1 files changed, 163 insertions, 16 deletions
diff --git a/daggerhart-openid-connect-generic/includes/openid-connect-generic-option-settings.php b/daggerhart-openid-connect-generic/includes/openid-connect-generic-option-settings.php
index 7b9b9a0..7b6ec2a 100755..100644
--- a/daggerhart-openid-connect-generic/includes/openid-connect-generic-option-settings.php
+++ b/daggerhart-openid-connect-generic/includes/openid-connect-generic-option-settings.php
@@ -1,60 +1,207 @@
 <?php
 /**
- * Class OpenId_Connect_Generic_Option_Settings
+ * WordPress options handling class.
+ *
+ * @package   OpenID_Connect_Generic
+ * @category  Settings
+ * @author    Jonathan Daggerhart <jonathan@daggerhart.com>
+ * @copyright 2015-2020 daggerhart
+ * @license   http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
+ */
+
+/**
+ * OpenId_Connect_Generic_Option_Settings class.
+ *
+ * WordPress options handling.
+ *
+ * @package OpenID_Connect_Generic
+ * @category  Settings
+ *
+ * Legacy Settings:
+ *
+ * @property string $ep_login    The login endpoint.
+ * @property string $ep_token    The token endpoint.
+ * @property string $ep_userinfo The userinfo endpoint.
+ *
+ * OAuth Client Settings:
+ *
+ * @property string $login_type           How the client (login form) should provide login options.
+ * @property string $client_id            The ID the client will be recognized as when connecting the to Identity provider server.
+ * @property string $client_secret        The secret key the IDP server expects from the client.
+ * @property string $scope                The list of scopes this client should access.
+ * @property string $endpoint_login       The IDP authorization endpoint URL.
+ * @property string $endpoint_userinfo    The IDP User information endpoint URL.
+ * @property string $endpoint_token       The IDP token validation endpoint URL.
+ * @property string $endpoint_end_session The IDP logout endpoint URL.
+ *
+ * Non-standard Settings:
+ *
+ * @property bool   $no_sslverify           The flag to enable/disable SSL verification during authorization.
+ * @property int    $http_request_timeout   The timeout for requests made to the IDP. Default value is 5.
+ * @property string $identity_key           The key in the user claim array to find the user's identification data.
+ * @property string $nickname_key           The key in the user claim array to find the user's nickname.
+ * @property string $email_format           The key(s) in the user claim array to formulate the user's email address.
+ * @property string $displayname_format     The key(s) in the user claim array to formulate the user's display name.
+ * @property bool   $identify_with_username The flag which indicates how the user's identity will be determined.
+ * @property int    $state_time_limit       The valid time limit of the state, in seconds. Defaults to 180 seconds.
+ *
+ * Plugin Settings:
+ *
+ * @property bool $enforce_privacy          The flag to indicates whether a user us required to be authenticated to access the site.
+ * @property bool $alternate_redirect_uri   The flag to indicate whether to use the alternative redirect URI.
+ * @property bool $token_refresh_enable     The flag whether to support refresh tokens by IDPs.
+ * @property bool $link_existing_users      The flag to indicate whether to link to existing WordPress-only accounts or greturn an error.
+ * @property bool $create_if_does_not_exist The flag to indicate whether to create new users or not.
+ * @property bool $redirect_user_back       The flag to indicate whether to redirect the user back to the page on which they started.
+ * @property bool $redirect_on_logout       The flag to indicate whether to redirect to the login screen on session expiration.
+ * @property bool $enable_logging           The flag to enable/disable logging.
+ * @property int  $log_limit                The maximum number of log entries to keep.
  */
 class OpenID_Connect_Generic_Option_Settings {
 
-	// wp option name/key
+	/**
+	 * WordPress option name/key.
+	 *
+	 * @var string
+	 */
 	private $option_name;
 
-	// stored option values array
+	/**
+	 * Stored option values array.
+	 *
+	 * @var array<mixed>
+	 */
 	private $values;
 
-	// default plugin settings values
+	/**
+	 * Default plugin settings values.
+	 *
+	 * @var array<mixed>
+	 */
 	private $default_settings;
 
