From 3cc8036df83dc4b2ad09e257078a313d6cdda150 Mon Sep 17 00:00:00 2001 From: Jonathan Harris Date: Thu, 18 Jul 2019 10:06:31 +0100 Subject: [PATCH 1/9] Coding standards fixes --- inc/admin/class-listtable.php | 7 +- inc/admin/namespace.php | 139 ++++++++++-------- inc/admin/profile/namespace.php | 68 ++++++--- .../profile/personaltokens/namespace.php | 82 +++++++---- inc/authentication/namespace.php | 11 +- inc/class-client.php | 66 ++++++--- inc/class-clientinterface.php | 5 + inc/class-personalclient.php | 5 + inc/class-scopes.php | 5 + inc/endpoints/class-authorization.php | 9 +- inc/endpoints/class-token.php | 49 +++--- inc/endpoints/namespace.php | 17 ++- inc/namespace.php | 33 ++++- inc/tokens/class-access-token.php | 7 +- inc/tokens/class-authorization-code.php | 5 + inc/tokens/class-token.php | 5 + inc/tokens/namespace.php | 5 + inc/types/class-authorization-code.php | 5 + inc/types/class-base.php | 50 +++++-- inc/types/class-implicit.php | 5 + inc/types/class-type.php | 5 + plugin.php | 21 ++- tests/bootstrap.php | 9 +- theme/oauth2-authorize.php | 35 +++-- 24 files changed, 452 insertions(+), 196 deletions(-) diff --git a/inc/admin/class-listtable.php b/inc/admin/class-listtable.php index b5a2cf4..48a44b5 100644 --- a/inc/admin/class-listtable.php +++ b/inc/admin/class-listtable.php @@ -1,4 +1,9 @@ ID ); ?>"> - prepare_items(); @@ -84,6 +89,9 @@ function load() { } +/** + * + */ function dispatch() { switch ( get_page_action() ) { case 'add': @@ -112,16 +120,16 @@ function render() { if ( current_user_can( 'create_users' ) ) : ?> -

' . esc_html__( 'Deleted application.', 'oauth2' ) . '

'; - } elseif ( ! empty( $_GET['approved'] ) ) { // WPCS: CSRF OK + } elseif ( ! empty( $_GET['approved'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended echo '

' . esc_html__( 'Approved application.', 'oauth2' ) . '

'; } ?> @@ -130,7 +138,7 @@ class="add-new-h2"> - search_box( __( 'Search Applications', 'oauth2' ), 'oauth2' ); ?> + search_box( esc_html__( 'Search Applications', 'oauth2' ), 'oauth2' ); ?> display(); ?> @@ -152,22 +160,22 @@ function validate_parameters( $params ) { $valid = []; if ( empty( $params['name'] ) ) { - return new WP_Error( 'rest_oauth2_missing_name', __( 'Client name is required', 'oauth2' ) ); + return new WP_Error( 'rest_oauth2_missing_name', esc_html__( 'Client name is required', 'oauth2' ) ); } $valid['name'] = wp_kses_post( $params['name'] ); if ( empty( $params['description'] ) ) { - return new WP_Error( 'rest_oauth2_missing_description', __( 'Client description is required', 'oauth2' ) ); + return new WP_Error( 'rest_oauth2_missing_description', esc_html__( 'Client description is required', 'oauth2' ) ); } $valid['description'] = wp_kses_post( $params['description'] ); if ( empty( $params['type'] ) ) { - return new WP_Error( 'rest_oauth2_missing_type', __( 'Type is required.', 'oauth2' ) ); + return new WP_Error( 'rest_oauth2_missing_type', esc_html__( 'Type is required.', 'oauth2' ) ); } $valid['type'] = wp_kses_post( $params['type'] ); if ( empty( $params['callback'] ) ) { - return new WP_Error( 'rest_oauth2_missing_callback', __( 'Client callback is required and must be a valid URL.', 'oauth2' ) ); + return new WP_Error( 'rest_oauth2_missing_callback', esc_html__( 'Client callback is required and must be a valid URL.', 'oauth2' ) ); } if ( ! empty( $params['callback'] ) ) { $valid['callback'] = $params['callback']; @@ -252,7 +260,7 @@ function handle_edit_submit( Client $consumer = null ) { */ function render_edit_page() { if ( ! current_user_can( 'edit_users' ) ) { - wp_die( __( 'You do not have permission to access this page.', 'oauth2' ) ); + wp_die( esc_html__( 'You do not have permission to access this page.', 'oauth2' ) ); } // Are we editing? @@ -263,17 +271,21 @@ function render_edit_page() { $id = absint( $_REQUEST['id'] ); $consumer = Client::get_by_post_id( $id ); if ( is_wp_error( $consumer ) || empty( $consumer ) ) { - wp_die( __( 'Invalid client ID.', 'oauth2' ) ); + wp_die( esc_html__( 'Invalid client ID.', 'oauth2' ) ); } - $form_action = get_url( [ - 'action' => 'edit', - 'id' => $id, - ] ); - $regenerate_action = get_url( [ - 'action' => 'regenerate', - 'id' => $id, - ] ); + $form_action = get_url( + [ + 'action' => 'edit', + 'id' => $id, + ] + ); + $regenerate_action = get_url( + [ + 'action' => 'regenerate', + 'id' => $id, + ] + ); } // Handle form submission @@ -292,15 +304,15 @@ function render_edit_page() { if ( ! empty( $_GET['did_action'] ) ) { switch ( $_GET['did_action'] ) { case 'edit': - $messages[] = __( 'Updated application.', 'oauth2' ); + $messages[] = esc_html__( 'Updated application.', 'oauth2' ); break; case 'regenerate': - $messages[] = __( 'Regenerated secret.', 'oauth2' ); + $messages[] = esc_html__( 'Regenerated secret.', 'oauth2' ); break; default: - $messages[] = __( 'Successfully created application.', 'oauth2' ); + $messages[] = esc_html__( 'Successfully created application.', 'oauth2' ); break; } } @@ -324,15 +336,17 @@ function render_edit_page() { // Header time! global $title, $parent_file, $submenu_file; - $title = $consumer ? __( 'Edit Application', 'oauth2' ) : __( 'Add Application', 'oauth2' ); + // phpcs:disable WordPress.WP.GlobalVariablesOverride.Prohibited + $title = $consumer ? esc_html__( 'Edit Application', 'oauth2' ) : esc_html__( 'Add Application', 'oauth2' ); $parent_file = 'users.php'; $submenu_file = BASE_SLUG; + // phpcs:enable include( ABSPATH . 'wp-admin/admin-header.php' ); ?>
-

+

-
+
- + - -

+ +

- + - +
- +
    @@ -412,11 +426,11 @@ function render_edit_page() {
- + - -

+ +

@@ -425,42 +439,42 @@ function render_edit_page() { if ( empty( $consumer ) ) { wp_nonce_field( 'rest-oauth2-add' ); - submit_button( __( 'Create Client', 'oauth2' ) ); + submit_button( esc_html__( 'Create Client', 'oauth2' ) ); } else { echo ''; wp_nonce_field( 'rest-oauth2-edit-' . $consumer->get_post_id() ); - submit_button( __( 'Save Client', 'oauth2' ) ); + submit_button( esc_html__( 'Save Client', 'oauth2' ) ); } ?>
-
-

+ +

- + - get_id() ) ?> + get_id() ); ?>
- + - get_secret() ) ?> + get_secret() ); ?>
get_post_id() ); - submit_button( __( 'Regenerate Secret', 'oauth2' ), 'delete' ); + submit_button( esc_html__( 'Regenerate Secret', 'oauth2' ), 'delete' ); ?>
@@ -482,22 +496,21 @@ function handle_delete() { if ( ! current_user_can( 'delete_post', $id ) ) { wp_die( - '

' . __( 'Cheatin’ uh?', 'oauth2' ) . '

' . - '

' . __( 'You are not allowed to delete this application.', 'oauth2' ) . '

', + '

' . esc_html__( 'Cheatin’ uh?', 'oauth2' ) . '

' . + '

' . esc_html__( 'You are not allowed to delete this application.', 'oauth2' ) . '

