Google Apps Login - Version 1.4

Version Description

Added clearer instructions, plus new options: automatically redirect users to Login via Google; plus force users to fully approve access to their Google account every time they login (allowing them to switch accounts if only logged into the wrong one, as well as making the process clearer).

Download this release

Release Info

Developer danlester
Plugin Icon 128x128 Google Apps Login
Version 1.4
Comparing to
See all releases

Code changes from version 1.3 to 1.4

core/core_google_apps_login.php CHANGED
@@ -35,7 +35,7 @@ class core_google_apps_login {
35
  $client->setRedirectUri($this->get_login_url());
36
 
37
  $client->setScopes(Array('openid', 'email', 'https://www.googleapis.com/auth/userinfo.profile'));
38
- $client->setApprovalPrompt('auto');
39
 
40
  $oauthservice = new Google_Oauth2Service($client);
41
 
@@ -93,7 +93,33 @@ class core_google_apps_login {
93
  }
94
 
95
  public function ga_login_form() {
 
 
96
  $authUrl = $this->ga_start_auth_get_url();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
97
  ?>
98
  <div class="galogin">
99
  <a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
@@ -308,6 +334,7 @@ class core_google_apps_login {
308
 
309
  $this->ga_admin_init_main();
310
  $this->ga_admin_init_domain();
 
311
  $this->ga_admin_init_multisite();
312
 
313
  // Admin notice that configuration is required
@@ -347,7 +374,18 @@ class core_google_apps_login {
347
  array($this, 'ga_do_settings_ms_usesubsitecallback'), $this->get_options_name(), 'galogin_multisite_section');
348
  }
349
  }
350
-
 
 
 
 
 
 
 
 
 
 
 
351
  public function ga_admin_menu() {
352
  if (is_multisite()) {
353
  add_submenu_page( 'settings.php', 'Google Apps Login settings', 'Google Apps Login',
@@ -371,7 +409,16 @@ class core_google_apps_login {
371
 
372
  <div>
373
  <h2>Google Apps Login setup</h2>
374
- Set up your website to enable Google logins.
 
 
 
 
 
 
 
 
 
375
  <form action="<?php echo $submit_page; ?>" method="post">
376
  <?php settings_fields($this->get_options_pagename()); ?>
377
  <?php do_settings_sections($this->get_options_name()); ?>
@@ -423,43 +470,10 @@ class core_google_apps_login {
423
 
424
  public function ga_mainsection_text() {
425
  ?>
426
- <p>The Google Apps domain admin needs to go to
427
- <a href="https://cloud.google.com/console" target="_blank">https://cloud.google.com/console</a>. If you
428
- are not the domain admin, you may still have permissions to use the console, so just try it. If you are
429
- not using Google Apps, then just use your regular Gmail account to access the console.
430
  </p>
431
- <p>There, create a new project (any name is fine, and just leave Project ID as it is) - you may be required to
432
- accept a verification phone call or SMS from Google.</p>
433
-
434
- <p>Then create a new 'Client ID' within the project, of type 'Web Application'. To create this,
435
- you need to click into the new project, then click <i>APIs &amp; Auth</i> in the left-hand menu.
436
- Click <i>Credentials</i> beneath that, then click the red <i>Create New Client ID</i> button.
437
- Make sure you select <i>Web Application</i> as the Platform type.
438
- </p>
439
- <p>You must input, into your new Google 'Client ID', the following items:
440
- <ul style="margin-left: 10px;">
441
- <li>Authorized Javascript origins: <?php echo (is_ssl() || force_ssl_login() || force_ssl_admin() ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/'; ?></li>
442
- <li>Authorized redirect URI: <?php echo $this->get_login_url(); ?></li>
443
- </ul>
444
- </p>
445
- <p>
446
- Once you have created the application (click the blue <i>Create Client ID</i> button), you need to turn to the
447
- <i>Client ID for web application</i> section to be able to complete
448
- the following steps. (<b>Not</b> the <i>Compute Engine and App Engine</i> section at the top.)
449
- </p>
450
-
451
- <p>You will see a Client ID and Client Secret which you must copy
452
- and paste into the boxes below on this screen - i.e. back in your Wordpress admin, right here.</p>
453
-
454
- <p><b>Optional:</b> In the Google Cloud Console, you can configure some things your users will see when they
455
- login. By default, Google will tell them they are authorizing 'Project Default Service Account', which is
456
- not very user friendly. You can change this to your company or blog name (and add your logo etc) by clicking
457
- <i>Consent screen</i> (which is another sub-menu of <i>APIs &amp; Auth</i>).
458
- </p>
459
-
460
  <?php
461
-
462
- $this->ga_section_text_end();
463
  }
464
 
