daggerhart-openid-connect-generic/includes/openid-connect-generic-option-settings.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

<?php
/**
 * WordPress options handling class.
 *
 * @package   OpenID_Connect_Generic
 * @category  Settings
 * @author    Jonathan Daggerhart <jonathan@daggerhart.com>
 * @copyright 2015-2020 daggerhart
 * @license   http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
 */

/**
 * OpenId_Connect_Generic_Option_Settings class.
 *
 * WordPress options handling.
 *
 * @package OpenID_Connect_Generic
 * @category  Settings
 *
 * Legacy Settings:
 *
 * @property string $ep_login    The login endpoint.
 * @property string $ep_token    The token endpoint.
 * @property string $ep_userinfo The userinfo endpoint.
 *
 * OAuth Client Settings:
 *
 * @property string $login_type           How the client (login form) should provide login options.
 * @property string $client_id            The ID the client will be recognized as when connecting the to Identity provider server.
 * @property string $client_secret        The secret key the IDP server expects from the client.
 * @property string $scope                The list of scopes this client should access.
 * @property string $endpoint_login       The IDP authorization endpoint URL.
 * @property string $endpoint_userinfo    The IDP User information endpoint URL.
 * @property string $endpoint_token       The IDP token validation endpoint URL.
 * @property string $endpoint_end_session The IDP logout endpoint URL.
 *
 * Non-standard Settings:
 *
 * @property bool   $no_sslverify           The flag to enable/disable SSL verification during authorization.
 * @property int    $http_request_timeout   The timeout for requests made to the IDP. Default value is 5.
 * @property string $identity_key           The key in the user claim array to find the user's identification data.
 * @property string $nickname_key           The key in the user claim array to find the user's nickname.
 * @property string $email_format           The key(s) in the user claim array to formulate the user's email address.
 * @property string $displayname_format     The key(s) in the user claim array to formulate the user's display name.
 * @property bool   $identify_with_username The flag which indicates how the user's identity will be determined.
 * @property int    $state_time_limit       The valid time limit of the state, in seconds. Defaults to 180 seconds.
 *
 * Plugin Settings:
 *
 * @property bool $enforce_privacy          The flag to indicates whether a user us required to be authenticated to access the site.
 * @property bool $alternate_redirect_uri   The flag to indicate whether to use the alternative redirect URI.
 * @property bool $token_refresh_enable     The flag whether to support refresh tokens by IDPs.
 * @property bool $link_existing_users      The flag to indicate whether to link to existing WordPress-only accounts or greturn an error.
 * @property bool $create_if_does_not_exist The flag to indicate whether to create new users or not.
 * @property bool $redirect_user_back       The flag to indicate whether to redirect the user back to the page on which they started.
 * @property bool $redirect_on_logout       The flag to indicate whether to redirect to the login screen on session expiration.
 * @property bool $enable_logging           The flag to enable/disable logging.
 * @property int  $log_limit                The maximum number of log entries to keep.
 */
class OpenID_Connect_Generic_Option_Settings {

	/**
	 * WordPress option name/key.
	 *
	 * @var string
	 */
	private $option_name;

	/**
	 * Stored option values array.
	 *
	 * @var array<mixed>
	 */
	private $values;

	/**
	 * Default plugin settings values.
	 *
	 * @var array<mixed>
	 */
	private $default_settings;

	/**
	 * List of settings that can be defined by environment variables.
	 *
	 * @var array<string,string>
	 */
	private $environment_settings = array(
		'client_id'            => 'OIDC_CLIENT_ID',
		'client_secret'        => 'OIDC_CLIENT_SECRET',
		'endpoint_login'       => 'OIDC_ENDPOINT_LOGIN_URL',
		'endpoint_userinfo'    => 'OIDC_ENDPOINT_USERINFO_URL',
		'endpoint_token'       => 'OIDC_ENDPOINT_TOKEN_URL',
		'endpoint_end_session' => 'OIDC_ENDPOINT_LOGOUT_URL',
	);

	/**
	 * The class constructor.
	 *
	 * @param string       $option_name       The option name/key.
	 * @param array<mixed> $default_settings  The default plugin settings values.
	 * @param bool         $granular_defaults The granular defaults.
	 */
	function __construct( $option_name, $default_settings = array(), $granular_defaults = true ) {
		$this->option_name = $option_name;
		$this->default_settings = $default_settings;
		$this->values = array();

		if ( ! empty( $this->option_name ) ) {
			$this->values = (array) get_option( $this->option_name, $this->default_settings );
		}

		// For each defined environment variable/constant be sure the settings key is set.
		foreach ( $this->environment_settings as $key => $constant ) {
			if ( defined( $constant ) ) {
				$this->__set( $key, constant( $constant ) );
			}
		}

		if ( $granular_defaults ) {
			$this->values = array_replace_recursive( $this->default_settings, $this->values );
		}
	}

	/**
	 * Magic getter for settings.
	 *
	 * @param string $key The array key/option name.
	 *
	 * @return mixed
	 */
	function __get( $key ) {
		if ( isset( $this->values[ $key ] ) ) {
			return $this->values[ $key ];
		}
	}

	/**
	 * Magic setter for settings.
	 *
	 * @param string $key   The array key/option name.
	 * @param mixed  $value The option value.
	 *
	 * @return void
	 */
	function __set( $key, $value ) {
		$this->values[ $key ] = $value;
	}

	/**
	 * Magic method to check is an attribute isset.
	 *
	 * @param string $key The array key/option name.
	 *
	 * @return bool
	 */
	function __isset( $key ) {
		return isset( $this->values[ $key ] );
	}

	/**
	 * Magic method to clear an attribute.
	 *
	 * @param string $key The array key/option name.
	 *
	 * @return void
	 */
	function __unset( $key ) {
		unset( $this->values[ $key ] );
	}

	/**
	 * Get the plugin settings array.
	 *
	 * @return array
	 */
	function get_values() {
		return $this->values;
	}

	/**
	 * Get the plugin WordPress options name.
	 *
	 * @return string
	 */
	function get_option_name() {
		return $this->option_name;
	}

	/**
	 * Save the plugin options to the WordPress options table.
	 *
	 * @return void
	 */
	function save() {

		// For each defined environment variable/constant be sure it isn't saved to the database.
		foreach ( $this->environment_settings as $key => $constant ) {
			if ( defined( $constant ) ) {
				$this->__unset( $key );
			}
		}

		update_option( $this->option_name, $this->values );

	}
}