', 403 ); } $client = Client::get_by_post_id( $id ); if ( is_wp_error( $client ) ) { - wp_die( $client ); + wp_die( $client ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped return; } if ( ! $client->delete() ) { - $message = 'Invalid client ID'; - wp_die( $message ); + wp_die( esc_html__( 'Invalid client ID' ) ); return; } @@ -519,20 +532,20 @@ function handle_approve() { if ( ! current_user_can( 'publish_post', $id ) ) { wp_die( - '

' . __( 'Cheatin’ uh?', 'oauth2' ) . '

' . - '

' . __( 'You are not allowed to approve this application.', 'oauth2' ) . '

', + '

' . esc_html__( 'Cheatin’ uh?', 'oauth2' ) . '

' . + '

' . esc_html__( 'You are not allowed to approve this application.', 'oauth2' ) . '

', 403 ); } $client = Client::get_by_post_id( $id ); if ( is_wp_error( $client ) ) { - wp_die( $client ); + wp_die( $client ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped } $did_approve = $client->approve(); if ( is_wp_error( $did_approve ) ) { - wp_die( $did_approve ); + wp_die( $did_approve ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped } wp_safe_redirect( get_url( 'approved=1' ) ); @@ -552,8 +565,8 @@ function handle_regenerate() { if ( ! current_user_can( 'edit_post', $id ) ) { wp_die( - '

' . __( 'Cheatin’ uh?', 'oauth2' ) . '

' . - '

' . __( 'You are not allowed to edit this application.', 'oauth2' ) . '

', + '

' . esc_html__( 'Cheatin’ uh?', 'oauth2' ) . '

' . + '

' . esc_html__( 'You are not allowed to edit this application.', 'oauth2' ) . '

', 403 ); } @@ -561,13 +574,17 @@ function handle_regenerate() { $client = Client::get_by_post_id( $id ); $result = $client->regenerate_secret(); if ( is_wp_error( $result ) ) { - wp_die( $result->get_error_message() ); + wp_die( esc_html( $result->get_error_message() ) ); } - wp_safe_redirect( get_url( [ - 'action' => 'edit', - 'id' => $id, - 'did_action' => 'regenerate', - ] ) ); + wp_safe_redirect( + get_url( + [ + 'action' => 'edit', + 'id' => $id, + 'did_action' => 'regenerate', + ] + ) + ); exit; } diff --git a/inc/admin/profile/namespace.php b/inc/admin/profile/namespace.php index 61a2bbb..a1aeb44 100644 --- a/inc/admin/profile/namespace.php +++ b/inc/admin/profile/namespace.php @@ -1,6 +1,9 @@ get_client(); - }); + $tokens = array_filter( + $tokens, + function ( Access_Token $token ) { + return (bool) $token->get_client(); + } + ); if ( ! IS_PROFILE_PAGE ) { $personal_url = PersonalTokens\get_page_url( [ 'user_id' => $user->ID ] ); @@ -40,7 +46,7 @@ function render_profile_section( WP_User $user ) { } ?> -

+

@@ -59,22 +65,25 @@ function render_profile_section( WP_User $user ) {
- - + +
-

-

+

+

get_client(); @@ -94,6 +103,16 @@ function render_token_row( WP_User $user, Access_Token $token ) { ), ]; + /** + * Filter details shown for an access token on the profile screen. + * + * @deprecated + * @param string[] $details List of HTML snippets to render in table. + * @param Access_Token $token Token being displayed. + * @param WP_User $user User whose profile is being rendered. + */ + $details = apply_filters_deprecated( 'oauth2.admin.profile.render_token_row.details', $details, $token, $user ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores + /** * Filter details shown for an access token on the profile screen. * @@ -101,7 +120,7 @@ function render_token_row( WP_User $user, Access_Token $token ) { * @param Access_Token $token Token being displayed. * @param WP_User $user User whose profile is being rendered. */ - $details = apply_filters( 'oauth2.admin.profile.render_token_row.details', $details, $token, $user ); + $details = apply_filters( 'oauth2_admin_profile_render_token_row_details', $details, $token, $user ); // Build actions. if ( $is_personal ) { @@ -127,6 +146,17 @@ function render_token_row( WP_User $user, Access_Token $token ) { ), ]; + /** + * Filter actions shown for an access token on the profile screen. + * + * @deprecated + * @param string[] $actions List of HTML snippets to render in table. + * @param Access_Token $token Token being displayed. + * @param WP_User $user User whose profile is being rendered. + */ + $actions = apply_filters_deprecated( 'oauth2.admin.profile.render_token_row.actions', $actions, $token, $user ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores + + /** * Filter actions shown for an access token on the profile screen. * @@ -134,7 +164,7 @@ function render_token_row( WP_User $user, Access_Token $token ) { * @param Access_Token $token Token being displayed. * @param WP_User $user User whose profile is being rendered. */ - $actions = apply_filters( 'oauth2.admin.profile.render_token_row.actions', $actions, $token, $user ); + $actions = apply_filters( 'oauth2_admin_profile_render_token_row_actions', $actions, $token, $user ); $name = sprintf( '%s', $client->get_name() ); if ( $is_personal ) { @@ -147,11 +177,11 @@ function render_token_row( WP_User $user, Access_Token $token ) { ?> -

-

+

+

- +

' . __( 'Token revoked.', 'oauth2' ) . '

'; + if ( ! empty( $_GET['oauth2_revoked'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended + echo '

' . esc_html__( 'Token revoked.', 'oauth2' ) . '

'; } - if ( ! empty( $_GET['oauth2_revocation_failed'] ) ) { // WPCS: CSRF OK - echo '

' . __( 'Unable to revoke token.', 'oauth2' ) . '

'; + if ( ! empty( $_GET['oauth2_revocation_failed'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended + echo '

' . esc_html__( 'Unable to revoke token.', 'oauth2' ) . '

'; } } @@ -184,7 +214,7 @@ function handle_revocation( $user_id ) { return; } - $data = wp_unslash( $_POST['oauth2_revoke'] ); // WPCS: CSRF OK + $data = sanitize_text_field( wp_unslash( $_POST['oauth2_revoke'] ) ); if ( strpos( $data, ':' ) === null ) { return; } diff --git a/inc/admin/profile/personaltokens/namespace.php b/inc/admin/profile/personaltokens/namespace.php index 2efdfcf..974ca70 100644 --- a/inc/admin/profile/personaltokens/namespace.php +++ b/inc/admin/profile/personaltokens/namespace.php @@ -1,4 +1,9 @@

' . esc_html( $error->get_error_message() ) . '

'; - } ); + add_action( + 'all_admin_notices', + function () use ( $error ) { + echo '

' . esc_html( $error->get_error_message() ) . '

'; + } + ); } } - $GLOBALS['title'] = __( 'Personal Access Tokens', 'oauth2' ); + $GLOBALS['title'] = __( 'Personal Access Tokens', 'oauth2' ); // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited require ABSPATH . 'wp-admin/admin-header.php'; $tokens = Access_Token::get_for_user( $user ); - $tokens = array_filter( $tokens, function ( Access_Token $token ) { - $client = $token->get_client(); - return ! empty( $client ) && $client instanceof PersonalClient; - }); + $tokens = array_filter( + $tokens, + function ( Access_Token $token ) { + $client = $token->get_client(); + return ! empty( $client ) && $client instanceof PersonalClient; + } + ); ?>
-

+

-

+

@@ -115,17 +129,17 @@ class="regular-text" type="text" /> -

+

- +

- +

@@ -138,7 +152,15 @@ class="regular-text" * Handle action from a form. */ function handle_page_action( WP_User $user ) { - $action = $_POST['oauth2_action']; // WPCS: CSRF OK + + if ( ! isset( $_POST['oauth2_action'] ) ) { + return new WP_Error( + 'rest_oauth2_invalid_action', + __( 'Invalid action.', 'oauth2' ) + ); + } + + $action = sanitize_text_field( wp_unslash( $_POST['oauth2_action'] ) ); switch ( $action ) { case 'create': @@ -174,18 +196,22 @@ function handle_create( WP_User $user, $name ) { render_create_success( $user, $token ); } +/** + * @param WP_User $user + * @param $token + */ function render_create_success( WP_User $user, $token ) { - $GLOBALS['title'] = __( 'Personal Access Tokens', 'oauth2' ); + $GLOBALS['title'] = __( 'Personal Access Tokens', 'oauth2' ); // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited require ABSPATH . 'wp-admin/admin-header.php'; ?>
-