465
  protected function ga_section_text_end() {
@@ -467,18 +481,33 @@ class core_google_apps_login {
467
 
468
  public function ga_multisitesection_text() {
469
  ?>
470
- <p>These settings are for multisite admins only. By default, all logins need to be submitted via the root site
471
- (since that is the only Redirect URL you were asked to submit to Google Cloud Console above).
472
- If you have a reason to register Redirect URLs for each of your sub-sites too, tick the box below to
473
- have all logins submitted to the sub-site they were invoked on.
474
  </p>
475
  <?php
476
  }
477
-
478
  public function ga_do_settings_ms_usesubsitecallback() {
479
  $options = $this->get_option_galogin();
480
  echo "<input id='input_ga_ms_usesubsitecallback' name='".$this->get_options_name()."[ga_ms_usesubsitecallback]' type='checkbox' ".($options['ga_ms_usesubsitecallback'] ? 'checked' : '')." />";
481
- echo "<div>Leave unchecked in most cases</div>";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
482
  }
483
 
484
  public function ga_options_validate($input) {
@@ -502,6 +531,8 @@ class core_google_apps_login {
502
  );
503
  }
504
  $newinput['ga_ms_usesubsitecallback'] = isset($input['ga_ms_usesubsitecallback']) ? $input['ga_ms_usesubsitecallback'] : false;
 
 
505
  $newinput['ga_version'] = $this->PLUGIN_VERSION;
506
  return $newinput;
507
  }
@@ -522,7 +553,12 @@ class core_google_apps_login {
522
  }
523
 
524
  protected function get_default_options() {
525
- return Array('ga_version' => $this->PLUGIN_VERSION, 'ga_clientid' => '', 'ga_clientsecret' => '', 'ga_ms_usesubsitecallback' => false);
 
 
 
 
 
526
  }
527
 
528
  protected $ga_options = null;
@@ -576,6 +612,24 @@ class core_google_apps_login {
576
  }
577
  }
578
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
579
  // PLUGINS PAGE
580
 
581
  public function ga_plugin_action_links( $links, $file ) {
35
  $client->setRedirectUri($this->get_login_url());
36
 
37
  $client->setScopes(Array('openid', 'email', 'https://www.googleapis.com/auth/userinfo.profile'));
38
+ $client->setApprovalPrompt($options['ga_force_permissions'] ? 'force' : 'auto');
39
 
40
  $oauthservice = new Google_Oauth2Service($client);
41
 
93
  }
94
 
95
  public function ga_login_form() {
96
+ $options = $this->get_option_galogin();
97
+
98
  $authUrl = $this->ga_start_auth_get_url();
99
+
100
+ $do_autologin = false;
101
+
102
+ if (isset($_GET['gaautologin'])) { // This GET param can always override the option set in admin pabel
103
+ $do_autologin = $_GET['gaautologin'] == 'true';
104
+ }
105
+ elseif (($options['ga_auto_login'] && count($_GET) == 0)) {
106
+ $do_autologin = true;
107
+ }
108
+
109
+ if ($do_autologin) {
110
+ if (!headers_sent()) {
111
+ wp_redirect($authUrl);
112
+ exit;
113
+ }
114
+ else { ?>
115
+ <p><b>Redirecting to <a href="<?php echo $authUrl; ?>">Login via Google</a>...</b></p>
116
+ <script type="text/javascript">
117
+ window.location = "<?php echo $authUrl; ?>";
118
+ </script>
119
+ <?php
120
+ }
121
+ }
122
+
123
  ?>
124
  <div class="galogin">
125
  <a href="<?php echo $authUrl; ?>">or <b>Login with Google</b></a>
334
 
335
  $this->ga_admin_init_main();
336
  $this->ga_admin_init_domain();
337
+ $this->ga_admin_init_advanced();
338
  $this->ga_admin_init_multisite();
339
 
