Version Description
Much neater support for redirecting users to most appropriate page post-login, especially on multisite installations; Better notices guiding admins through configuration
Download this release
Release Info
Developer | danlester |
Plugin | Google Apps Login |
Version | 1.3 |
Comparing to | |
See all releases |
Code changes from version 1.2 to 1.3
- core/core_google_apps_login.php +168 -67
- google_apps_login.php +15 -4
- readme.txt +59 -20
core/core_google_apps_login.php
CHANGED
@@ -73,22 +73,27 @@ class core_google_apps_login {
|
|
73 |
</style>
|
74 |
<?php }
|
75 |
|
76 |
-
public
|
|
|
77 |
$options = $this->get_option_galogin();
|
78 |
$clients = $this->createGoogleClient($options);
|
79 |
-
$client = $clients[0];
|
80 |
|
81 |
// Generate a CSRF token
|
82 |
-
$
|
83 |
-
|
84 |
-
.'|'.$this->
|
85 |
-
.'|'.(array_key_exists('redirect_to', $_REQUEST) ? $_REQUEST['redirect_to'] : '')
|
86 |
));
|
87 |
|
88 |
$authUrl = $client->createAuthUrl();
|
89 |
-
if ($
|
90 |
-
$authUrl = "
|
91 |
}
|
|
|
|
|
|
|
|
|
|
|
92 |
?>
|
93 |
<div class="galogin">
|
94 |
<a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
|
@@ -96,9 +101,34 @@ class core_google_apps_login {
|
|
96 |
<?php
|
97 |
}
|
98 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
99 |
public function ga_authenticate($user, $username=null, $password=null) {
|
100 |
if (isset($_REQUEST['error'])) {
|
101 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
102 |
return $this->displayAndReturnError($user);
|
103 |
}
|
104 |
|
@@ -114,21 +144,15 @@ class core_google_apps_login {
|
|
114 |
}
|
115 |
|
116 |
$statevars = explode('|', urldecode($_REQUEST['state']));
|
117 |
-
if (count($statevars) !=
|
118 |
-
$user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem
|
119 |
return $this->displayAndReturnError($user);
|
120 |
}
|
121 |
$retnonce = $statevars[0];
|
122 |
-
$
|
123 |
-
$retredirectto = $statevars[2];
|
124 |
|
125 |
-
if (!wp_verify_nonce($retnonce, 'google_apps_login')) {
|
126 |
-
$user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting
|
127 |
-
return $this->displayAndReturnError($user);
|
128 |
-
}
|
129 |
-
|
130 |
-
if (!isset($_COOKIE['google_apps_login']) || $retcookie != $_COOKIE['google_apps_login']) {
|
131 |
-
$user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting cookie");
|
132 |
return $this->displayAndReturnError($user);
|
133 |
}
|
134 |
|
@@ -165,11 +189,10 @@ class core_google_apps_login {
|
|
165 |
$user = $this->createUserOrError($userinfo, $options);
|
166 |
}
|
167 |
|
168 |
-
if (
|
169 |
-
// Set redirect for
|
170 |
-
|
171 |
-
//
|
172 |
-
setcookie('google_apps_login', '', time()-3600, '/');
|
173 |
}
|
174 |
}
|
175 |
}
|
@@ -212,26 +235,37 @@ class core_google_apps_login {
|
|
212 |
return $user;
|
213 |
}
|
214 |
|
215 |
-
|
216 |
-
|
217 |
-
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
222 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
223 |
}
|
224 |
}
|
225 |
-
|
|
|
|
|
|
|
226 |
if (!isset($_COOKIE['google_apps_login']) && $GLOBALS['pagenow'] == 'wp-login.php') {
|
227 |
-
setcookie('google_apps_login', $this->get_cookie_value(), time()+
|
228 |
}
|
229 |
}
|
230 |
|
231 |
protected function get_login_url() {
|
|
|
232 |
$login_url = wp_login_url();
|
233 |
|
234 |
-
if (is_multisite() &&
|
235 |
$login_url = network_site_url('wp-login.php');
|
236 |
}
|
237 |
|
@@ -253,11 +287,42 @@ class core_google_apps_login {
|
|
253 |
return 'galogin_options';
|
254 |
}
|
255 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
256 |
public function ga_admin_init() {
|
257 |
register_setting( $this->get_options_pagename(), $this->get_options_name(), Array($this, 'ga_options_validate') );
|
258 |
|
259 |
$this->ga_admin_init_main();
|
260 |
$this->ga_admin_init_domain();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
261 |
}
|
262 |
|
263 |
protected function ga_admin_init_main() {
|
@@ -272,6 +337,16 @@ class core_google_apps_login {
|
|
272 |
|
273 |
protected function ga_admin_init_domain() {
|
274 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
275 |
|
276 |
public function ga_admin_menu() {
|
277 |
if (is_multisite()) {
|
@@ -287,7 +362,7 @@ class core_google_apps_login {
|
|
287 |
}
|
288 |
|
289 |
public function ga_options_do_page() {
|
290 |
-
$submit_page = is_multisite() ? 'edit.php?action='.$this->get_options_menuname() : 'options.php';
|
291 |
|
292 |
if (is_multisite()) {
|
293 |
$this->ga_options_do_network_errors();
|
@@ -337,7 +412,7 @@ class core_google_apps_login {
|
|
337 |
public function ga_do_settings_clientid() {
|
338 |
$options = $this->get_option_galogin();
|
339 |
echo "<input id='input_ga_domainname' name='".$this->get_options_name()."[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
|
340 |
-
echo "<br /><span>Normally something like 1234567890123.apps.googleusercontent.com</span>";
|
341 |
}
|
342 |
|
343 |
public function ga_do_settings_clientsecret() {
|
@@ -356,22 +431,24 @@ class core_google_apps_login {
|
|
356 |
<p>There, create a new project (any name is fine, and just leave Project ID as it is) - you may be required to
|
357 |
accept a verification phone call or SMS from Google.</p>
|
358 |
|
359 |
-
<p>Then create a
|
360 |
you need to click into the new project, then click <i>APIs & Auth</i> in the left-hand menu.
