseif (is_multisite() && !$options['ga_ms_usesubsitecallback']) {
110
+ return admin_url(); // This is what WordPress would choose as default
111
+ // but we have to specify explicitly since all callbacks go via root site
112
+ }
113
+ return '';
114
+ }
115
+
116
  public function ga_authenticate($user, $username=null, $password=null) {
117
  if (isset($_REQUEST['error'])) {
118
+ switch ($_REQUEST['error']) {
119
+ case 'access_denied':
120
+ $error_message = 'You did not grant access';
121
+ break;
122
+ case 'ga_needs_configuring':
123
+ $error_message = 'The admin needs to configure Google Apps Login plugin - please follow '
124
+ .'<a href="http://wp-glogin.com/installing-google-apps-login/#main-settings"'
125
+ .' target="_blank">instructions here</a>';
126
+ break;
127
+ default:
128
+ $error_message = htmlentities2($_REQUEST['error']);
129
+ break;
130
+ }
131
+ $user = new WP_Error('ga_login_error', $error_message);
132
  return $this->displayAndReturnError($user);
133
  }
134
 
144
  }
145
 
146
  $statevars = explode('|', urldecode($_REQUEST['state']));
147
+ if (count($statevars) != 2) {
148
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem passing state");
149
  return $this->displayAndReturnError($user);
150
  }
151
  $retnonce = $statevars[0];
152
+ $retredirectto = $statevars[1];
 
153
 
154
+ if (!wp_verify_nonce($retnonce, 'google_apps_login-'.$this->get_cookie_value())) {
155
+ $user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting cookies");
 
 
 
 
 
156
  return $this->displayAndReturnError($user);
157
  }
158
 
189
  $user = $this->createUserOrError($userinfo, $options);
190
  }
191
 
192
+ if ($user && !is_wp_error($user)) {
193
+ // Set redirect for wp-login to receive via our own login_redirect callback
194
+ $this->setFinalRedirect($retredirectto);
195
+ // Would reset client-side login cookie but won't work on redirect
 
196
  }
197
  }
198
  }
235
  return $user;
236
  }
237
 
238
+ protected $_final_redirect = '';
239
+
240
+ protected function setFinalRedirect($redirect_to) {
241
+ $this->_final_redirect = $redirect_to;
242
+ }
243
+
244
+ protected function getFinalRedirect() {
245
+ return $this->_final_redirect;
246
+ }
247
+
248
+ public function ga_login_redirect($redirect_to, $request_from, $user) {
249
+ if ($user && !is_wp_error($user)) {
250
+ $final_redirect = $this->getFinalRedirect();
251
+ if ($final_redirect !== '') {
252
+ return $final_redirect;
253
  }
254
  }
255
+ return $redirect_to;
256
+ }
257
+
258
+ public function ga_init() {
259
  if (!isset($_COOKIE['google_apps_login']) && $GLOBALS['pagenow'] == 'wp-login.php') {
260
+ setcookie('google_apps_login', $this->get_cookie_value(), time()+600, '/', defined(COOKIE_DOMAIN) ? COOKIE_DOMAIN : '' );
261
  }
262
  }
263
 
264
  protected function get_login_url() {
265
+ $options = $this->get_option_galogin();
266
  $login_url = wp_login_url();
267
 
268
+ if (is_multisite() && !$options['ga_ms_usesubsitecallback']) {
269
  $login_url = network_site_url('wp-login.php');
270
  }
271
 
287
  return 'galogin_options';
288
  }
289
 
290
+ protected function get_settings_url() {
291
+ return is_multisite()
292
+ ? network_admin_url( 'settings.php?page='.$this->get_options_menuname() )
293
+ : admin_url( 'options-general.php?page='.$this->get_options_menuname() );
294
+ }
295
+
296
+ public function ga_admin_auth_message() {
297
+ ?>
298
+ <div class="error">
299
+ <p>You will need to complete Google Apps Login
300
+ <a href="<?php echo $this->get_settings_url(); ?>">Settings</a>
301
+ in order for the plugin to work
302
+ </p>
303
+ </div> <?php
304
+ }
305
+
306
  public function ga_admin_init() {
307
  register_setting( $this->get_options_pagename(), $this->get_options_name(), Array($this, 'ga_options_validate') );
308
 