-

+

+

- 
get_key() ) ?>
+ 
get_key() ); ?>
-

+

', ']]>', $content ); // Restore previous post. - $post = $current_post; + $post = $current_post; // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited if ( $post ) { setup_postdata( $post ); } @@ -198,6 +203,17 @@ public function check_redirect_uri( $uri ) { } } + /** + * Filter whether a callback is counted as valid. (deprecated). + * User rest_oauth_check_callback. + * + * @param boolean $valid True if the callback URL is valid, false otherwise. + * @param string $url Supplied callback URL. + * @param string $registered_uri URI being checked. + * @param Client $client OAuth 2 client object. + */ + $valid = apply_filters_deprecated( 'rest_oauth.check_callback', $valid, $uri, $registered_uri, $this ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores + /** * Filter whether a callback is counted as valid. * @@ -214,7 +230,8 @@ public function check_redirect_uri( $uri ) { * @param string $registered_uri URI being checked. * @param Client $client OAuth 2 client object. */ - $valid = apply_filters( 'rest_oauth.check_callback', $valid, $uri, $registered_uri, $this ); + $valid = apply_filters( 'rest_oauth_check_callback', $valid, $uri, $registered_uri, $this ); + if ( $valid ) { // Stop checking, we have a match. return true; @@ -407,25 +424,28 @@ public function approve() { * Register the underlying post type. */ public static function register_type() { - register_post_type( static::POST_TYPE, [ - 'public' => false, - 'hierarchical' => true, - 'capability_type' => [ - 'oauth2_client', - 'oauth2_clients', - ], - 'capabilities' => [ - 'edit_posts' => 'edit_users', - 'edit_others_posts' => 'edit_users', - 'publish_posts' => 'edit_users', - ], - 'supports' => [ - 'title', - 'editor', - 'revisions', - 'author', - 'thumbnail', - ], - ] ); + register_post_type( + static::POST_TYPE, + [ + 'public' => false, + 'hierarchical' => true, + 'capability_type' => [ + 'oauth2_client', + 'oauth2_clients', + ], + 'capabilities' => [ + 'edit_posts' => 'edit_users', + 'edit_others_posts' => 'edit_users', + 'publish_posts' => 'edit_users', + ], + 'supports' => [ + 'title', + 'editor', + 'revisions', + 'author', + 'thumbnail', + ], + ] + ); } } diff --git a/inc/class-clientinterface.php b/inc/class-clientinterface.php index f477ae4..6646597 100644 --- a/inc/class-clientinterface.php +++ b/inc/class-clientinterface.php @@ -1,4 +1,9 @@ 'POST', - 'callback' => [ $this, 'exchange_token' ], - 'args' => [ - 'grant_type' => [ - 'required' => true, - 'type' => 'string', - 'validate_callback' => [ $this, 'validate_grant_type' ], - ], - 'client_id' => [ - 'required' => true, - 'type' => 'string', - 'validate_callback' => 'rest_validate_request_arg', - ], - 'code' => [ - 'required' => true, - 'type' => 'string', - 'validate_callback' => 'rest_validate_request_arg', + register_rest_route( + 'oauth2', + '/access_token', + [ + 'methods' => 'POST', + 'callback' => [ $this, 'exchange_token' ], + 'args' => [ + 'grant_type' => [ + 'required' => true, + 'type' => 'string', + 'validate_callback' => [ $this, 'validate_grant_type' ], + ], + 'client_id' => [ + 'required' => true, + 'type' => 'string', + 'validate_callback' => 'rest_validate_request_arg', + ], + 'code' => [ + 'required' => true, + 'type' => 'string', + 'validate_callback' => 'rest_validate_request_arg', + ], ], - ], - ] ); + ] + ); } /** diff --git a/inc/endpoints/namespace.php b/inc/endpoints/namespace.php index af91775..e5e5049 100644 --- a/inc/endpoints/namespace.php +++ b/inc/endpoints/namespace.php @@ -1,4 +1,9 @@ register_routes(); // Register convenience URL. - register_rest_route( 'oauth2', '/authorize', [ - 'methods' => 'GET', - 'callback' => __NAMESPACE__ . '\\redirect_to_authorize', - ]); + register_rest_route( + 'oauth2', + '/authorize', + [ + 'methods' => 'GET', + 'callback' => __NAMESPACE__ . '\\redirect_to_authorize', + ] + ); } /** diff --git a/inc/namespace.php b/inc/namespace.php index fecbad7..bfa5119 100644 --- a/inc/namespace.php +++ b/inc/namespace.php @@ -1,4 +1,9 @@ $handler ) { if ( ! $handler instanceof Type ) { /* translators: 1: Grant type name, 2: Grant type interface */ - $message = __( 'Skipping invalid grant type "%1$s". Required interface "%1$s" not implemented.', 'oauth2' ); - _doing_it_wrong( __FUNCTION__, sprintf( $message, $type, 'WP\\OAuth2\\Types\\Type' ), '0.1.0' ); + $message = esc_html__( 'Skipping invalid grant type "%1$s". Required interface "%1$s" not implemented.', 'oauth2' ); + _doing_it_wrong( __FUNCTION__, sprintf( esc_html( $message ), esc_html( $type ), 'WP\\OAuth2\\Types\\Type' ), '0.1.0' ); unset( $grant_types[ $type ] ); } } @@ -113,7 +122,14 @@ function get_authorization_url() { * * @param string $url URL for the OAuth 2 authorization endpoint. */ - return apply_filters( 'oauth2.get_authorization_url', $url ); + $url = apply_filters_deprecated( 'oauth2.get_authorization_url', $url ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores + + /** + * Filter the authorization URL. + * + * @param string $url URL for the OAuth 2 authorization endpoint. + */ + return apply_filters( 'oauth2_get_authorization_url', $url ); } /** @@ -129,7 +145,14 @@ function get_token_url() { * * @param string $url URL for the OAuth 2 token endpoint. */ - return apply_filters( 'oauth2.get_token_url', $url ); + $url = apply_filters_deprecated( 'oauth2.get_token_url', $url ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores + + /** + * Filter the token URL. + * + * @param string $url URL for the OAuth 2 token endpoint. + */ + return apply_filters( 'oauth2_get_token_url', $url ); } /** diff --git a/inc/tokens/class-access-token.php b/inc/tokens/class-access-token.php index 724aea6..8f6476b 100644 --- a/inc/tokens/class-access-token.php +++ b/inc/tokens/class-access-token.php @@ -1,4 +1,9 @@ [ // WPCS: slow query OK + 'meta_query' => [ // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query [ 'key' => $key, 'compare' => 'EXISTS', diff --git a/inc/tokens/class-authorization-code.php b/inc/tokens/class-authorization-code.php index fac353c..a234d9b 100644 --- a/inc/tokens/class-authorization-code.php +++ b/inc/tokens/class-authorization-code.php @@ -1,4 +1,9 @@ get_nonce_action( $client ); - if ( ! wp_verify_nonce( wp_unslash( $_POST['_wpnonce'] ), $nonce_action ) ) { + if ( ! wp_verify_nonce( wp_unslash( $_POST['_wpnonce'] ), $nonce_action ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized return new WP_Error( 'oauth2.types.authorization_code.handle_authorisation.invalid_nonce', __( 'Invalid nonce.', 'oauth2' ) @@ -93,7 +104,7 @@ public function handle_authorisation() { return $this->render_form( $client, $error ); } - $submit = wp_unslash( $_POST['wp-submit'] ); + $submit = sanitize_text_field( wp_unslash( $_POST['wp-submit'] ) ); $data = compact( 'redirect_uri', 'scope', 'state' ); return $this->handle_authorization_submission( $submit, $client, $data ); @@ -168,13 +179,34 @@ protected function filter_redirect_args( $redirect_args, $authorized, Client $cl /** * Filter the redirect args when the user has cancelled. * + * @deprecated * @param array $redirect_args Redirect args. * @param Client $client Client being authorised. * @param array $data Data for the request. */ - return apply_filters( 'oauth2.redirect_args.cancelled', $redirect_args, $client, $data ); + $redirect_args = apply_filters_deprecated( 'oauth2.redirect_args.cancelled', $redirect_args, $client, $data ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores + + + /** + * Filter the redirect args when the user has cancelled. + * + * @param array $redirect_args Redirect args. + * @param Client $client Client being authorised. + * @param array $data Data for the request. + */ + return apply_filters( 'oauth2_redirect_args_cancelled', $redirect_args, $client, $data ); } + /** + * Filter the redirect args when the user has authorized. + * + * @deprecated + * @param array $redirect_args Redirect args. + * @param Client $client Client being authorised. + * @param array $data Data for the request. + */ + $redirect_args = apply_filters_deprecated( 'oauth2.redirect_args.authorized', $redirect_args, $client, $data ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores + /** * Filter the redirect args when the user has authorized. * @@ -182,6 +214,6 @@ protected function filter_redirect_args( $redirect_args, $authorized, Client $cl * @param Client $client Client being authorised. * @param array $data Data for the request. */ - return apply_filters( 'oauth2.redirect_args.authorized', $redirect_args, $client, $data ); + return apply_filters( 'oauth2_redirect_args_authorized', $redirect_args, $client, $data ); } } diff --git a/inc/types/class-implicit.php b/inc/types/class-implicit.php index 1389b20..4ac28c6 100644 --- a/inc/types/class-implicit.php +++ b/inc/types/class-implicit.php @@ -1,4 +1,9 @@ @@ -60,25 +65,27 @@ %s', - esc_html( sprintf( - /* translators: %1$s: client name */ - __( 'Connect %1$s', 'oauth2' ), - $client->get_name() - ) ) + esc_html( + sprintf( + /* translators: %1$s: client name */ + __( 'Connect %1$s', 'oauth2' ), + $client->get_name() + ) + ) ); ?>
- ID, '78' ); ?> + ID, '78' ); ?> ' . __( 'Howdy %1$s,
"%2$s" would like to connect to %3$s.', 'oauth2' ) . '