|
361 |
-
Click <i>
|
362 |
-
|
363 |
</p>
|
364 |
-
<p>
|
365 |
-
Once you have created the application, you may need to open up the <i>OAuth 2.0 Client ID</i> section to be able to complete
|
366 |
-
the following steps.
|
367 |
-
</p>
|
368 |
-
<p>You must input, into your new Google application, the following items:
|
369 |
<ul style="margin-left: 10px;">
|
370 |
-
<li>
|
371 |
-
<li>
|
372 |
</ul>
|
373 |
</p>
|
374 |
-
<p>
|
|
|
|
|
|
|
|
|
|
|
|
|
375 |
and paste into the boxes below on this screen - i.e. back in your Wordpress admin, right here.</p>
|
376 |
|
377 |
<p><b>Optional:</b> In the Google Cloud Console, you can configure some things your users will see when they
|
@@ -388,6 +465,22 @@ class core_google_apps_login {
|
|
388 |
protected function ga_section_text_end() {
|
389 |
}
|
390 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
391 |
public function ga_options_validate($input) {
|
392 |
$newinput = Array();
|
393 |
$newinput['ga_clientid'] = trim($input['ga_clientid']);
|
@@ -408,6 +501,8 @@ class core_google_apps_login {
|
|
408 |
'error'
|
409 |
);
|
410 |
}
|
|
|
|
|
411 |
return $newinput;
|
412 |
}
|
413 |
|
@@ -427,7 +522,7 @@ class core_google_apps_login {
|
|
427 |
}
|
428 |
|
429 |
protected function get_default_options() {
|
430 |
-
return Array( 'ga_clientid' => '', 'ga_clientsecret' => '');
|
431 |
}
|
432 |
|
433 |
protected $ga_options = null;
|
@@ -455,13 +550,7 @@ class core_google_apps_login {
|
|
455 |
if (isset($_POST[$this->get_options_name()]) && is_array($_POST[$this->get_options_name()])) {
|
456 |
$inoptions = $_POST[$this->get_options_name()];
|
457 |
$outoptions = $this->ga_options_validate($inoptions);
|
458 |
-
|
459 |
-
$updated = false;
|
460 |
-
if ( !count( get_settings_errors() ) ) {
|
461 |
-
update_site_option($this->get_options_name(), $outoptions);
|
462 |
-
$updated = true;
|
463 |
-
}
|
464 |
-
|
465 |
$error_code = Array();
|
466 |
$error_setting = Array();
|
467 |
foreach (get_settings_errors() as $e) {
|
@@ -470,12 +559,14 @@ class core_google_apps_login {
|
|
470 |
$error_setting[] = $e['setting'];
|
471 |
}
|
472 |
}
|
473 |
-
|
|
|
|
|
474 |
// redirect to settings page in network
|
475 |
wp_redirect(
|
476 |
add_query_arg(
|
477 |
array( 'page' => $this->get_options_menuname(),
|
478 |
-
'updated' =>
|
479 |
'error_setting' => $error_setting,
|
480 |
'error_code' => $error_code ),
|
481 |
network_admin_url( 'admin.php' )
|
@@ -485,6 +576,17 @@ class core_google_apps_login {
|
|
485 |
}
|
486 |
}
|
487 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
488 |
// HOOKS AND FILTERS
|
489 |
// *****************
|
490 |
|
@@ -492,24 +594,23 @@ class core_google_apps_login {
|
|
492 |
add_action('login_enqueue_scripts', array($this, 'ga_login_styles'));
|
493 |
add_action('login_form', array($this, 'ga_login_form'));
|
494 |
add_action('authenticate', array($this, 'ga_authenticate'), 5, 3);
|
|
|
|
|
495 |
add_action('init', array($this, 'ga_init'), 1);
|
496 |
|
497 |
add_action('admin_init', array($this, 'ga_admin_init'));
|
498 |
|
499 |
add_action(is_multisite() ? 'network_admin_menu' : 'admin_menu', array($this, 'ga_admin_menu'));
|
500 |
-
|
501 |
if (is_multisite()) {
|
|
|
502 |
add_action('network_admin_edit_'.$this->get_options_menuname(), array($this, 'ga_save_network_options'));
|
503 |
}
|
504 |
-
|
505 |
-
|
506 |
-
public static function my_plugin_basename($file) {
|
507 |
-
$basename = plugin_basename($file);
|
508 |
-
if ('/'.$basename == $file) { // Maybe due to symlink
|
509 |
-
$basename = basename(dirname($file)).'/'.basename($file);
|
510 |
}
|
511 |
-
return $basename;
|
512 |
}
|
|
|
513 |
}
|
514 |
|
515 |
?>
|
73 |
</style>
|
74 |
<?php }
|
75 |
|
76 |
+
// public in case widgets want to use it
|
77 |
+
public function ga_start_auth_get_url() {
|
78 |
$options = $this->get_option_galogin();
|
79 |
$clients = $this->createGoogleClient($options);