309
  $this->ga_admin_init_main();
310
  $this->ga_admin_init_domain();
311
+ $this->ga_admin_init_multisite();
312
+
313
+ // Admin notice that configuration is required
314
+ $options = $this->get_option_galogin();
315
+
316
+ if (current_user_can( is_multisite() ? 'manage_network_options' : 'manage_options' )
317
+ && ($options['ga_clientid'] == '' || $options['ga_clientsecret'] == '')) {
318
+
319
+ if (!array_key_exists('page', $_REQUEST) || $_REQUEST['page'] != $this->get_options_menuname()) {
320
+ add_action('admin_notices', Array($this, 'ga_admin_auth_message'));
321
+ if (is_multisite()) {
322
+ add_action('network_admin_notices', Array($this, 'ga_admin_auth_message'));
323
+ }
324
+ }
325
+ }
326
  }
327
 
328
  protected function ga_admin_init_main() {
337
 
338
  protected function ga_admin_init_domain() {
339
  }
340
+
341
+ public function ga_admin_init_multisite() {
342
+ if (is_multisite()) {
343
+ add_settings_section('galogin_multisite_section', 'Multisite Options',
344
+ array($this, 'ga_multisitesection_text'), $this->get_options_name());
345
+
346
+ add_settings_field('ga_ms_usesubsitecallback', 'Use sub-site specific callback from Google',
347
+ array($this, 'ga_do_settings_ms_usesubsitecallback'), $this->get_options_name(), 'galogin_multisite_section');
348
+ }
349
+ }
350
 
351
  public function ga_admin_menu() {
352
  if (is_multisite()) {
362
  }
363
 
364
  public function ga_options_do_page() {
365
+ $submit_page = is_multisite() ? 'edit.php?action='.$this->get_options_menuname() : 'options.php';
366
 
367
  if (is_multisite()) {
368
  $this->ga_options_do_network_errors();
412
  public function ga_do_settings_clientid() {
413
  $options = $this->get_option_galogin();
414
  echo "<input id='input_ga_domainname' name='".$this->get_options_name()."[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
415
+ echo "<br /><span>Normally something like 1234567890123-w1dwn5pfgjeo96c73821dfbof6n4kdhw.apps.googleusercontent.com</span>";
416
  }
417
 
418
  public function ga_do_settings_clientsecret() {
431
  <p>There, create a new project (any name is fine, and just leave Project ID as it is) - you may be required to
432
  accept a verification phone call or SMS from Google.</p>
433
 
434
+ <p>Then create a new 'Client ID' within the project, of type 'Web Application'. To create this,
435
  you need to click into the new project, then click <i>APIs &amp; Auth</i> in the left-hand menu.
436
+ Click <i>Credentials</i> beneath that, then click the red <i>Create New Client ID</i> button.
437
+ Make sure you select <i>Web Application</i> as the Platform type.
438
  </p>
439
+ <p>You must input, into your new Google 'Client ID', the following items:
 
 
 
 
440
  <ul style="margin-left: 10px;">
441
+ <li>Authorized Javascript origins: <?php echo (is_ssl() || force_ssl_login() || force_ssl_admin() ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/'; ?></li>
442
+ <li>Authorized redirect URI: <?php echo $this->get_login_url(); ?></li>
443
  </ul>
444
  </p>
445
+ <p>
446
+ Once you have created the application (click the blue <i>Create Client ID</i> button), you need to turn to the
447
+ <i>Client ID for web application</i> section to be able to complete
448
+ the following steps. (<b>Not</b> the <i>Compute Engine and App Engine</i> section at the top.)
449
+ </p>
450
+
451
+ <p>You will see a Client ID and Client Secret which you must copy
452
  and paste into the boxes below on this screen - i.e. back in your Wordpress admin, right here.</p>
453
 
