diff options
| author | Martin Schanzenbach <schanzen@gnunet.org> | 2020-12-31 09:15:53 +0900 |
|---|---|---|
| committer | Martin Schanzenbach <schanzen@gnunet.org> | 2020-12-31 09:15:53 +0900 |
| commit | 632f7a37b006467db749ee7a77506a417cdf210c (patch) | |
| tree | 03f6c911b22044dd4159752fe77ae35a20b053ab | |
| parent | 4048308e28fd612b9683fd8b47ed219eb7bf35c4 (diff) | |
| download | woocommerce-taler-632f7a37b006467db749ee7a77506a417cdf210c.tar.gz woocommerce-taler-632f7a37b006467db749ee7a77506a417cdf210c.tar.bz2 woocommerce-taler-632f7a37b006467db749ee7a77506a417cdf210c.zip | |
draft implementation of aggregated claim value parsing
| -rw-r--r-- | snippets/oidc-woocommerce.php | 82 |
1 files changed, 68 insertions, 14 deletions
diff --git a/snippets/oidc-woocommerce.php b/snippets/oidc-woocommerce.php index 974869a..2731728 100644 --- a/snippets/oidc-woocommerce.php +++ b/snippets/oidc-woocommerce.php @@ -57,6 +57,67 @@ add_filter( /** + * Checks if $claimname is in the body or _claim_names of the userinfo. + * If yes, returns the claim value. Otherwise, returns false. + * + * @param string $claimname the claim name to look for + * @param array $userinfo the JSON to look in + * @param string $claimvalue the source claim value ( from the body of the JWT of the claim source) + * @return True if a reference was found + */ +function get_claim( $claimname, $userinfo, &$claimvalue ) { + if ( ! isset( $token_response ) ) { + return False; + } + /** + * If we find a simple claim, return it. + */ + if ( array_keys_exists( $claimname, $token_response ) ) { + $claimvalue = $token_response[$claimname]; + return True; + } + /** + * If there are not aggregated claims, it is over. + */ + if ( ! array_key_exists( '_claim_names', $token_response ) || + ! array_key_exists( '_claim_sources', $token_response ) ) { + return False; + } + $claim_src_ptr = $token_response['_claim_names']; + if ( ! isset( $claim_src_ptr ) ) { + return False; + } + /** + * No reference found + */ + if ( ! array_key_exists( $claimname, $claim_src_ptr ) ) { + return False; + } + $src = $claim_src_ptr[$claimname]; + //Reference found, but no corresponding JWT. This is a malformed userinfo + if ( ! array_key_exists( $src, $token_response['_claim_sources']) ) { + return False; + } + //Source claim is not a JWT. Abort. + if ( ! array_key_exists( 'JWT', $src ) ) { + return False; + } + /** + * Extract claim from JWT. + * FIXME: We probably want to verify the JWT signature/issuer here! + */ + $jwt = $src['JWT']; + list ($header, $body, $rest) = split('.', $jwt, 3); + $body_decoded = base64_decode ( $body, false ); + if ( ( isset ( $body_decoded ) ) && + ( array_key_exists( $claimname, $body_decoded ) ) ) { + $claimvalue = $body_decoded[$claimname]; + return True; + } + return False; +} + +/** * Filter to transform (defaults) for the Billing details according to * the information obtained from OpenID Connect (OIDC). WooCommerce * already grabs many of the values properly, but there are some fields @@ -69,28 +130,21 @@ add_filter( function filter_checkout_get_value( $in = array() ) { $user = wp_get_current_user(); if ( 0 !== $user->ID ) { - $token_response = $user->get( 'openid-connect-generic-last-user-claim' ); - if ( ( isset( $token_response ) ) && - ( array_key_exists( 'given_name', $token_response ) ) ) { - $given_name = $token_response ['given_name']; + $token_response = $user->get( 'openid-connect-generic-last-user-claim' ); + $src = ''; + if ( get_claim( 'given_name', $token_response, $given_name ) ) { $in['billing']['billing_first_name']['default'] = $given_name; $in['shipping']['shipping_first_name']['default'] = $given_name; } - if ( ( isset( $token_response ) ) && - ( array_key_exists( 'family_name', $token_response ) ) ) { - $family_name = $token_response ['family_name']; + if ( get_claim( 'family_name', $token_response, $family_name ) ) { $in['billing']['billing_last_name']['default'] = $family_name; $in['shipping']['shipping_last_name']['default'] = $family_name; } - if ( ( isset( $token_response ) ) && - ( array_key_exists( 'phone_number', $token_response ) ) ) { - $phone_number = $token_response ['phone_number']; + if ( get_claim( 'phone_number', $token_response, $phone_number ) ) { $in['billing']['billing_phone']['default'] = $phone_number; $in['shipping']['shipping_phone']['default'] = $phone_number; - } - if ( ( isset( $token_response ) ) && - ( array_key_exists( 'address', $token_response ) ) ) { - $address = $token_response ['address']; + } + if ( get_claim( 'address', $token_response, $address ) ) { if ( array_key_exists( 'postal_code', $address ) ) { $postal_code = $address ['postal_code']; $in['billing']['billing_postcode']['default'] = $postal_code; |