Source: classes/Authentications/WordPressBasicAuth.php

  1. <?php
  2. /**
  3.  * WP basic auth functionality
  4.  *
  5.  * @package  distributor
  6.  */
  8. namespace Distributor\Authentications;
  10. use \Distributor\Authentication as Authentication;
  12. /**
  13.  * This auth type is simple username/password WP style
  14.  */
  15. class WordPressBasicAuth extends Authentication {
  16. 	/**
  17. 	 * Auth handler slug
  18. 	 *
  19. 	 * @var string
  20. 	 */
  21. 	public static $slug = 'user-pass';
  23. 	/**
  24. 	 * Does auth require creds or not
  25. 	 *
  26. 	 * @var boolean
  27. 	 */
  28. 	public static $requires_credentials = true;
  30. 	/**
  31. 	 * Pretty auth label to use
  32. 	 *
  33. 	 * @var string
  34. 	 */
  35. 	public static $label = 'Username/Password';
  37. 	/**
  38. 	 * Site URL
  39. 	 *
  40. 	 * @var string
  41. 	 */
  42. 	public $site_url;
  44. 	/**
  45. 	 * Username
  46. 	 *
  47. 	 * @var string
  48. 	 */
  49. 	public $username;
  51. 	/**
  52. 	 * Password
  53. 	 *
  54. 	 * @var string
  55. 	 */
  56. 	public $password;
  58. 	/**
  59. 	 * API Key
  60. 	 *
  61. 	 * @var string
  62. 	 */
  63. 	public $client_id;
  65. 	/**
  66. 	 * API Secret
  67. 	 *
  68. 	 * @var string
  69. 	 */
  70. 	public $client_secret;
  72. 	/**
  73. 	 * Redirect URI
  74. 	 *
  75. 	 * @var string
  76. 	 */
  77. 	public $redirect_uri;
  79. 	/**
  80. 	 * Access Token
  81. 	 *
  82. 	 * @var string
  83. 	 */
  84. 	public $base64_encoded;
  86. 	/**
  87. 	 * Created Post ID
  88. 	 *
  89. 	 * @var string
  90. 	 */
  91. 	public $dt_created_post_id;
  93. 	/**
  94. 	 * Setup class
  95. 	 *
  96. 	 * @param array $args Assoc array of args.
  97. 	 */
  98. 	public function __construct( $args ) {
  99. 		parent::__construct( $args );
  101. 		if ( isset( $this->password ) && isset( $this->username ) ) {
  102. 			$this->base64_encoded = base64_encode( $this->username . ':' . $this->password ); // @codingStandardsIgnoreLine valid use of base64_encode
  103. 		}
  105. 		if ( empty( $this->base64_encoded ) ) {
  106. 			$this->base64_encoded = false;
  107. 		}
  108. 	}
  110. 	/**
  111. 	 * Output credentials form for this auth type
  112. 	 *
  113. 	 * @param  array $args Array of args.
  114. 	 * @since  0.8
  115. 	 */
  116. 	public static function credentials_form( $args = array() ) {
  117. 		if ( empty( $args['username'] ) ) {
  118. 			$args['username'] = '';
  119. 		}
  120. 		?>
  121. 		<div class="external-connection-wizard card">
  122. 			<h3><?php esc_html_e( 'Remote Connection Wizard', 'distributor' ); ?></h3>
  123. 			<p>
  124. 				<?php esc_html_e( 'Enter the URL of a site that also has the latest version of Distributor installed and the wizard will attempt to generate an application-specific password and fill in the rest of the connection details for you.', 'distributor' ); ?>
  125. 			</p>
  126. 			<p>
  127. 				<?php esc_html_e( 'If you are not already logged in to the other site, you will be prompted to log in before continuing. The login details you enter will not be stored on this site.', 'distributor' ); ?>
  128. 			</p>
  129. 			<label for="dt_external_site_url"><?php esc_html_e( 'External Site URL', 'distributor' ); ?></label><br>
  130. 			<input type="text" name="dt_external_connection_auth[site_url]" data-auth-field="dt_external_site_url" value="" class="widefat" id="dt_external_site_url" placeholder="https://remotesite.com" autocomplete="off" value="">
  131. 			<p>
  132. 				<button class="button button-large establish-connection-button button-primary">
  133. 					<?php esc_html_e( 'Authorize Connection', 'distributor' ); ?>
  134. 				</button>
  135. 				<a href="#" class="manual-setup-button">
  136. 					<?php esc_html_e( 'Manually Set Up Connection', 'distributor' ); ?>
  137. 				</a>
  138. 				<div class="dt-wizard-status">
  139. 					<span class="spinner is-active"></span>
  140. 					<span><?php esc_html_e( 'Checking the connection...', 'distributor' ); ?></span>
  141. 				</div>
  142. 				<div class="dt-wizard-error">
  143. 				</div>
  144. 			</p>
  145. 			<p class="description">
  146. 				<?php esc_html_e( 'Note: the remote site must also be running Distributor version 1.6.0 or higher to use this wizard. If not, please manually set up the connection.', 'distributor' ); ?>
  147. 			</p>
  148. 		</div>
  149. 		<div class="external-connection-setup">
  151. 			<h3><?php esc_html_e( 'Edit configuration', 'distributor' ); ?></h3>
  153. 			<label for="dt_username"><?php esc_html_e( 'Username', 'distributor' ); ?></label><br>