454
  <p><b>Optional:</b> In the Google Cloud Console, you can configure some things your users will see when they
465
  protected function ga_section_text_end() {
466
  }
467
 
468
+ public function ga_multisitesection_text() {
469
+ ?>
470
+ <p>These settings are for multisite admins only. By default, all logins need to be submitted via the root site
471
+ (since that is the only Redirect URL you were asked to submit to Google Cloud Console above).
472
+ If you have a reason to register Redirect URLs for each of your sub-sites too, tick the box below to
473
+ have all logins submitted to the sub-site they were invoked on.
474
+ </p>
475
+ <?php
476
+ }
477
+
478
+ public function ga_do_settings_ms_usesubsitecallback() {
479
+ $options = $this->get_option_galogin();
480
+ echo "<input id='input_ga_ms_usesubsitecallback' name='".$this->get_options_name()."[ga_ms_usesubsitecallback]' type='checkbox' ".($options['ga_ms_usesubsitecallback'] ? 'checked' : '')." />";
481
+ echo "<div>Leave unchecked in most cases</div>";
482
+ }
483
+
484
  public function ga_options_validate($input) {
485
  $newinput = Array();
486
  $newinput['ga_clientid'] = trim($input['ga_clientid']);
501
  'error'
502
  );
503
  }
504
+ $newinput['ga_ms_usesubsitecallback'] = isset($input['ga_ms_usesubsitecallback']) ? $input['ga_ms_usesubsitecallback'] : false;
505
+ $newinput['ga_version'] = $this->PLUGIN_VERSION;
506
  return $newinput;
507
  }
508
 
522
  }
523
 
524
  protected function get_default_options() {
525
+ return Array('ga_version' => $this->PLUGIN_VERSION, 'ga_clientid' => '', 'ga_clientsecret' => '', 'ga_ms_usesubsitecallback' => false);
526
  }
527
 
528
  protected $ga_options = null;
550
  if (isset($_POST[$this->get_options_name()]) && is_array($_POST[$this->get_options_name()])) {
551
  $inoptions = $_POST[$this->get_options_name()];
552
  $outoptions = $this->ga_options_validate($inoptions);
553
+
 
 
 
 
 
 
554
  $error_code = Array();
555
  $error_setting = Array();
556
  foreach (get_settings_errors() as $e) {
559
  $error_setting[] = $e['setting'];
560
  }
561
  }
562
+
563
+ update_site_option($this->get_options_name(), $outoptions);
564
+
565
  // redirect to settings page in network
566
  wp_redirect(
567
  add_query_arg(
568
  array( 'page' => $this->get_options_menuname(),
569
+ 'updated' => true,
570
  'error_setting' => $error_setting,
571
  'error_code' => $error_code ),
572
  network_admin_url( 'admin.php' )
576
  }
577
  }
578
 
579
+ // PLUGINS PAGE
580
+
581
+ public function ga_plugin_action_links( $links, $file ) {
582
+ if ($file == $this->my_plugin_basename()) {
583
+ $settings_link = '<a href="'.$this->get_settings_url().'">Settings</a>';
584
+ array_unshift( $links, $settings_link );
585
+ }
586
+
587
+ return $links;
588
+ }
589
+
590
  // HOOKS AND FILTERS
591
  // *****************
592
 
594
  add_action('login_enqueue_scripts', array($this, 'ga_login_styles'));
595
  add_action('login_form', array($this, 'ga_login_form'));
596
  add_action('authenticate', array($this, 'ga_authenticate'), 5, 3);
597
+
598
+ add_filter('login_redirect', array($this, 'ga_login_redirect'), 5, 3 );
599
  add_action('init', array($this, 'ga_init'), 1);
600
 