|
80 |
+
$client = $clients[0];
|
81 |
|
82 |
// Generate a CSRF token
|
83 |
+
$client->setState(urlencode(
|
84 |
+
wp_create_nonce('google_apps_login-'.$this->get_cookie_value())
|
85 |
+
.'|'.$this->get_redirect_url()
|
|
|
86 |
));
|
87 |
|
88 |
$authUrl = $client->createAuthUrl();
|
89 |
+
if ($options['ga_clientid'] == '' || $options['ga_clientsecret'] == '') {
|
90 |
+
$authUrl = "?error=ga_needs_configuring";
|
91 |
}
|
92 |
+
return $authUrl;
|
93 |
+
}
|
94 |
+
|
95 |
+
public function ga_login_form() {
|
96 |
+
$authUrl = $this->ga_start_auth_get_url();
|
97 |
?>
|
98 |
<div class="galogin">
|
99 |
<a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
|
101 |
<?php
|
102 |
}
|
103 |
|
104 |
+
protected function get_redirect_url() {
|
105 |
+
$options = $this->get_option_galogin();
|
106 |
+
|
107 |
+
if (array_key_exists('redirect_to', $_REQUEST) && $_REQUEST['redirect_to']) {
|
108 |
+
return $_REQUEST['redirect_to'];
|
109 |
+
} elseif (is_multisite() && !$options['ga_ms_usesubsitecallback']) {
|
110 |
+
return admin_url(); // This is what WordPress would choose as default
|
111 |
+
// but we have to specify explicitly since all callbacks go via root site
|
112 |
+
}
|
113 |
+
return '';
|
114 |
+
}
|
115 |
+
|
116 |
public function ga_authenticate($user, $username=null, $password=null) {
|
117 |
if (isset($_REQUEST['error'])) {
|
118 |
+
switch ($_REQUEST['error']) {
|
119 |
+
case 'access_denied':
|
120 |
+
$error_message = 'You did not grant access';
|
121 |
+
break;
|
122 |
+
case 'ga_needs_configuring':
|
123 |
+
$error_message = 'The admin needs to configure Google Apps Login plugin - please follow '
|
124 |
+
.'<a href="http://wp-glogin.com/installing-google-apps-login/#main-settings"'
|
125 |
+
.' target="_blank">instructions here</a>';
|
126 |
+
break;
|
127 |
+
default:
|
128 |
+
$error_message = htmlentities2($_REQUEST['error']);
|
129 |
+
break;
|
130 |
+
}
|
131 |
+
$user = new WP_Error('ga_login_error', $error_message);
|
132 |
return $this->displayAndReturnError($user);
|
133 |
}
|
134 |
|
144 |
}
|
145 |
|
146 |
$statevars = explode('|', urldecode($_REQUEST['state']));
|
147 |
+
if (count($statevars) != 2) {
|
148 |
+
$user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem passing state");
|
149 |
return $this->displayAndReturnError($user);
|
150 |
}
|
151 |
$retnonce = $statevars[0];
|
152 |
+
$retredirectto = $statevars[1];
|
|
|
153 |
|
154 |
+
if (!wp_verify_nonce($retnonce, 'google_apps_login-'.$this->get_cookie_value())) {
|
155 |
+
$user = new WP_Error('ga_login_error', "Session mismatch - try again, but there could be a problem setting cookies");
|
|
|
|
|
|
|
|
|
|
|
156 |
return $this->displayAndReturnError($user);
|
157 |
}
|
158 |
|
189 |
$user = $this->createUserOrError($userinfo, $options);
|
190 |
}
|
191 |
|
192 |
+
if ($user && !is_wp_error($user)) {
|
193 |
+
// Set redirect for wp-login to receive via our own login_redirect callback
|
194 |
+
$this->setFinalRedirect($retredirectto);
|
195 |
+
// Would reset client-side login cookie but won't work on redirect
|
|
|
196 |
}
|
197 |
}
|
198 |
}
|
235 |
return $user;
|
236 |
}
|
237 |
|
238 |
+
protected $_final_redirect = '';
|
239 |
+
|
240 |
+
protected function setFinalRedirect($redirect_to) {
|
241 |
+
$this->_final_redirect = $redirect_to;
|
242 |
+
}
|
243 |
+
|
244 |
+
protected function getFinalRedirect() {
|
245 |
+
return $this->_final_redirect;
|
246 |
+
}
|
247 |
+
|
248 |
+
public function ga_login_redirect($redirect_to, $request_from, $user) {
|
249 |
+
if ($user && !is_wp_error($user)) {
|
250 |
+
$final_redirect = $this->getFinalRedirect();
|
251 |
+
if ($final_redirect !== '') {
|
252 |
+
return $final_redirect;
|
253 |
}
|
254 |
}
|
255 |
+
return $redirect_to;
|
256 |
+
}
|
257 |
+
|
258 |
+
public function ga_init() {
|
259 |
if (!isset($_COOKIE['google_apps_login']) && $GLOBALS['pagenow'] == 'wp-login.php') {