340
  // Admin notice that configuration is required
374
  array($this, 'ga_do_settings_ms_usesubsitecallback'), $this->get_options_name(), 'galogin_multisite_section');
375
  }
376
  }
377
+
378
+ public function ga_admin_init_advanced() {
379
+ add_settings_section('galogin_advanced_section', 'Advanced Options',
380
+ array($this, 'ga_advancedsection_text'), $this->get_options_name());
381
+
382
+ add_settings_field('ga_force_permissions', 'Force user to confirm Google permissions every time',
383
+ array($this, 'ga_do_settings_force_permissions'), $this->get_options_name(), 'galogin_advanced_section');
384
+
385
+ add_settings_field('ga_auto_login', 'Automatically redirect to Google from login page',
386
+ array($this, 'ga_do_settings_auto_login'), $this->get_options_name(), 'galogin_advanced_section');
387
+ }
388
+
389
  public function ga_admin_menu() {
390
  if (is_multisite()) {
391
  add_submenu_page( 'settings.php', 'Google Apps Login settings', 'Google Apps Login',
409
 
410
  <div>
411
  <h2>Google Apps Login setup</h2>
412
+
413
+ <p>To set up your website to enable Google logins, you will need to follow instructions specific to your website.</p>
414
+
415
+ <p><a href="<?php echo $this->calculate_instructions_url(); ?>#config" target="gainstr">Click here to open your
416
+ personalized instructions in a new window</a></p>
417
+
418
+ <?php
419
+ $this->ga_section_text_end();
420
+ ?>
421
+
422
  <form action="<?php echo $submit_page; ?>" method="post">
423
  <?php settings_fields($this->get_options_pagename()); ?>
424
  <?php do_settings_sections($this->get_options_name()); ?>
470
 
471
  public function ga_mainsection_text() {
472
  ?>
473
+ <p>The instructions above will guide you to Google's Cloud Console where you will enter two URLs, and also
474
+ obtain two codes (Client ID and Client Secret) which you will need to enter in the boxes below.
 
 
475
  </p>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
476
  <?php
 
 
477
  }
478
 
479
  protected function ga_section_text_end() {
481
 
482
  public function ga_multisitesection_text() {
483
  ?>
484
+ <p>This setting is for multisite admins only. See <a href="<?php echo $this->calculate_instructions_url('m'); ?>#multisite" target="gainstr">instructions here</a>.
 
 
 
485
  </p>
486
  <?php
487
  }
488
+
489
  public function ga_do_settings_ms_usesubsitecallback() {
490
  $options = $this->get_option_galogin();
491
  echo "<input id='input_ga_ms_usesubsitecallback' name='".$this->get_options_name()."[ga_ms_usesubsitecallback]' type='checkbox' ".($options['ga_ms_usesubsitecallback'] ? 'checked' : '')." />";
492
+ echo "<div>Leave unchecked if in doubt</div>";
493
+ }
494
+
495
+ public function ga_advancedsection_text() {
496
+ ?>
497
+ <p>Once you have the plugin working, you can try these settings to customize the login flow for your users.
498
+ See <a href="<?php echo $this->calculate_instructions_url('a'); ?>#advanced" target="gainstr">instructions here</a>.
499
+ </p>
500
+ <?php
501
+ }
502
+
503
+ public function ga_do_settings_force_permissions() {
504
+ $options = $this->get_option_galogin();
505
+ echo "<input id='input_ga_force_permissions' name='".$this->get_options_name()."[ga_force_permissions]' type='checkbox' ".($options['ga_force_permissions'] ? 'checked' : '')." />";
506
+ }
507
+
508
+ public function ga_do_settings_auto_login() {
509
+ $options = $this->get_option_galogin();
510
+ echo "<input id='input_ga_auto_login' name='".$this->get_options_name()."[ga_auto_login]' type='checkbox' ".($options['ga_auto_login'] ? 'checked' : '')." />";
511
  }
512
 
513
  public function ga_options_validate($input) {
531
  );
532
  }
533
  $newinput['ga_ms_usesubsitecallback'] = isset($input['ga_ms_usesubsitecallback']) ? $input['ga_ms_usesubsitecallback'] : false;
534
+ $newinput['ga_force_permissions'] = isset($input['ga_force_permissions']) ? $input['ga_force_permissions'] : false;
535
+ $newinput['ga_auto_login'] = isset($input['ga_auto_login']) ? $input['ga_auto_login'] : false;
536
  $newinput['ga_version'] = $this->PLUGIN_VERSION;
537
  return $newinput;
538
  }
553
  }
554
 