601
  add_action('admin_init', array($this, 'ga_admin_init'));
602
 
603
  add_action(is_multisite() ? 'network_admin_menu' : 'admin_menu', array($this, 'ga_admin_menu'));
604
+
605
  if (is_multisite()) {
606
+ add_filter('network_admin_plugin_action_links', array($this, 'ga_plugin_action_links'), 10, 2 );
607
  add_action('network_admin_edit_'.$this->get_options_menuname(), array($this, 'ga_save_network_options'));
608
  }
609
+ else {
610
+ add_filter( 'plugin_action_links', array($this, 'ga_plugin_action_links'), 10, 2 );
 
 
 
 
611
  }
 
612
  }
613
+
614
  }
615
 
616
  ?>
google_apps_login.php CHANGED
@@ -3,24 +3,35 @@
3
  /**
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
- * Description: Easy login for your Wordpress users by using their Google accounts (uses OAuth2 and requires a Google Apps domain).
7
- * Version: 1.2
8
  * Author: Dan Lester
9
- * Author URI: http://danlester.com/
10
  * License: GPL3
 
11
  */
12
 
13
  require_once( plugin_dir_path(__FILE__).'/core/core_google_apps_login.php' );
14
 
15
  class basic_google_apps_login extends core_google_apps_login {
16
 
 
 
17
  public function ga_section_text_end() {
18
  ?>
19
- <p><b>For support and premium features, please visit:
20
  <a href="http://wp-glogin.com/?utm_source=Admin%20Panel&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
21
  </p>
22
  <?php
23
  }
 
 
 
 
 
 
 
 
24
 
25
  }
26
 
3
  /**
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
+ * Description: Simple secure login for Wordpress through users' Google Apps accounts (uses secure OAuth2, and MFA if enabled)
7
+ * Version: 1.3
8
  * Author: Dan Lester
9
+ * Author URI: http://wp-glogin.com/
10
  * License: GPL3
11
+ * Network: true
12
  */
13
 
14
  require_once( plugin_dir_path(__FILE__).'/core/core_google_apps_login.php' );
15
 
16
  class basic_google_apps_login extends core_google_apps_login {
17
 
18
+ protected $PLUGIN_VERSION = '1.3';
19
+
20
  public function ga_section_text_end() {
21
  ?>
22
+ <p><b>For full support, and premium features that greatly simplify WordPress user management for admins, please visit:
23
  <a href="http://wp-glogin.com/?utm_source=Admin%20Panel&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
24
  </p>
25
  <?php
26
  }
27
+
28
+ public function my_plugin_basename() {
29
+ $basename = plugin_basename(__FILE__);
30
+ if ('/'.$basename == __FILE__) { // Maybe due to symlink
31
+ $basename = basename(dirname(__FILE__)).'/'.basename(__FILE__);
32
+ }
33
+ return $basename;
34
+ }
35
 
36
  }
37
 
readme.txt CHANGED
@@ -1,27 +1,35 @@
1
  === Plugin Name ===
2
  Contributors: danlester
3
- Tags: login, google, authentication, oauth2, oauth, admin, googleapps, sso
4
  Requires at least: 3.3
5
  Tested up to: 3.8
6
- Stable tag: 1.1
7
  License: GPLv3
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
10
- Easy login for your Wordpress users by using their Google accounts (uses secure OAuth2, including Multi-factor auth if enabled).
 
11
 
12
  == Description ==
13
 
14
- Google Apps Login allows existing Wordpress user accounts to login to the blog by using Google to securely authenticate their
15
- account. This means that if they are already logged into Gmail for example, they can simply click their way
16
  through the Wordpress login screen - no username or password is explicitly required!
17
 
18
- Login will work for any Google Apps domains plus personal gmail.com emails.
 
 
 
 
 
19
 
20
  Plugin setup requires you to have admin access to any Google Apps domain, or a regular Gmail account, to register and
21
  obtain two simple codes from Google.
22
 
23
- **Support and premium features are also available for purchase: eliminate the need for Google Apps domain admins to separately
24
- manage WordPress user accounts, and get piece of mind that only authorized employees have access to the company's websites and intranet.**
 
 
25
 
26
  **See [http://wp-glogin.com/](http://wp-glogin.com/)**
27
 
@@ -29,12 +37,14 @@ Google Apps Login uses the latest secure OAuth2 authentication recommended by Go
29
  may allow you to use your Google username and password to login, but they do not do this securely:
30
 
31
  * Other plugins: Users' passwords will be handled by your blog's server, potentially unencrypted. If these are compromised,
32
- hackers would be able to gain access to your Google email accounts! This includes Gmail, Drive, and any other services which
33
- use your Google account to login.
 