|
260 |
+
setcookie('google_apps_login', $this->get_cookie_value(), time()+600, '/', defined(COOKIE_DOMAIN) ? COOKIE_DOMAIN : '' );
|
261 |
}
|
262 |
}
|
263 |
|
264 |
protected function get_login_url() {
|
265 |
+
$options = $this->get_option_galogin();
|
266 |
$login_url = wp_login_url();
|
267 |
|
268 |
+
if (is_multisite() && !$options['ga_ms_usesubsitecallback']) {
|
269 |
$login_url = network_site_url('wp-login.php');
|
270 |
}
|
271 |
|
287 |
return 'galogin_options';
|
288 |
}
|
289 |
|
290 |
+
protected function get_settings_url() {
|
291 |
+
return is_multisite()
|
292 |
+
? network_admin_url( 'settings.php?page='.$this->get_options_menuname() )
|
293 |
+
: admin_url( 'options-general.php?page='.$this->get_options_menuname() );
|
294 |
+
}
|
295 |
+
|
296 |
+
public function ga_admin_auth_message() {
|
297 |
+
?>
|
298 |
+
<div class="error">
|
299 |
+
<p>You will need to complete Google Apps Login
|
300 |
+
<a href="<?php echo $this->get_settings_url(); ?>">Settings</a>
|
301 |
+
in order for the plugin to work
|
302 |
+
</p>
|
303 |
+
</div> <?php
|
304 |
+
}
|
305 |
+
|
306 |
public function ga_admin_init() {
|
307 |
register_setting( $this->get_options_pagename(), $this->get_options_name(), Array($this, 'ga_options_validate') );
|
308 |
|
309 |
$this->ga_admin_init_main();
|
310 |
$this->ga_admin_init_domain();
|
311 |
+
$this->ga_admin_init_multisite();
|
312 |
+
|
313 |
+
// Admin notice that configuration is required
|
314 |
+
$options = $this->get_option_galogin();
|
315 |
+
|
316 |
+
if (current_user_can( is_multisite() ? 'manage_network_options' : 'manage_options' )
|
317 |
+
&& ($options['ga_clientid'] == '' || $options['ga_clientsecret'] == '')) {
|
318 |
+
|
319 |
+
if (!array_key_exists('page', $_REQUEST) || $_REQUEST['page'] != $this->get_options_menuname()) {
|
320 |
+
add_action('admin_notices', Array($this, 'ga_admin_auth_message'));
|
321 |
+
if (is_multisite()) {
|
322 |
+
add_action('network_admin_notices', Array($this, 'ga_admin_auth_message'));
|
323 |
+
}
|
324 |
+
}
|
325 |
+
}
|
326 |
}
|
327 |
|
328 |
protected function ga_admin_init_main() {
|
337 |
|
338 |
protected function ga_admin_init_domain() {
|
339 |
}
|
340 |
+
|
341 |
+
public function ga_admin_init_multisite() {
|
342 |
+
if (is_multisite()) {
|
343 |
+
add_settings_section('galogin_multisite_section', 'Multisite Options',
|
344 |
+
array($this, 'ga_multisitesection_text'), $this->get_options_name());
|
345 |
+
|
346 |
+
add_settings_field('ga_ms_usesubsitecallback', 'Use sub-site specific callback from Google',
|
347 |
+
array($this, 'ga_do_settings_ms_usesubsitecallback'), $this->get_options_name(), 'galogin_multisite_section');
|
348 |
+
}
|
349 |
+
}
|
350 |
|
351 |
public function ga_admin_menu() {
|
352 |
if (is_multisite()) {
|
362 |
}
|
363 |
|
364 |
public function ga_options_do_page() {
|
365 |
+
$submit_page = is_multisite() ? 'edit.php?action='.$this->get_options_menuname() : 'options.php';
|
366 |
|
367 |
if (is_multisite()) {
|
368 |
$this->ga_options_do_network_errors();
|
412 |
public function ga_do_settings_clientid() {
|
413 |
$options = $this->get_option_galogin();
|
414 |
echo "<input id='input_ga_domainname' name='".$this->get_options_name()."[ga_clientid]' size='80' type='text' value='{$options['ga_clientid']}' />";
|
415 |
+
echo "<br /><span>Normally something like 1234567890123-w1dwn5pfgjeo96c73821dfbof6n4kdhw.apps.googleusercontent.com</span>";
|
416 |
}
|
417 |
|
418 |
public function ga_do_settings_clientsecret() {
|
431 |
<p>There, create a new project (any name is fine, and just leave Project ID as it is) - you may be required to
|
432 |
accept a verification phone call or SMS from Google.</p>
|
433 |
|
434 |
+
<p>Then create a new 'Client ID' within the project, of type 'Web Application'. To create this,
|
435 |
you need to click into the new project, then click <i>APIs & Auth</i> in the left-hand menu.