 	/**
-	 * @param $option_name
-	 * @param array $default_settings
-	 * @param bool|TRUE $granular_defaults
+	 * List of settings that can be defined by environment variables.
+	 *
+	 * @var array<string,string>
 	 */
-	function __construct( $option_name, $default_settings = array(), $granular_defaults = true ){
+	private $environment_settings = array(
+		'client_id'            => 'OIDC_CLIENT_ID',
+		'client_secret'        => 'OIDC_CLIENT_SECRET',
+		'endpoint_login'       => 'OIDC_ENDPOINT_LOGIN_URL',
+		'endpoint_userinfo'    => 'OIDC_ENDPOINT_USERINFO_URL',
+		'endpoint_token'       => 'OIDC_ENDPOINT_TOKEN_URL',
+		'endpoint_end_session' => 'OIDC_ENDPOINT_LOGOUT_URL',
+	);
+
+	/**
+	 * The class constructor.
+	 *
+	 * @param string       $option_name       The option name/key.
+	 * @param array<mixed> $default_settings  The default plugin settings values.
+	 * @param bool         $granular_defaults The granular defaults.
+	 */
+	function __construct( $option_name, $default_settings = array(), $granular_defaults = true ) {
 		$this->option_name = $option_name;
 		$this->default_settings = $default_settings;
-		$this->values = get_option( $this->option_name, $this->default_settings );
+		$this->values = array();
+
+		if ( ! empty( $this->option_name ) ) {
+			$this->values = (array) get_option( $this->option_name, $this->default_settings );
+		}
+
+		// For each defined environment variable/constant be sure the settings key is set.
+		foreach ( $this->environment_settings as $key => $constant ) {
+			if ( defined( $constant ) ) {
+				$this->__set( $key, constant( $constant ) );
+			}
+		}
 
 		if ( $granular_defaults ) {
 			$this->values = array_replace_recursive( $this->default_settings, $this->values );
 		}
 	}
 
-	function __get( $key ){
+	/**
+	 * Magic getter for settings.
+	 *
+	 * @param string $key The array key/option name.
+	 *
+	 * @return mixed
+	 */
+	function __get( $key ) {
 		if ( isset( $this->values[ $key ] ) ) {
 			return $this->values[ $key ];
 		}
 	}
 
-	function __set( $key, $value ){
+	/**
+	 * Magic setter for settings.
+	 *
+	 * @param string $key   The array key/option name.
+	 * @param mixed  $value The option value.
+	 *
+	 * @return void
+	 */
+	function __set( $key, $value ) {
 		$this->values[ $key ] = $value;
 	}
 
-	function __isset( $key ){
+	/**
+	 * Magic method to check is an attribute isset.
+	 *
+	 * @param string $key The array key/option name.
+	 *
+	 * @return bool
+	 */
+	function __isset( $key ) {
 		return isset( $this->values[ $key ] );
 	}
 
-	function __unset( $key ){
-		unset( $this->values[ $key ]);
+	/**
+	 * Magic method to clear an attribute.
+	 *
+	 * @param string $key The array key/option name.
+	 *
+	 * @return void
+	 */
+	function __unset( $key ) {
+		unset( $this->values[ $key ] );
 	}
 
-	function get_values(){
+	/**
+	 * Get the plugin settings array.
+	 *
+	 * @return array
+	 */
+	function get_values() {
 		return $this->values;
 	}
 
+	/**
+	 * Get the plugin WordPress options name.
+	 *
+	 * @return string
+	 */
 	function get_option_name() {
 		return $this->option_name;
 	}
 
-	function save(){
+	/**
+	 * Save the plugin options to the WordPress options table.
+	 *
+	 * @return void
+	 */
+	function save() {
+
+		// For each defined environment variable/constant be sure it isn't saved to the database.
+		foreach ( $this->environment_settings as $key => $constant ) {
+			if ( defined( $constant ) ) {
+				$this->__unset( $key );
+			}
+		}
+
 		update_option( $this->option_name, $this->values );
+
 	}
 }