34
 
35
  * This plugin: Users' passwords are only ever submitted to Google itself, then Google is asked to authenticate the user to
36
- your blog. This means Multi-factor Authentication can still be used (if set up on your Google account). Your blog only ever
37
- has permission to authenticate the user and obtain basic profile data - it can never have access to your emails and other data.
 
38
 
39
  == Screenshots ==
40
 
@@ -43,6 +53,27 @@ has permission to authenticate the user and obtain basic profile data - it can n
43
 
44
  == Frequently Asked Questions ==
45
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
46
  = Does the plugin work with HTTP or HTTPS login pages? =
47
 
48
  The plugin will work whether your site is configured for HTTP or HTTPS.
@@ -56,17 +87,17 @@ for login.
56
  You may then need to ensure the Redirect URL and Web Origin in the Google Cloud Console are
57
  set as HTTPS (this will make sense if you follow the installation instructions again).
58
 
59
- If for some reason you cannot set FORCE_SSL_ADMIN, then you can add two URLs to the Google
60
  Cloud Console for each entry, e.g. Redirect URL = http://wpexample.com/wp-login.php, and
61
  then add another one for https://wpexample.com/wp-login.php. Same idea for Web Origin.
62
 
63
  = Does the plugin work on Multisite? =
64
 
65
- It is written, tested, and secure for multisite in subdirectories (not subdomains), and *must* be activated
66
  network-wide for security reasons.
67
 
68
- If you do require it used for subdomains, please contact the plugin author who may
69
- be able to help for your specific installation.
70
 
71
  = Is it secure? =
72
 
@@ -105,12 +136,20 @@ If you cannot install from the WordPress plugins directory for any reason, and n
105
  the Plugins section of your Wordpress admin
106
  1. Follow the instructions from step 4 above
107
 
108
- == Upgrade Notice ==
 
 
 
 
 
 
 
 
 
109
 
110
  = 1.1 =
111
- Upgrade recommended
112
- Increased security - uses an extra authenticity check
113
- Better support for mal-configured Google credentials
114
  No longer uses PHP-based sessions - will work on even more WordPress configurations
115
 
116
  = 1.0 =
1
  === Plugin Name ===
2
  Contributors: danlester
3
+ Tags: login, google, authentication, oauth2, oauth, admin, google apps, sso, single-sign-on, auth, intranet
4
  Requires at least: 3.3
5
  Tested up to: 3.8
6
+ Stable tag: 1.3
7
  License: GPLv3
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
10
+ Simple secure login and user management for Wordpress through your Google Apps domain
11
+ (uses secure OAuth2, and MFA if enabled)
12
 
13
  == Description ==
14
 
15
+ Google Apps Login allows existing Wordpress user accounts to login to the website using Google to securely authenticate
16
+ their account. This means that if they are already logged into Gmail for example, they can simply click their way
17
  through the Wordpress login screen - no username or password is explicitly required!
18
 
19
+ One-click login will work for the following domains and user accounts:
20
+
21
+ * Google Apps for Business
22
+ * Google Apps for Education
23
+ * Google Apps for Non-profits
24
+ * Personal gmail.com and googlemail.com emails
25
 
26
  Plugin setup requires you to have admin access to any Google Apps domain, or a regular Gmail account, to register and
27
  obtain two simple codes from Google.
28
 
29
+ **Full support and premium features are also available for purchase:**
30
+
31
+ **Eliminate the need for Google Apps domain admins to separately manage WordPress user accounts, and get piece
32
+ of mind that only authorized employees have access to the organizations's websites and intranet.**
33
 