|
436 |
+
Click <i>Credentials</i> beneath that, then click the red <i>Create New Client ID</i> button.
|
437 |
+
Make sure you select <i>Web Application</i> as the Platform type.
|
438 |
</p>
|
439 |
+
<p>You must input, into your new Google 'Client ID', the following items:
|
|
|
|
|
|
|
|
|
440 |
<ul style="margin-left: 10px;">
|
441 |
+
<li>Authorized Javascript origins: <?php echo (is_ssl() || force_ssl_login() || force_ssl_admin() ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/'; ?></li>
|
442 |
+
<li>Authorized redirect URI: <?php echo $this->get_login_url(); ?></li>
|
443 |
</ul>
|
444 |
</p>
|
445 |
+
<p>
|
446 |
+
Once you have created the application (click the blue <i>Create Client ID</i> button), you need to turn to the
|
447 |
+
<i>Client ID for web application</i> section to be able to complete
|
448 |
+
the following steps. (<b>Not</b> the <i>Compute Engine and App Engine</i> section at the top.)
|
449 |
+
</p>
|
450 |
+
|
451 |
+
<p>You will see a Client ID and Client Secret which you must copy
|
452 |
and paste into the boxes below on this screen - i.e. back in your Wordpress admin, right here.</p>
|
453 |
|
454 |
<p><b>Optional:</b> In the Google Cloud Console, you can configure some things your users will see when they
|
465 |
protected function ga_section_text_end() {
|
466 |
}
|
467 |
|
468 |
+
public function ga_multisitesection_text() {
|
469 |
+
?>
|
470 |
+
<p>These settings are for multisite admins only. By default, all logins need to be submitted via the root site
|
471 |
+
(since that is the only Redirect URL you were asked to submit to Google Cloud Console above).
|
472 |
+
If you have a reason to register Redirect URLs for each of your sub-sites too, tick the box below to
|
473 |
+
have all logins submitted to the sub-site they were invoked on.
|
474 |
+
</p>
|
475 |
+
<?php
|
476 |
+
}
|
477 |
+
|
478 |
+
public function ga_do_settings_ms_usesubsitecallback() {
|
479 |
+
$options = $this->get_option_galogin();
|
480 |
+
echo "<input id='input_ga_ms_usesubsitecallback' name='".$this->get_options_name()."[ga_ms_usesubsitecallback]' type='checkbox' ".($options['ga_ms_usesubsitecallback'] ? 'checked' : '')." />";
|
481 |
+
echo "<div>Leave unchecked in most cases</div>";
|
482 |
+
}
|
483 |
+
|
484 |
public function ga_options_validate($input) {
|
485 |
$newinput = Array();
|
486 |
$newinput['ga_clientid'] = trim($input['ga_clientid']);
|
501 |
'error'
|
502 |
);
|
503 |
}
|
504 |
+
$newinput['ga_ms_usesubsitecallback'] = isset($input['ga_ms_usesubsitecallback']) ? $input['ga_ms_usesubsitecallback'] : false;
|
505 |
+
$newinput['ga_version'] = $this->PLUGIN_VERSION;
|
506 |
return $newinput;
|
507 |
}
|
508 |
|
522 |
}
|
523 |
|
524 |
protected function get_default_options() {
|
525 |
+
return Array('ga_version' => $this->PLUGIN_VERSION, 'ga_clientid' => '', 'ga_clientsecret' => '', 'ga_ms_usesubsitecallback' => false);
|
526 |
}
|
527 |
|
528 |
protected $ga_options = null;
|
550 |
if (isset($_POST[$this->get_options_name()]) && is_array($_POST[$this->get_options_name()])) {
|
551 |
$inoptions = $_POST[$this->get_options_name()];
|
552 |
$outoptions = $this->ga_options_validate($inoptions);
|
553 |
+
|
|
|
|
|
|
|
|
|
|
|
|
|
554 |
$error_code = Array();
|
555 |
$error_setting = Array();
|
556 |
foreach (get_settings_errors() as $e) {
|
559 |
$error_setting[] = $e['setting'];
|
560 |
}
|
561 |
}
|
562 |
+
|
563 |
+
update_site_option($this->get_options_name(), $outoptions);
|
564 |
+
|
565 |
// redirect to settings page in network
|
566 |
wp_redirect(
|
567 |
add_query_arg(
|
568 |
array( 'page' => $this->get_options_menuname(),
|
569 |
+
'updated' => true,
|
570 |
'error_setting' => $error_setting,
|
571 |
'error_code' => $error_code ),
|
572 |
network_admin_url( 'admin.php' )