', - $current_user->user_login, - $client->get_name(), - get_bloginfo( 'name' ) + '

' . __( 'Howdy %1$s,
"%2$s" would like to connect to %3$s.', 'oauth2' ) . '

', // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + esc_html( $_current_user->user_login ), + esc_html( $client->get_name() ), + esc_html( get_bloginfo( 'name' ) ) ); ?> @@ -100,7 +107,7 @@ From 57fb181ff63221819f7c5c7812581c0eb7a25108 Mon Sep 17 00:00:00 2001 From: Jonathan Harris Date: Thu, 18 Jul 2019 10:19:18 +0100 Subject: [PATCH 2/9] Fix tests --- .phpcs.xml.dist | 49 +++++++++++++ .travis.yml | 67 +++++++++++++++-- bin/install-wp-tests.sh | 155 ++++++++++++++++++++++++++++++++++++++++ phpcs.ruleset.xml | 7 -- phpunit.xml.dist | 13 +--- tests/bootstrap.php | 45 ++++++------ 6 files changed, 290 insertions(+), 46 deletions(-) create mode 100644 .phpcs.xml.dist create mode 100755 bin/install-wp-tests.sh delete mode 100644 phpcs.ruleset.xml diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist new file mode 100644 index 0000000..09b1245 --- /dev/null +++ b/.phpcs.xml.dist @@ -0,0 +1,49 @@ + + + Generally-applicable sniffs for WordPress plugins. + + + . + /vendor/ + /node_modules/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/.travis.yml b/.travis.yml index 980b383..5957d4b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,9 +1,62 @@ +sudo: false +dist: trusty + language: php -php: - - '7.1' -install: - - composer install - - bash tests/install-tests.sh wordpress_test root '' 127.0.0.1 latest + +notifications: + email: + on_success: never + on_failure: change + +branches: + only: + - master + +cache: + directories: + - $HOME/.composer/cache + +matrix: + include: + - php: 7.2 + env: WP_VERSION=latest + - php: 7.1 + env: WP_VERSION=latest + - php: 7.0 + env: WP_VERSION=latest + - php: 5.6 + env: WP_VERSION=latest + - php: 5.6 + env: WP_VERSION=trunk + - php: 5.6 + env: WP_TRAVISCI=phpcs + +before_script: + - export PATH="$HOME/.composer/vendor/bin:$PATH" + - | + if [ -f ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/xdebug.ini ]; then + phpenv config-rm xdebug.ini + else + echo "xdebug.ini does not exist" + fi + - | + if [[ ! -z "$WP_VERSION" ]] ; then + bash bin/install-wp-tests.sh wordpress_test root '' localhost $WP_VERSION + composer global require "phpunit/phpunit=4.8.*|5.7.*" + fi + - | + if [[ "$WP_TRAVISCI" == "phpcs" ]] ; then + composer global require wp-coding-standards/wpcs + phpcs --config-set installed_paths $HOME/.composer/vendor/wp-coding-standards/wpcs + fi + script: - - vendor/bin/phpcs --standard=phpcs.ruleset.xml . - - phpunit + - | + if [[ ! -z "$WP_VERSION" ]] ; then + phpunit + WP_MULTISITE=1 phpunit + fi + - | + if [[ "$WP_TRAVISCI" == "phpcs" ]] ; then + phpcs + fi diff --git a/bin/install-wp-tests.sh b/bin/install-wp-tests.sh new file mode 100755 index 0000000..5ceac4b --- /dev/null +++ b/bin/install-wp-tests.sh @@ -0,0 +1,155 @@ +#!/usr/bin/env bash + +if [ $# -lt 3 ]; then + echo "usage: $0 [db-host] [wp-version] [skip-database-creation]" + exit 1 +fi + +DB_NAME=$1 +DB_USER=$2 +DB_PASS=$3 +DB_HOST=${4-localhost} +WP_VERSION=${5-latest} +SKIP_DB_CREATE=${6-false} + +TMPDIR=${TMPDIR-/tmp} +TMPDIR=$(echo $TMPDIR | sed -e "s/\/$//") +WP_TESTS_DIR=${WP_TESTS_DIR-$TMPDIR/wordpress-tests-lib} +WP_CORE_DIR=${WP_CORE_DIR-$TMPDIR/wordpress/} + +download() { + if [ `which curl` ]; then + curl -s "$1" > "$2"; + elif [ `which wget` ]; then + wget -nv -O "$2" "$1" + fi +} + +if [[ $WP_VERSION =~ ^[0-9]+\.[0-9]+\-(beta|RC)[0-9]+$ ]]; then + WP_BRANCH=${WP_VERSION%\-*} + WP_TESTS_TAG="branches/$WP_BRANCH" + +elif [[ $WP_VERSION =~ ^[0-9]+\.[0-9]+$ ]]; then + WP_TESTS_TAG="branches/$WP_VERSION" +elif [[ $WP_VERSION =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then + if [[ $WP_VERSION =~ [0-9]+\.[0-9]+\.[0] ]]; then + # version x.x.0 means the first release of the major version, so strip off the .0 and download version x.x + WP_TESTS_TAG="tags/${WP_VERSION%??}" + else + WP_TESTS_TAG="tags/$WP_VERSION" + fi +elif [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then + WP_TESTS_TAG="trunk" +else + # http serves a single offer, whereas https serves multiple. we only want one + download http://api.wordpress.org/core/version-check/1.7/ /tmp/wp-latest.json + grep '[0-9]+\.[0-9]+(\.[0-9]+)?' /tmp/wp-latest.json + LATEST_VERSION=$(grep -o '"version":"[^"]*' /tmp/wp-latest.json | sed 's/"version":"//') + if [[ -z "$LATEST_VERSION" ]]; then + echo "Latest WordPress version could not be found" + exit 1 + fi + WP_TESTS_TAG="tags/$LATEST_VERSION" +fi +set -ex + +install_wp() { + + if [ -d $WP_CORE_DIR ]; then + return; + fi + + mkdir -p $WP_CORE_DIR + + if [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then + mkdir -p $TMPDIR/wordpress-nightly + download https://wordpress.org/nightly-builds/wordpress-latest.zip $TMPDIR/wordpress-nightly/wordpress-nightly.zip + unzip -q $TMPDIR/wordpress-nightly/wordpress-nightly.zip -d $TMPDIR/wordpress-nightly/ + mv $TMPDIR/wordpress-nightly/wordpress/* $WP_CORE_DIR + else + if [ $WP_VERSION == 'latest' ]; then + local ARCHIVE_NAME='latest' + elif [[ $WP_VERSION =~ [0-9]+\.[0-9]+ ]]; then + # https serves multiple offers, whereas http serves single. + download https://api.wordpress.org/core/version-check/1.7/ $TMPDIR/wp-latest.json + if [[ $WP_VERSION =~ [0-9]+\.[0-9]+\.[0] ]]; then + # version x.x.0 means the first release of the major version, so strip off the .0 and download version x.x + LATEST_VERSION=${WP_VERSION%??} + else + # otherwise, scan the releases and get the most up to date minor version of the major release + local VERSION_ESCAPED=`echo $WP_VERSION | sed 's/\./\\\\./g'` + LATEST_VERSION=$(grep -o '"version":"'$VERSION_ESCAPED'[^"]*' $TMPDIR/wp-latest.json | sed 's/"version":"//' | head -1) + fi + if [[ -z "$LATEST_VERSION" ]]; then + local ARCHIVE_NAME="wordpress-$WP_VERSION" + else + local ARCHIVE_NAME="wordpress-$LATEST_VERSION" + fi + else + local ARCHIVE_NAME="wordpress-$WP_VERSION" + fi + download https://wordpress.org/${ARCHIVE_NAME}.tar.gz $TMPDIR/wordpress.tar.gz + tar --strip-components=1 -zxmf $TMPDIR/wordpress.tar.gz -C $WP_CORE_DIR + fi + + download https://raw.github.com/markoheijnen/wp-mysqli/master/db.php $WP_CORE_DIR/wp-content/db.php +} + +install_test_suite() { + # portable in-place argument for both GNU sed and Mac OSX sed + if [[ $(uname -s) == 'Darwin' ]]; then + local ioption='-i.bak' + else + local ioption='-i' + fi + + # set up testing suite if it doesn't yet exist + if [ ! -d $WP_TESTS_DIR ]; then + # set up testing suite + mkdir -p $WP_TESTS_DIR + svn co --quiet https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/includes/ $WP_TESTS_DIR/includes + svn co --quiet https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/data/ $WP_TESTS_DIR/data + fi + + if [ ! -f wp-tests-config.php ]; then + download https://develop.svn.wordpress.org/${WP_TESTS_TAG}/wp-tests-config-sample.php "$WP_TESTS_DIR"/wp-tests-config.php + # remove all forward slashes in the end + WP_CORE_DIR=$(echo $WP_CORE_DIR | sed "s:/\+$::") + sed $ioption "s:dirname( __FILE__ ) . '/src/':'$WP_CORE_DIR/':" "$WP_TESTS_DIR"/wp-tests-config.php + sed $ioption "s/youremptytestdbnamehere/$DB_NAME/" "$WP_TESTS_DIR"/wp-tests-config.php + sed $ioption "s/yourusernamehere/$DB_USER/" "$WP_TESTS_DIR"/wp-tests-config.php + sed $ioption "s/yourpasswordhere/$DB_PASS/" "$WP_TESTS_DIR"/wp-tests-config.php + sed $ioption "s|localhost|${DB_HOST}|" "$WP_TESTS_DIR"/wp-tests-config.php + fi + +} + +install_db() { + + if [ ${SKIP_DB_CREATE} = "true" ]; then + return 0 + fi + + # parse DB_HOST for port or socket references + local PARTS=(${DB_HOST//\:/ }) + local DB_HOSTNAME=${PARTS[0]}; + local DB_SOCK_OR_PORT=${PARTS[1]}; + local EXTRA="" + + if ! [ -z $DB_HOSTNAME ] ; then + if [ $(echo $DB_SOCK_OR_PORT | grep -e '^[0-9]\{1,\}$') ]; then + EXTRA=" --host=$DB_HOSTNAME --port=$DB_SOCK_OR_PORT --protocol=tcp" + elif ! [ -z $DB_SOCK_OR_PORT ] ; then + EXTRA=" --socket=$DB_SOCK_OR_PORT" + elif ! [ -z $DB_HOSTNAME ] ; then + EXTRA=" --host=$DB_HOSTNAME --protocol=tcp" + fi + fi + + # create database + mysqladmin create $DB_NAME --user="$DB_USER" --password="$DB_PASS"$EXTRA +} + +install_wp +install_test_suite +install_db diff --git a/phpcs.ruleset.xml b/phpcs.ruleset.xml deleted file mode 100644 index 6a07708..0000000 --- a/phpcs.ruleset.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - 0 - - diff --git a/phpunit.xml.dist b/phpunit.xml.dist index f00556f..16a3902 100644 --- a/phpunit.xml.dist +++ b/phpunit.xml.dist @@ -1,3 +1,4 @@ + - tests + ./tests/ + ./tests/test-sample.php - - - . - - - ./inc - ./plugin.php - - diff --git a/tests/bootstrap.php b/tests/bootstrap.php index b4051b5..dc9efad 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -1,30 +1,31 @@ Date: Thu, 18 Jul 2019 10:26:14 +0100 Subject: [PATCH 3/9] Fix tests --- .travis.yml | 22 +++++++++------------- composer.json | 14 +++++++++++++- tests/bootstrap.php | 2 +- 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5957d4b..1f65be6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,21 +18,23 @@ cache: matrix: include: + - php: 7.3 + env: WP_VERSION=latest - php: 7.2 env: WP_VERSION=latest - php: 7.1 env: WP_VERSION=latest - php: 7.0 env: WP_VERSION=latest - - php: 5.6 - env: WP_VERSION=latest - - php: 5.6 + - php: 7.0 env: WP_VERSION=trunk - - php: 5.6 + - php: 7.0 env: WP_TRAVISCI=phpcs + dist: precise before_script: - export PATH="$HOME/.composer/vendor/bin:$PATH" + - composer install --ignore-platform-reqs --optimize-autoloader --no-interaction --prefer-dist - | if [ -f ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/xdebug.ini ]; then phpenv config-rm xdebug.ini @@ -42,21 +44,15 @@ before_script: - | if [[ ! -z "$WP_VERSION" ]] ; then bash bin/install-wp-tests.sh wordpress_test root '' localhost $WP_VERSION - composer global require "phpunit/phpunit=4.8.*|5.7.*" - fi - - | - if [[ "$WP_TRAVISCI" == "phpcs" ]] ; then - composer global require wp-coding-standards/wpcs - phpcs --config-set installed_paths $HOME/.composer/vendor/wp-coding-standards/wpcs fi script: - | if [[ ! -z "$WP_VERSION" ]] ; then - phpunit - WP_MULTISITE=1 phpunit + vendor/bin/phpunit + WP_MULTISITE=1 vendor/bin/phpunit fi - | if [[ "$WP_TRAVISCI" == "phpcs" ]] ; then - phpcs + vendor/bin/phpcs fi diff --git a/composer.json b/composer.json index 35fc0bd..210c30d 100644 --- a/composer.json +++ b/composer.json @@ -9,7 +9,19 @@ "homepage": "http://wp-api.org/" } ], + "require": { + "composer/installers": "~1.0", + "php": "^5.6.0||^7.0" + }, "require-dev": { - "humanmade/coding-standards": "dev-master" + "squizlabs/php_codesniffer": "^3.3.1", + "wp-coding-standards/wpcs": "^2.1.1", + "dealerdirect/phpcodesniffer-composer-installer": "^0.5.0", + "phpcompatibility/phpcompatibility-wp": "^2.0", + "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0" + }, + "scripts": { + "post-install-cmd": "\"vendor/bin/phpcs\" --config-set installed_paths vendor/wp-coding-standards/wpcs", + "post-update-cmd" : "\"vendor/bin/phpcs\" --config-set installed_paths vendor/wp-coding-standards/wpcs" } } diff --git a/tests/bootstrap.php b/tests/bootstrap.php index dc9efad..54b77fd 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -23,7 +23,7 @@ * Manually load the plugin being tested. */ function _manually_load_plugin() { - require dirname( dirname( __FILE__ ) ) . '/oauth2.php'; + require dirname( dirname( __FILE__ ) ) . '/plugin.php'; } tests_add_filter( 'muplugins_loaded', '_manually_load_plugin' ); From 9c52b3aa0e387c06be8de88c34e4b44f32afad0f Mon Sep 17 00:00:00 2001 From: Jonathan Harris Date: Thu, 18 Jul 2019 10:31:45 +0100 Subject: [PATCH 4/9] Remove php compat --- .phpcs.xml.dist | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist index 09b1245..cbbf3d7 100644 --- a/.phpcs.xml.dist +++ b/.phpcs.xml.dist @@ -16,19 +16,11 @@ - - - - - - - - - - + + From 02d47e566731e23524ee027c051606b5480c1028 Mon Sep 17 00:00:00 2001 From: Jonathan Harris Date: Thu, 18 Jul 2019 11:04:59 +0100 Subject: [PATCH 5/9] WordPress coding standards set --- .phpcs.xml.dist | 20 +++---------------- inc/admin/class-listtable.php | 2 +- inc/admin/namespace.php | 3 +-- inc/admin/profile/namespace.php | 5 ++--- .../profile/personaltokens/namespace.php | 1 - inc/authentication/namespace.php | 2 +- inc/class-client.php | 2 +- inc/class-clientinterface.php | 2 +- inc/class-personalclient.php | 2 +- inc/endpoints/class-token.php | 2 +- inc/namespace.php | 3 +-- inc/tokens/class-access-token.php | 4 ++-- inc/tokens/class-authorization-code.php | 2 +- inc/tokens/class-token.php | 4 ++-- inc/types/class-authorization-code.php | 4 ++-- inc/types/class-base.php | 16 +++++++-------- inc/types/class-implicit.php | 4 ++-- plugin.php | 4 ++-- tests/bootstrap.php | 2 +- theme/oauth2-authorize.php | 8 ++++---- 20 files changed, 36 insertions(+), 56 deletions(-) diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist index cbbf3d7..28fad30 100644 --- a/.phpcs.xml.dist +++ b/.phpcs.xml.dist @@ -20,22 +20,8 @@ - - - - - - - - - - - - - - - - - + + + diff --git a/inc/admin/class-listtable.php b/inc/admin/class-listtable.php index 48a44b5..83331b9 100644 --- a/inc/admin/class-listtable.php +++ b/inc/admin/class-listtable.php @@ -103,7 +103,7 @@ protected function column_name( $item ) { ]; $post_type_object = get_post_type_object( $item->post_type ); - if ( current_user_can( $post_type_object->cap->publish_posts ) && $item->post_status !== 'publish' ) { + if ( current_user_can( $post_type_object->cap->publish_posts ) && 'publish' !== $item->post_status ) { $publish_link = add_query_arg( [ 'page' => 'rest-oauth2-apps', diff --git a/inc/admin/namespace.php b/inc/admin/namespace.php index 8403706..aa79fb0 100644 --- a/inc/admin/namespace.php +++ b/inc/admin/namespace.php @@ -86,7 +86,6 @@ function load() { return; } - } /** @@ -342,7 +341,7 @@ function render_edit_page() { $submenu_file = BASE_SLUG; // phpcs:enable - include( ABSPATH . 'wp-admin/admin-header.php' ); + include ABSPATH . 'wp-admin/admin-header.php'; ?>
diff --git a/inc/admin/profile/namespace.php b/inc/admin/profile/namespace.php index a1aeb44..09fa212 100644 --- a/inc/admin/profile/namespace.php +++ b/inc/admin/profile/namespace.php @@ -46,7 +46,7 @@ function ( Access_Token $token ) { } ?> -