34
  **See [http://wp-glogin.com/](http://wp-glogin.com/)**
35
 
37
  may allow you to use your Google username and password to login, but they do not do this securely:
38
 
39
  * Other plugins: Users' passwords will be handled by your blog's server, potentially unencrypted. If these are compromised,
40
+ hackers would be able to gain access to your Google email accounts! This includes all
41
+ [Google Apps](http://www.google.com/enterprise/apps/business/products.html) (Gmail, Drive, Calendar
42
+ etc), and any other services which use your Google account to login.
43
 
44
  * This plugin: Users' passwords are only ever submitted to Google itself, then Google is asked to authenticate the user to
45
+ your WordPress site. This means Multi-factor Authentication can still be used (if set up on your Google account).
46
+ Your website only requires permission to authenticate the user and obtain basic profile data - it can never have access to
47
+ your emails and other data.
48
 
49
  == Screenshots ==
50
 
53
 
54
  == Frequently Asked Questions ==
55
 
56
+ = How can I obtain support for this product? =
57
+
58
+ Full support is available if you purchase the appropriate license from the author via:
59
+ [http://wp-glogin.com/google-apps-login-premium/](http://wp-glogin.com/google-apps-login-premium/)
60
+
61
+ Please feel free to email [support@wp-glogin.com](mailto:support@wp-glogin.com) with any questions,
62
+ as we may be able to help, but you may be required to purchase a support license if the problem
63
+ is specific to your installation or requirements.
64
+
65
+ We may occasionally be able to respond to support queries posted on the 'Support' forum here on the wordpress.org
66
+ plugin page, but we recommend sending us an email instead if possible.
67
+
68
+ = Is login restricted to the Google Apps domain I use to set up the plugin? =
69
+
70
+ No, once you set up the plugin, any WordPress accounts whose email address corresponds to *any* Google account,
71
+ whether on a different Google Apps domain or even a personal gmail.com account, will be able to use 'Login with
72
+ Google' to easily connect to your WordPress site.
73
+
74
+ However, our [premium plugin](http://wp-glogin.com/google-apps-login-premium/) has features that greatly simplify
75
+ your WordPress user management if your WordPress users are mostly on the same Google Apps domain(s).
76
+
77
  = Does the plugin work with HTTP or HTTPS login pages? =
78
 
79
  The plugin will work whether your site is configured for HTTP or HTTPS.
87
  You may then need to ensure the Redirect URL and Web Origin in the Google Cloud Console are
88
  set as HTTPS (this will make sense if you follow the installation instructions again).
89
 
90
+ If for some reason you cannot set FORCE_SSL_ADMIN, then instead you can add two URLs to the Google
91
  Cloud Console for each entry, e.g. Redirect URL = http://wpexample.com/wp-login.php, and
92
  then add another one for https://wpexample.com/wp-login.php. Same idea for Web Origin.
93
 
94
  = Does the plugin work on Multisite? =
95
 
96
+ It is written, tested, and secure for multisite WordPress, both for subdirectories and subdomains, and *must* be activated
97
  network-wide for security reasons.
98
 
99
+ There are many different possible configurations of multisite WordPress, however, so you must test carefully if you
100
+ have any other plugins or special setup.
101
 
102
  = Is it secure? =
103
 
136
  the Plugins section of your Wordpress admin
137
  1. Follow the instructions from step 4 above
138
 
139
+ == Changelog ==
140
+
141
+ = 1.3 =
142
+ Much neater support for redirecting users to most appropriate page post-login,
143
+ especially on multisite installations; Better notices guiding admins through
144
+ configuration
145
+
146
+ = 1.2 =
147
+ Upgrade to match WordPress 3.8;
148
+ More extensible code
149
 
150
  = 1.1 =
151
+ Increased security - uses an extra authenticity check;
152
+ Better support for mal-configured Google credentials;
 
153
  No longer uses PHP-based sessions - will work on even more WordPress configurations
154
 
155
  = 1.0 =