|
576 |
}
|
577 |
}
|
578 |
|
579 |
+
// PLUGINS PAGE
|
580 |
+
|
581 |
+
public function ga_plugin_action_links( $links, $file ) {
|
582 |
+
if ($file == $this->my_plugin_basename()) {
|
583 |
+
$settings_link = '<a href="'.$this->get_settings_url().'">Settings</a>';
|
584 |
+
array_unshift( $links, $settings_link );
|
585 |
+
}
|
586 |
+
|
587 |
+
return $links;
|
588 |
+
}
|
589 |
+
|
590 |
// HOOKS AND FILTERS
|
591 |
// *****************
|
592 |
|
594 |
add_action('login_enqueue_scripts', array($this, 'ga_login_styles'));
|
595 |
add_action('login_form', array($this, 'ga_login_form'));
|
596 |
add_action('authenticate', array($this, 'ga_authenticate'), 5, 3);
|
597 |
+
|
598 |
+
add_filter('login_redirect', array($this, 'ga_login_redirect'), 5, 3 );
|
599 |
add_action('init', array($this, 'ga_init'), 1);
|
600 |
|
601 |
add_action('admin_init', array($this, 'ga_admin_init'));
|
602 |
|
603 |
add_action(is_multisite() ? 'network_admin_menu' : 'admin_menu', array($this, 'ga_admin_menu'));
|
604 |
+
|
605 |
if (is_multisite()) {
|
606 |
+
add_filter('network_admin_plugin_action_links', array($this, 'ga_plugin_action_links'), 10, 2 );
|
607 |
add_action('network_admin_edit_'.$this->get_options_menuname(), array($this, 'ga_save_network_options'));
|
608 |
}
|
609 |
+
else {
|
610 |
+
add_filter( 'plugin_action_links', array($this, 'ga_plugin_action_links'), 10, 2 );
|
|
|
|
|
|
|
|
|
611 |
}
|
|
|
612 |
}
|
613 |
+
|
614 |
}
|
615 |
|
616 |
?>
|
google_apps_login.php
CHANGED
@@ -3,24 +3,35 @@
|
|
3 |
/**
|
4 |
* Plugin Name: Google Apps Login
|
5 |
* Plugin URI: http://wp-glogin.com/
|
6 |
-
* Description:
|
7 |
-
* Version: 1.
|
8 |
* Author: Dan Lester
|
9 |
-
* Author URI: http://
|
10 |
* License: GPL3
|
|
|
11 |
*/
|
12 |
|
13 |
require_once( plugin_dir_path(__FILE__).'/core/core_google_apps_login.php' );
|
14 |
|
15 |
class basic_google_apps_login extends core_google_apps_login {
|
16 |
|
|
|
|
|
17 |
public function ga_section_text_end() {
|
18 |
?>
|
19 |
-
<p><b>For support and premium features, please visit:
|
20 |
<a href="http://wp-glogin.com/?utm_source=Admin%20Panel&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
|
21 |
</p>
|
22 |
<?php
|
23 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
24 |
|
25 |
}
|
26 |
|
3 |
/**
|
4 |
* Plugin Name: Google Apps Login
|
5 |
* Plugin URI: http://wp-glogin.com/
|
6 |
+
* Description: Simple secure login for Wordpress through users' Google Apps accounts (uses secure OAuth2, and MFA if enabled)
|
7 |
+
* Version: 1.3
|
8 |
* Author: Dan Lester
|
9 |
+
* Author URI: http://wp-glogin.com/
|
10 |
* License: GPL3
|
11 |
+
* Network: true
|
12 |
*/
|
13 |
|
14 |
require_once( plugin_dir_path(__FILE__).'/core/core_google_apps_login.php' );
|
15 |
|
16 |
class basic_google_apps_login extends core_google_apps_login {
|
17 |
|
18 |
+
protected $PLUGIN_VERSION = '1.3';
|
19 |
+
|
20 |
public function ga_section_text_end() {
|
21 |
?>
|
22 |
+
<p><b>For full support, and premium features that greatly simplify WordPress user management for admins, please visit:
|
23 |
<a href="http://wp-glogin.com/?utm_source=Admin%20Panel&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
|
24 |
</p>
|
25 |
<?php
|
26 |
}
|
27 |
+
|
28 |
+
public function my_plugin_basename() {
|
29 |
+
$basename = plugin_basename(__FILE__);
|
30 |
+
if ('/'.$basename == __FILE__) { // Maybe due to symlink
|
31 |
+
$basename = basename(dirname(__FILE__)).'/'.basename(__FILE__);
|
32 |
+
}
|
33 |
+
return $basename;
|
34 |
+
}
|
35 |
|
36 |
}
|
37 |
|
readme.txt
CHANGED
@@ -1,27 +1,35 @@
|
|
1 |
=== Plugin Name ===
|
2 |
Contributors: danlester
|
3 |
-
Tags: login, google, authentication, oauth2, oauth, admin,
|
4 |
Requires at least: 3.3
|
5 |
Tested up to: 3.8
|
6 |
-
Stable tag: 1.