555
  protected function get_default_options() {
556
+ return Array('ga_version' => $this->PLUGIN_VERSION,
557
+ 'ga_clientid' => '',
558
+ 'ga_clientsecret' => '',
559
+ 'ga_ms_usesubsitecallback' => false,
560
+ 'ga_force_permissions' => false,
561
+ 'ga_auto_login' => false);
562
  }
563
 
564
  protected $ga_options = null;
612
  }
613
  }
614
 
615
+ protected function calculate_instructions_url($refresh='n') {
616
+ return add_query_arg(
617
+ array( 'garedirect' => urlencode( $this->get_login_url() ),
618
+ 'gaorigin' => urlencode( (is_ssl() || force_ssl_login() || force_ssl_admin()
619
+ ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].'/' ),
620
+ 'ganotms' => is_multisite() ? 'false' : 'true',
621
+ 'gar' => urlencode( $refresh ),
622
+ 'utm_source' => 'Admin%20Instructions',
623
+ 'utm_medium' => 'freemium',
624
+ 'utm_campaign' => 'Freemium' ),
625
+ $this->get_wpglogincom_baseurl()
626
+ );
627
+ }
628
+
629
+ protected function get_wpglogincom_baseurl() {
630
+ return 'http://wp-glogin.com/installing-google-apps-login/basic-setup/';
631
+ }
632
+
633
  // PLUGINS PAGE
634
 
635
  public function ga_plugin_action_links( $links, $file ) {
google_apps_login.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
  * Description: Simple secure login for Wordpress through users' Google Apps accounts (uses secure OAuth2, and MFA if enabled)
7
- * Version: 1.3
8
  * Author: Dan Lester
9
  * Author URI: http://wp-glogin.com/
10
  * License: GPL3
@@ -15,12 +15,12 @@ require_once( plugin_dir_path(__FILE__).'/core/core_google_apps_login.php' );
15
 
16
  class basic_google_apps_login extends core_google_apps_login {
17
 
18
- protected $PLUGIN_VERSION = '1.3';
19
 
20
  public function ga_section_text_end() {
21
  ?>
22
  <p><b>For full support, and premium features that greatly simplify WordPress user management for admins, please visit:
23
- <a href="http://wp-glogin.com/?utm_source=Admin%20Panel&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
24
  </p>
25
  <?php
26
  }
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
  * Description: Simple secure login for Wordpress through users' Google Apps accounts (uses secure OAuth2, and MFA if enabled)
7
+ * Version: 1.4
8
  * Author: Dan Lester
9
  * Author URI: http://wp-glogin.com/
10
  * License: GPL3
15
 
16
  class basic_google_apps_login extends core_google_apps_login {
17
 
18
+ protected $PLUGIN_VERSION = '1.4';
19
 
20
  public function ga_section_text_end() {
21
  ?>
22
  <p><b>For full support, and premium features that greatly simplify WordPress user management for admins, please visit:
23
+ <a href="http://wp-glogin.com/?utm_source=Admin%20Promo&utm_medium=freemium&utm_campaign=Freemium" target="_blank">http://wp-glogin.com/</a></b>
24
  </p>
25
  <?php
26
  }
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: danlester
3
  Tags: login, google, authentication, oauth2, oauth, admin, google apps, sso, single-sign-on, auth, intranet
4
  Requires at least: 3.3
5
  Tested up to: 3.8
6
- Stable tag: 1.3
7
  License: GPLv3
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
@@ -138,6 +138,13 @@ the Plugins section of your Wordpress admin
138
 
139
  == Changelog ==
140
 
 
 
 
 
 
 
 
141
  = 1.3 =
142
  Much neater support for redirecting users to most appropriate page post-login,
143
  especially on multisite installations; Better notices guiding admins through
3
  Tags: login, google, authentication, oauth2, oauth, admin, google apps, sso, single-sign-on, auth, intranet
4
  Requires at least: 3.3
5
  Tested up to: 3.8
6
+ Stable tag: 1.4
7
  License: GPLv3
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
138
 
139
  == Changelog ==
140
 
141
+ = 1.4 =
142
+
143
+ Added clearer instructions, plus new options: automatically redirect users
144
+ to Login via Google; plus force users to fully approve access to their
145
+ Google account every time they login (allowing them to switch accounts if only
146
+ logged into the wrong one, as well as making the process clearer).
147
+
148
  = 1.3 =
149
  Much neater support for redirecting users to most appropriate page post-login,
150
  especially on multisite installations; Better notices guiding admins through