+

@@ -156,7 +156,6 @@ function render_token_row( WP_User $user, Access_Token $token ) { */ $actions = apply_filters_deprecated( 'oauth2.admin.profile.render_token_row.actions', $actions, $token, $user ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores - /** * Filter actions shown for an access token on the profile screen. * @@ -192,7 +191,7 @@ function render_token_row( WP_User $user, Access_Token $token ) { */ function output_profile_messages() { global $pagenow; - if ( $pagenow !== 'profile.php' && $pagenow !== 'user-edit.php' ) { + if ( 'profile.php' !== $pagenow && 'user-edit.php' !== $pagenow ) { return; } diff --git a/inc/admin/profile/personaltokens/namespace.php b/inc/admin/profile/personaltokens/namespace.php index 974ca70..f500cee 100644 --- a/inc/admin/profile/personaltokens/namespace.php +++ b/inc/admin/profile/personaltokens/namespace.php @@ -152,7 +152,6 @@ class="regular-text" * Handle action from a form. */ function handle_page_action( WP_User $user ) { - if ( ! isset( $_POST['oauth2_action'] ) ) { return new WP_Error( 'rest_oauth2_invalid_action', diff --git a/inc/authentication/namespace.php b/inc/authentication/namespace.php index 02864f9..4185ec1 100644 --- a/inc/authentication/namespace.php +++ b/inc/authentication/namespace.php @@ -84,7 +84,7 @@ function get_token_from_request() { return null; } - $token = $_GET['access_token']; // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized + $token = $_GET['access_token']; // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput if ( is_string( $token ) ) { return $token; } diff --git a/inc/class-client.php b/inc/class-client.php index c0f49ef..f795bbb 100644 --- a/inc/class-client.php +++ b/inc/class-client.php @@ -276,7 +276,7 @@ public function regenerate_secret() { * Issue token for a user. * * @param \WP_User $user - * @param array $meta + * @param array $meta * * @return Access_Token */ diff --git a/inc/class-clientinterface.php b/inc/class-clientinterface.php index 6646597..77a2468 100644 --- a/inc/class-clientinterface.php +++ b/inc/class-clientinterface.php @@ -87,7 +87,7 @@ public function regenerate_secret(); * Issue token for a user. * * @param \WP_User $user - * @param array $meta + * @param array $meta * * @return Access_Token */ diff --git a/inc/class-personalclient.php b/inc/class-personalclient.php index 3d83a73..6d8c9cd 100644 --- a/inc/class-personalclient.php +++ b/inc/class-personalclient.php @@ -149,7 +149,7 @@ public function regenerate_secret() { * Issue token for a user. * * @param \WP_User $user - * @param array $meta + * @param array $meta * * @return Access_Token */ diff --git a/inc/endpoints/class-token.php b/inc/endpoints/class-token.php index 77fe2f3..07fcd07 100644 --- a/inc/endpoints/class-token.php +++ b/inc/endpoints/class-token.php @@ -52,7 +52,7 @@ public function register_routes() { * @return bool Whether or not the grant type is valid. */ public function validate_grant_type( $type ) { - return $type === 'authorization_code'; + return 'authorization_code' === $type; } /** diff --git a/inc/namespace.php b/inc/namespace.php index bfa5119..206784b 100644 --- a/inc/namespace.php +++ b/inc/namespace.php @@ -46,7 +46,6 @@ function rest_oauth2_load_authorize_page() { * @return Type[] Map of grant type to handler object. */ function get_grant_types() { - $grant_types = apply_filters_deprecated( 'oauth2.grant_types', [] ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores /** @@ -162,7 +161,7 @@ function get_token_url() { * @return ClientInterface Client instance. */ function get_client( $id ) { - if ( $id === PersonalClient::ID ) { + if ( PersonalClient::ID === $id ) { return PersonalClient::get_instance(); } diff --git a/inc/tokens/class-access-token.php b/inc/tokens/class-access-token.php index 8f6476b..7950bbf 100644 --- a/inc/tokens/class-access-token.php +++ b/inc/tokens/class-access-token.php @@ -49,7 +49,7 @@ public function get_creation_time() { * as a description for the token. * * @param string $key Meta key to fetch. - * @param mixed $default Value to return if key is unavailable. + * @param mixed $default Value to return if key is unavailable. * @return mixed Value if available, or value of `$default` if not found. */ public function get_meta( $key, $default = null ) { @@ -67,7 +67,7 @@ public function get_meta( $key, $default = null ) { * as a description for the token. * * @param string $key Meta key to set. - * @param mixed $value Value to set on the key. + * @param mixed $value Value to set on the key. * @return bool True if meta was set, false otherwise. */ public function set_meta( $key, $value ) { diff --git a/inc/tokens/class-authorization-code.php b/inc/tokens/class-authorization-code.php index a234d9b..ac2e41f 100644 --- a/inc/tokens/class-authorization-code.php +++ b/inc/tokens/class-authorization-code.php @@ -183,7 +183,7 @@ public static function get_by_code( Client $client, $code ) { /** * Creates a new authorization code instance for the given client and user. * - * @param Client $client + * @param Client $client * @param WP_User $user * * @return Authorization_Code|WP_Error Authorization code instance, or error on failure. diff --git a/inc/tokens/class-token.php b/inc/tokens/class-token.php index 874ca70..e150f86 100644 --- a/inc/tokens/class-token.php +++ b/inc/tokens/class-token.php @@ -28,8 +28,8 @@ abstract class Token { protected $value; /** - * @param string $key - * @param mixed $value + * @param WP_User $key + * @param mixed $value */ protected function __construct( WP_User $user, $key, $value ) { $this->user = $user; diff --git a/inc/types/class-authorization-code.php b/inc/types/class-authorization-code.php index 1d73316..6b450bd 100644 --- a/inc/types/class-authorization-code.php +++ b/inc/types/class-authorization-code.php @@ -67,13 +67,13 @@ protected function handle_authorization_submission( $submit, Client $client, $da $redirect_args = $this->filter_redirect_args( $redirect_args, - $submit === 'authorize', + 'authorize' === $submit, $client, $data ); $generated_redirect = add_query_arg( urlencode_deep( $redirect_args ), $redirect_uri ); - wp_redirect( $generated_redirect ); + wp_safe_redirect( $generated_redirect ); exit; } } diff --git a/inc/types/class-base.php b/inc/types/class-base.php index 7ab8093..5c9309a 100644 --- a/inc/types/class-base.php +++ b/inc/types/class-base.php @@ -17,7 +17,7 @@ abstract class Base implements Type { * * @param string $submit Value of the selected button. * @param Client $client Client being authorised. - * @param array $data Data gathered for the request. { + * @param array $data Data gathered for the request. { * @var string $redirect_uri Specified redirection URI. * @var string $scope Requested scope. * @var string $state State parameter from the client. @@ -32,7 +32,6 @@ abstract protected function handle_authorization_submission( $submit, Client $cl * @return string|void|WP_Error|null */ public function handle_authorisation() { - if ( empty( $_GET['client_id'] ) ) { return new WP_Error( 'oauth2.types.authorization_code.handle_authorisation.missing_client_id', @@ -70,7 +69,7 @@ public function handle_authorisation() { if ( ! is_user_logged_in() ) { $redirect = ''; if ( isset( $_SERVER['REQUEST_URI'] ) ) { - $redirect = $_SERVER['REQUEST_URI']; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized + $redirect = $_SERVER['REQUEST_URI']; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput } $url = wp_login_url( $redirect ); wp_safe_redirect( $url ); @@ -113,7 +112,7 @@ public function handle_authorisation() { /** * Validate the supplied redirect URI. * - * @param Client $client Client to validate against. + * @param Client $client Client to validate against. * @param string|null $redirect_uri Redirect URI, if supplied. * @return string|WP_Error Valid redirect URI on success, error otherwise. */ @@ -144,7 +143,7 @@ protected function validate_redirect_uri( Client $client, $redirect_uri = null ) /** * Render the authorisation form. * - * @param Client $client Client being authorised. + * @param Client $client Client being authorised. * @param WP_Error $errors Errors to display, if any. */ protected function render_form( Client $client, WP_Error $errors = null ) { @@ -169,10 +168,10 @@ protected function get_nonce_action( Client $client ) { /** * Filter the redirection args. * - * @param array $redirect_args Redirect args. + * @param array $redirect_args Redirect args. * @param boolean $authorized True if authorized, false otherwise. - * @param Client $client Client being authorised. - * @param array $data Data for the request. + * @param Client $client Client being authorised. + * @param array $data Data for the request. */ protected function filter_redirect_args( $redirect_args, $authorized, Client $client, $data ) { if ( ! $authorized ) { @@ -186,7 +185,6 @@ protected function filter_redirect_args( $redirect_args, $authorized, Client $cl */ $redirect_args = apply_filters_deprecated( 'oauth2.redirect_args.cancelled', $redirect_args, $client, $data ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores - /** * Filter the redirect args when the user has cancelled. * diff --git a/inc/types/class-implicit.php b/inc/types/class-implicit.php index 4ac28c6..a14781e 100644 --- a/inc/types/class-implicit.php +++ b/inc/types/class-implicit.php @@ -68,14 +68,14 @@ protected function handle_authorization_submission( $submit, Client $client, $da $redirect_args = $this->filter_redirect_args( $redirect_args, - $submit === 'authorize', + 'authorize' === $submit, $client, $data ); $fragment = build_query( $redirect_args ); $generated_redirect = $redirect_uri . '#' . $fragment; - wp_redirect( $generated_redirect ); + wp_safe_redirect( $generated_redirect ); exit; } diff --git a/plugin.php b/plugin.php index 9583d4b..af6de1a 100644 --- a/plugin.php +++ b/plugin.php @@ -4,8 +4,8 @@ * * @package WordPress * @subpackage JSON API - * @author WordPress Core Contributors (REST API Focus) - * @copyright 2019 WordPress + * @author Squiz Pty Ltd + * @copyright 2019 Squiz Pty Ltd (ABN 77 084 670 600) * @license GPL-2.0-or-later * * @oauth2 diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 54b77fd..027784f 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -12,7 +12,7 @@ } if ( ! file_exists( $_tests_dir . '/includes/functions.php' ) ) { - echo "Could not find $_tests_dir/includes/functions.php, have you run bin/install-wp-tests.sh ?" . PHP_EOL; // WPCS: XSS ok. + echo "Could not find $_tests_dir/includes/functions.php, have you run bin/install-wp-tests.sh ?" . PHP_EOL; // phpcs:ignore WordPress.Security.EscapeOutput exit( 1 ); } diff --git a/theme/oauth2-authorize.php b/theme/oauth2-authorize.php index 965bef3..5af543f 100644 --- a/theme/oauth2-authorize.php +++ b/theme/oauth2-authorize.php @@ -15,7 +15,7 @@ $_current_user = wp_get_current_user(); -$url = $_SERVER['REQUEST_URI']; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.InputNotValidated +$url = $_SERVER['REQUEST_URI']; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput ?> @@ -100,14 +100,14 @@ ?>