|
7 |
License: GPLv3
|
8 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
9 |
|
10 |
-
|
|
|
11 |
|
12 |
== Description ==
|
13 |
|
14 |
-
Google Apps Login allows existing Wordpress user accounts to login to the
|
15 |
-
account. This means that if they are already logged into Gmail for example, they can simply click their way
|
16 |
through the Wordpress login screen - no username or password is explicitly required!
|
17 |
|
18 |
-
|
|
|
|
|
|
|
|
|
|
|
19 |
|
20 |
Plugin setup requires you to have admin access to any Google Apps domain, or a regular Gmail account, to register and
|
21 |
obtain two simple codes from Google.
|
22 |
|
23 |
-
**
|
24 |
-
|
|
|
|
|
25 |
|
26 |
**See [http://wp-glogin.com/](http://wp-glogin.com/)**
|
27 |
|
@@ -29,12 +37,14 @@ Google Apps Login uses the latest secure OAuth2 authentication recommended by Go
|
|
29 |
may allow you to use your Google username and password to login, but they do not do this securely:
|
30 |
|
31 |
* Other plugins: Users' passwords will be handled by your blog's server, potentially unencrypted. If these are compromised,
|
32 |
-
hackers would be able to gain access to your Google email accounts! This includes
|
33 |
-
|
|
|
34 |
|
35 |
* This plugin: Users' passwords are only ever submitted to Google itself, then Google is asked to authenticate the user to
|
36 |
-
your
|
37 |
-
|
|
|
38 |
|
39 |
== Screenshots ==
|
40 |
|
@@ -43,6 +53,27 @@ has permission to authenticate the user and obtain basic profile data - it can n
|
|
43 |
|
44 |
== Frequently Asked Questions ==
|
45 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46 |
= Does the plugin work with HTTP or HTTPS login pages? =
|
47 |
|
48 |
The plugin will work whether your site is configured for HTTP or HTTPS.
|
@@ -56,17 +87,17 @@ for login.
|
|
56 |
You may then need to ensure the Redirect URL and Web Origin in the Google Cloud Console are
|
57 |
set as HTTPS (this will make sense if you follow the installation instructions again).
|
58 |
|
59 |
-
If for some reason you cannot set FORCE_SSL_ADMIN, then you can add two URLs to the Google
|
60 |
Cloud Console for each entry, e.g. Redirect URL = http://wpexample.com/wp-login.php, and
|
61 |
then add another one for https://wpexample.com/wp-login.php. Same idea for Web Origin.
|
62 |
|
63 |
= Does the plugin work on Multisite? =
|
64 |
|
65 |
-
It is written, tested, and secure for multisite
|
66 |
network-wide for security reasons.
|
67 |
|
68 |
-
|
69 |
-
|
70 |
|
71 |
= Is it secure? =
|
72 |
|
@@ -105,12 +136,20 @@ If you cannot install from the WordPress plugins directory for any reason, and n
|
|
105 |
the Plugins section of your Wordpress admin
|
106 |
1. Follow the instructions from step 4 above
|
107 |
|
108 |
-
==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
109 |
|
110 |
= 1.1 =
|
111 |
-
|
112 |
-
|
113 |
-
Better support for mal-configured Google credentials
|
114 |
No longer uses PHP-based sessions - will work on even more WordPress configurations
|
115 |
|
116 |
= 1.0 =
|
1 |
=== Plugin Name ===
|
2 |
Contributors: danlester
|
3 |
+
Tags: login, google, authentication, oauth2, oauth, admin, google apps, sso, single-sign-on, auth, intranet
|
4 |
Requires at least: 3.3
|
5 |
Tested up to: 3.8
|
6 |
+
Stable tag: 1.3
|
7 |
License: GPLv3
|
8 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
9 |
|
10 |
+
Simple secure login and user management for Wordpress through your Google Apps domain
|
11 |
+
(uses secure OAuth2, and MFA if enabled)
|
12 |
|
13 |
== Description ==
|
14 |
|
15 |
+
Google Apps Login allows existing Wordpress user accounts to login to the website using Google to securely authenticate
|
16 |
+
their account. This means that if they are already logged into Gmail for example, they can simply click their way
|
17 |
through the Wordpress login screen - no username or password is explicitly required!
|
18 |
|
19 |
+
One-click login will work for the following domains and user accounts:
|
20 |
+
|
21 |
+
* Google Apps for Business
|
22 |
+
* Google Apps for Education
|
23 |
+
* Google Apps for Non-profits
|
24 |
+
* Personal gmail.com and googlemail.com emails
|
25 |
|
26 |
Plugin setup requires you to have admin access to any Google Apps domain, or a regular Gmail account, to register and
|
27 |
obtain two simple codes from Google.