  154. 			<input type="text" name="dt_external_connection_auth[username]" data-auth-field="username" value="<?php echo esc_attr( $args['username'] ); ?>" class="auth-field" id="dt_username" autocomplete="off" >
  156. 			<span class="description"><?php esc_html_e( 'A username from the external WordPress site to connect with. For full functionality, this needs to be a user with an administrator role.', 'distributor' ); ?></span>
  158. 			<p>
  159. 				<label for="dt_username"><?php esc_html_e( 'Password', 'distributor' ); ?> <?php
  160. 				if ( ! empty( $args['base64_encoded'] ) ) :
  161. 					?>
  162. 					<a class="change-password" href="#"><?php esc_html_e( '(Change)', 'distributor' ); ?></a><?php endif; ?></label><br>
  164. 				<?php if ( ! empty( $args['base64_encoded'] ) ) : ?>
  165. 				<input disabled type="password" name="dt_external_connection_auth[password]" value="ertdfweewefewwe" data-auth-field="password" class="auth-field" id="dt_password">
  166. 				<?php else : ?>
  167. 					<input type="password" name="dt_external_connection_auth[password]" data-auth-field="password" class="auth-field" id="dt_password" autocomplete="off" >
  168. 				<?php endif; ?>
  170. 				<span class="description">
  171. 					<?php
  172. 					$plugin_link = 'https://make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/';
  174. 					printf(
  175. 						wp_kses_post(
  176. 							/* translators: %s: Application Passwords documentation URL */
  177. 							__( '<strong>Important:</strong> We strongly recommend using the <a href="%s">Application Passwords</a> feature on the site you are connecting to in order to create a unique password for this connection. This helps limit the use of your primary password and will allow you to revoke access in the future if needed.', 'distributor' )
  178. 						),
  179. 						esc_url( $plugin_link )
  180. 					);
  181. 					?>
  182. 			</p>
  183. 		</div>
  185. 		<?php
  186. 	}
  188. 	/**
  189. 	 * Prepare credentials for this auth type
  190. 	 *
  191. 	 * @param  array $args Creds to prepare.
  192. 	 * @since  0.8
  193. 	 * @return array
  194. 	 */
  195. 	public static function prepare_credentials( $args ) {
  196. 		$auth = array();
  198. 		if ( ! empty( $args['username'] ) ) {
  199. 			$auth['username'] = sanitize_text_field( $args['username'] );
  200. 		}
  202. 		if ( ! empty( $args['base64_encoded'] ) ) {
  203. 			$auth['base64_encoded'] = sanitize_text_field( $args['base64_encoded'] );
  204. 		}
  206. 		if ( ! empty( $args['password'] ) ) {
  207. 			$auth['base64_encoded'] = base64_encode( $args['username'] . ':' . $args['password'] ); // @codingStandardsIgnoreLine valid use of base64_encode
  208. 		}
  210. 		/**
  211. 		 * Filter the authorization credentials prepared before saving.
  212. 		 *
  213. 		 * @since 1.0
  214. 		 * @hook dt_auth_prepare_credentials
  215. 		 *
  216. 		 * @param {array}  $auth The credentials to be saved.
  217. 		 * @param {array}  $args The arguments originally passed to `prepare_credentials`.
  218. 		 * @param {string} $slug The authorization handler type slug.
  219. 		 *
  220. 		 * @return {array} The authorization credentials to be saved.
  221. 		 */
  222. 		return apply_filters( 'dt_auth_prepare_credentials', $auth, $args, self::$slug );
  223. 	}
  225. 	/**
  226. 	 * Add basic auth headers to get args
  227. 	 *
  228. 	 * @param  array $args Args to format.
  229. 	 * @param  array $context Current context.
  230. 	 * @since  0.8
  231. 	 * @return array
  232. 	 */
  233. 	public function format_get_args( $args = array(), $context = array() ) {
  234. 		if ( ! empty( $this->username ) && ! empty( $this->base64_encoded ) ) {
  235. 			if ( empty( $args['headers'] ) ) {
  236. 				$args['headers'] = array();
  237. 			}
  239. 			$args['headers']['Authorization'] = 'Basic ' . $this->base64_encoded;
  240. 		}
  242. 		return parent::format_get_args( $args, $context );
  243. 	}
  245. 	/**
  246. 	 * Add basic auth headers to post args
  247. 	 *
  248. 	 * @param  array $args Args to format.
  249. 	 * @param  array $context Current context.
  250. 	 * @since  0.8
  251. 	 * @return array
  252. 	 */
  253. 	public function format_post_args( $args, $context = array() ) {
  254. 		if ( ! empty( $this->username ) && ! empty( $this->base64_encoded ) ) {
  255. 			if ( empty( $args['headers'] ) ) {
  256. 				$args['headers'] = array();
  257. 			}
  259. 			$args['headers']['Authorization'] = 'Basic ' . $this->base64_encoded;
  260. 		}
  262. 		return parent::format_post_args( $args, $context );
  263. 	}
  264. }