- - + +

- - - + + +
- - - -
+ + + +

-

+

+ +

%s', $client->get_name() ); if ( $is_personal ) { diff --git a/inc/class-client.php b/inc/class-client.php index f795bbb..efed3ee 100644 --- a/inc/class-client.php +++ b/inc/class-client.php @@ -1,7 +1,7 @@ validate_callback( $uri ) ) { @@ -207,30 +210,12 @@ public function check_redirect_uri( $uri ) { * Filter whether a callback is counted as valid. (deprecated). * User rest_oauth_check_callback. * - * @param boolean $valid True if the callback URL is valid, false otherwise. - * @param string $url Supplied callback URL. - * @param string $registered_uri URI being checked. - * @param Client $client OAuth 2 client object. - */ - $valid = apply_filters_deprecated( 'rest_oauth.check_callback', $valid, $uri, $registered_uri, $this ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores - - /** - * Filter whether a callback is counted as valid. - * - * By default, the URLs must match scheme, host, port, user, pass, and - * path. Query and fragment segments are allowed to be different. - * - * To change this behaviour, filter this value. Note that consumers must - * have a callback registered, even if you relax this restruction. It is - * highly recommended not to change this behaviour, as clients will - * expect the same behaviour across all WP sites. - * - * @param boolean $valid True if the callback URL is valid, false otherwise. - * @param string $url Supplied callback URL. - * @param string $registered_uri URI being checked. - * @param Client $client OAuth 2 client object. + * @param boolean $valid True if the callback URL is valid, false otherwise. + * @param string $url Supplied callback URL. + * @param string $registered_uri URI being checked. + * @param Client $client OAuth 2 client object. */ - $valid = apply_filters( 'rest_oauth_check_callback', $valid, $uri, $registered_uri, $this ); + $valid = apply_filters( 'rest_oauth.check_callback', $valid, $uri, $registered_uri, $this ); if ( $valid ) { // Stop checking, we have a match. @@ -254,6 +239,7 @@ public function generate_authorization_code( WP_User $user ) { * Get data stored for an authorization code. * * @param string $code Authorization code to fetch. + * * @return Authorization_Code|WP_Error Data if available, error if invalid code. */ public function get_authorization_code( $code ) { @@ -288,6 +274,7 @@ public function issue_token( WP_User $user, $meta = [] ) { * Get a client by ID. * * @param string $id Client ID. + * * @return static|null Token if ID is found, null otherwise. */ public static function get_by_id( $id ) { @@ -312,6 +299,7 @@ public static function get_by_id( $id ) { * Get a client by post ID. * * @param int $id Client/post ID. + * * @return static|null Client instance on success, null if invalid/not found. */ public static function get_by_post_id( $id ) { @@ -327,7 +315,8 @@ public static function get_by_post_id( $id ) { * Create a new client. * * @param array $data { - * } + * } + * * @return WP_Error|Client Client instance on success, error otherwise. */ public static function create( $data ) { @@ -417,6 +406,7 @@ public function approve() { 'post_status' => 'publish', ]; $result = wp_update_post( wp_slash( $data ), true ); + return is_wp_error( $result ) ? $result : true; } diff --git a/inc/class-clientinterface.php b/inc/class-clientinterface.php index 77a2468..9b42081 100644 --- a/inc/class-clientinterface.php +++ b/inc/class-clientinterface.php @@ -1,7 +1,7 @@ $handler ) { if ( ! $handler instanceof Type ) { @@ -77,6 +76,7 @@ function get_grant_types() { * Callback for the oauth2.grant_types hook. * * @param array $types Existing grant types. + * * @return array Grant types with additional types registered. */ function register_grant_types( $types ) { @@ -90,6 +90,7 @@ function register_grant_types( $types ) { * Register the OAuth 2 authentication scheme in the API index. * * @param WP_REST_Response $response Index response object. + * * @return WP_REST_Response Update index repsonse object. */ function register_in_index( WP_REST_Response $response ) { @@ -104,6 +105,7 @@ function register_in_index( WP_REST_Response $response ) { ]; $response->set_data( $data ); + return $response; } @@ -121,14 +123,7 @@ function get_authorization_url() { * * @param string $url URL for the OAuth 2 authorization endpoint. */ - $url = apply_filters_deprecated( 'oauth2.get_authorization_url', $url ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores - - /** - * Filter the authorization URL. - * - * @param string $url URL for the OAuth 2 authorization endpoint. - */ - return apply_filters( 'oauth2_get_authorization_url', $url ); + return apply_filters( 'oauth2.get_authorization_url', $url ); } /** @@ -144,20 +139,14 @@ function get_token_url() { * * @param string $url URL for the OAuth 2 token endpoint. */ - $url = apply_filters_deprecated( 'oauth2.get_token_url', $url ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores - - /** - * Filter the token URL. - * - * @param string $url URL for the OAuth 2 token endpoint. - */ - return apply_filters( 'oauth2_get_token_url', $url ); + return apply_filters( 'oauth2.get_token_url', $url ); } /** * Get a client by ID. * * @param string $id ID for the client. + * * @return ClientInterface Client instance. */ function get_client( $id ) { diff --git a/inc/tokens/class-access-token.php b/inc/tokens/class-access-token.php index 7950bbf..ad43f35 100644 --- a/inc/tokens/class-access-token.php +++ b/inc/tokens/class-access-token.php @@ -1,7 +1,7 @@ get_user_id(), $this->get_meta_key() ); @@ -102,6 +104,7 @@ public function revoke() { * Get a token by ID. * * @param string $id Token ID. + * * @return static|null Token if ID is found, null otherwise. */ public static function get_by_id( $id ) { @@ -152,6 +155,7 @@ public static function get_for_user( WP_User $user ) { $value = maybe_unserialize( $values[0] ); $tokens[] = new static( $user, $real_key, $value ); } + return $tokens; } diff --git a/inc/types/class-base.php b/inc/types/class-base.php index 5c9309a..733e8d4 100644 --- a/inc/types/class-base.php +++ b/inc/types/class-base.php @@ -178,33 +178,13 @@ protected function filter_redirect_args( $redirect_args, $authorized, Client $cl /** * Filter the redirect args when the user has cancelled. * - * @deprecated * @param array $redirect_args Redirect args. * @param Client $client Client being authorised. * @param array $data Data for the request. */ - $redirect_args = apply_filters_deprecated( 'oauth2.redirect_args.cancelled', $redirect_args, $client, $data ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores - - /** - * Filter the redirect args when the user has cancelled. - * - * @param array $redirect_args Redirect args. - * @param Client $client Client being authorised. - * @param array $data Data for the request. - */ - return apply_filters( 'oauth2_redirect_args_cancelled', $redirect_args, $client, $data ); + return apply_filters( 'oauth2.redirect_args.cancelled', $redirect_args, $client, $data ); } - /** - * Filter the redirect args when the user has authorized. - * - * @deprecated - * @param array $redirect_args Redirect args. - * @param Client $client Client being authorised. - * @param array $data Data for the request. - */ - $redirect_args = apply_filters_deprecated( 'oauth2.redirect_args.authorized', $redirect_args, $client, $data ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores - /** * Filter the redirect args when the user has authorized. * @@ -212,6 +192,6 @@ protected function filter_redirect_args( $redirect_args, $authorized, Client $cl * @param Client $client Client being authorised. * @param array $data Data for the request. */ - return apply_filters( 'oauth2_redirect_args_authorized', $redirect_args, $client, $data ); + return apply_filters( 'oauth2.redirect_args.authorized', $redirect_args, $client, $data ); } } From 5e9536ccde3915b990b2e6410320276d108872c9 Mon Sep 17 00:00:00 2001 From: Jonathan Harris Date: Thu, 18 Jul 2019 13:41:50 +0100 Subject: [PATCH 7/9] Fix spacing --- inc/class-client.php | 14 +++++++------- inc/tokens/class-access-token.php | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/inc/class-client.php b/inc/class-client.php index efed3ee..155343b 100644 --- a/inc/class-client.php +++ b/inc/class-client.php @@ -15,15 +15,15 @@ use WP_User; class Client implements ClientInterface { - const POST_TYPE = 'oauth2_client'; - const CLIENT_SECRET_KEY = '_oauth2_client_secret'; - const TYPE_KEY = '_oauth2_client_type'; - const REDIRECT_URI_KEY = '_oauth2_redirect_uri'; + const POST_TYPE = 'oauth2_client'; + const CLIENT_SECRET_KEY = '_oauth2_client_secret'; + const TYPE_KEY = '_oauth2_client_type'; + const REDIRECT_URI_KEY = '_oauth2_redirect_uri'; const AUTH_CODE_KEY_PREFIX = '_oauth2_authcode_'; - const AUTH_CODE_LENGTH = 12; - const CLIENT_ID_LENGTH = 12; + const AUTH_CODE_LENGTH = 12; + const CLIENT_ID_LENGTH = 12; const CLIENT_SECRET_LENGTH = 48; - const AUTH_CODE_AGE = 600; // 10 * MINUTE_IN_SECONDS + const AUTH_CODE_AGE = 600; // 10 * MINUTE_IN_SECONDS /** * @var WP_Post diff --git a/inc/tokens/class-access-token.php b/inc/tokens/class-access-token.php index ad43f35..3b6b250 100644 --- a/inc/tokens/class-access-token.php +++ b/inc/tokens/class-access-token.php @@ -15,7 +15,7 @@ class Access_Token extends Token { const META_PREFIX = '_oauth2_access_'; - const KEY_LENGTH = 12; + const KEY_LENGTH = 12; /** * @return string Meta prefix. From f43a8bf0e9766596284a17ec0e65a2182fc7b2e7 Mon Sep 17 00:00:00 2001 From: Jonny Harris Date: Thu, 18 Jul 2019 16:23:09 +0100 Subject: [PATCH 8/9] Change Docs block --- plugin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin.php b/plugin.php index af6de1a..bbe73cf 100644 --- a/plugin.php +++ b/plugin.php @@ -19,8 +19,8 @@ * License URI: https://www.gnu.org/licenses/gpl-2.0.html * Text Domain: oauth2 * Domain Path: /languages - * RequiresWP: 4.8 - * RequiresPHP: 5.6 + * Requires WP: 4.8 + * Requires PHP: 5.6 */ namespace WP\OAuth2; From cd32738dfb13a535d57717d3ccf6c152fbfb750d Mon Sep 17 00:00:00 2001 From: Jonny Harris Date: Thu, 18 Jul 2019 16:25:30 +0100 Subject: [PATCH 9/9] Change required doc --- plugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin.php b/plugin.php index bbe73cf..9b8ae34 100644 --- a/plugin.php +++ b/plugin.php @@ -19,7 +19,7 @@ * License URI: https://www.gnu.org/licenses/gpl-2.0.html * Text Domain: oauth2 * Domain Path: /languages - * Requires WP: 4.8 + * Requires at least: 4.8 * Requires PHP: 5.6 */