|
28 |
|
29 |
+
**Full support and premium features are also available for purchase:**
|
30 |
+
|
31 |
+
**Eliminate the need for Google Apps domain admins to separately manage WordPress user accounts, and get piece
|
32 |
+
of mind that only authorized employees have access to the organizations's websites and intranet.**
|
33 |
|
34 |
**See [http://wp-glogin.com/](http://wp-glogin.com/)**
|
35 |
|
37 |
may allow you to use your Google username and password to login, but they do not do this securely:
|
38 |
|
39 |
* Other plugins: Users' passwords will be handled by your blog's server, potentially unencrypted. If these are compromised,
|
40 |
+
hackers would be able to gain access to your Google email accounts! This includes all
|
41 |
+
[Google Apps](http://www.google.com/enterprise/apps/business/products.html) (Gmail, Drive, Calendar
|
42 |
+
etc), and any other services which use your Google account to login.
|
43 |
|
44 |
* This plugin: Users' passwords are only ever submitted to Google itself, then Google is asked to authenticate the user to
|
45 |
+
your WordPress site. This means Multi-factor Authentication can still be used (if set up on your Google account).
|
46 |
+
Your website only requires permission to authenticate the user and obtain basic profile data - it can never have access to
|
47 |
+
your emails and other data.
|
48 |
|
49 |
== Screenshots ==
|
50 |
|
53 |
|
54 |
== Frequently Asked Questions ==
|
55 |
|
56 |
+
= How can I obtain support for this product? =
|
57 |
+
|
58 |
+
Full support is available if you purchase the appropriate license from the author via:
|
59 |
+
[http://wp-glogin.com/google-apps-login-premium/](http://wp-glogin.com/google-apps-login-premium/)
|
60 |
+
|
61 |
+
Please feel free to email [support@wp-glogin.com](mailto:support@wp-glogin.com) with any questions,
|
62 |
+
as we may be able to help, but you may be required to purchase a support license if the problem
|
63 |
+
is specific to your installation or requirements.
|
64 |
+
|
65 |
+
We may occasionally be able to respond to support queries posted on the 'Support' forum here on the wordpress.org
|
66 |
+
plugin page, but we recommend sending us an email instead if possible.
|
67 |
+
|
68 |
+
= Is login restricted to the Google Apps domain I use to set up the plugin? =
|
69 |
+
|
70 |
+
No, once you set up the plugin, any WordPress accounts whose email address corresponds to *any* Google account,
|
71 |
+
whether on a different Google Apps domain or even a personal gmail.com account, will be able to use 'Login with
|
72 |
+
Google' to easily connect to your WordPress site.
|
73 |
+
|
74 |
+
However, our [premium plugin](http://wp-glogin.com/google-apps-login-premium/) has features that greatly simplify
|
75 |
+
your WordPress user management if your WordPress users are mostly on the same Google Apps domain(s).
|
76 |
+
|
77 |
= Does the plugin work with HTTP or HTTPS login pages? =
|
78 |
|
79 |
The plugin will work whether your site is configured for HTTP or HTTPS.
|
87 |
You may then need to ensure the Redirect URL and Web Origin in the Google Cloud Console are
|
88 |
set as HTTPS (this will make sense if you follow the installation instructions again).
|
89 |
|
90 |
+
If for some reason you cannot set FORCE_SSL_ADMIN, then instead you can add two URLs to the Google
|
91 |
Cloud Console for each entry, e.g. Redirect URL = http://wpexample.com/wp-login.php, and
|
92 |
then add another one for https://wpexample.com/wp-login.php. Same idea for Web Origin.
|
93 |
|
94 |
= Does the plugin work on Multisite? =
|
95 |
|
96 |
+
It is written, tested, and secure for multisite WordPress, both for subdirectories and subdomains, and *must* be activated
|
97 |
network-wide for security reasons.
|
98 |
|
99 |
+
There are many different possible configurations of multisite WordPress, however, so you must test carefully if you
|
100 |
+
have any other plugins or special setup.
|
101 |
|
102 |
= Is it secure? =
|
103 |
|
136 |
the Plugins section of your Wordpress admin
|
137 |
1. Follow the instructions from step 4 above
|
138 |
|
139 |
+
== Changelog ==
|
140 |
+
|
141 |
+
= 1.3 =
|
142 |
+
Much neater support for redirecting users to most appropriate page post-login,
|
143 |
+
especially on multisite installations; Better notices guiding admins through
|
144 |
+
configuration
|
145 |
+
|
146 |
+
= 1.2 =
|
147 |
+
Upgrade to match WordPress 3.8;
|
148 |
+
More extensible code
|
149 |
|
150 |
= 1.1 =
|
151 |
+
Increased security - uses an extra authenticity check;
|
152 |
+
Better support for mal-configured Google credentials;
|
|
|
153 |
No longer uses PHP-based sessions - will work on even more WordPress configurations
|
154 |
|
155 |
= 1.0 =
|