Add settings validation to import settings

auth0 · Feb 4, 2020 · 2142081 · 2142081
1 parent 918d094
commit 2142081
Show file tree

Hide file tree

Showing 13 changed files with 185 additions and 93 deletions.
diff --git a/lib/WP_Auth0_Import_Settings.php b/lib/WP_Auth0_Import_Settings.php
@@ -31,8 +31,19 @@ public function import_settings() {
 			exit;
 		}
 
-		foreach ( $settings as $key => $value ) {
-			$this->a0_options->set( $key, $value, false );
+		// Keep original settings keys so we only save imported values.
+		$settings_keys = array_keys( $settings );
+
+		$admin = new WP_Auth0_Admin( $this->a0_options, new WP_Auth0_Routes( $this->a0_options ) );
+
+		// Default setting values will be added to the array.
+		$settings_validated = $admin->input_validator( $settings );
+
+		foreach ( $settings_keys as $settings_key ) {
+			// Invalid settings keys are removed in WP_Auth0_Admin::input_validator().
+			if ( isset( $settings_validated[ $settings_key ] ) ) {
+				$this->a0_options->set( $settings_key, $settings_validated[ $settings_key ], false );
+			}
 		}
 
 		$this->a0_options->update_all();

diff --git a/lib/admin/WP_Auth0_Admin.php b/lib/admin/WP_Auth0_Admin.php
@@ -11,6 +11,13 @@ class WP_Auth0_Admin {
 	public function __construct( WP_Auth0_Options $a0_options, WP_Auth0_Routes $router ) {
 		$this->a0_options = $a0_options;
 		$this->router     = $router;
+
+		$this->sections = [
+			'basic'      => new WP_Auth0_Admin_Basic( $this->a0_options ),
+			'features'   => new WP_Auth0_Admin_Features( $this->a0_options ),
+			'appearance' => new WP_Auth0_Admin_Appearance( $this->a0_options ),
+			'advanced'   => new WP_Auth0_Admin_Advanced( $this->a0_options, $this->router ),
+		];
 	}
 
 	/**
@@ -58,17 +65,10 @@ public function admin_enqueue() {
 	}
 
 	public function init_admin() {
-		$this->sections['basic'] = new WP_Auth0_Admin_Basic( $this->a0_options );
-		$this->sections['basic']->init();
-
-		$this->sections['features'] = new WP_Auth0_Admin_Features( $this->a0_options );
-		$this->sections['features']->init();
-
-		$this->sections['appearance'] = new WP_Auth0_Admin_Appearance( $this->a0_options );
-		$this->sections['appearance']->init();
 
-		$this->sections['advanced'] = new WP_Auth0_Admin_Advanced( $this->a0_options, $this->router );
-		$this->sections['advanced']->init();
+		foreach ( $this->sections as $section ) {
+			$section->init();
+		}
 
 		register_setting(
 			$this->a0_options->get_options_name() . '_basic',
@@ -95,6 +95,14 @@ public function input_validator( array $input ) {
 			$input[ $key ] = $this->a0_options->get_constant_val( $key );
 		}
 
+		// Remove unknown keys.
+		$option_keys = $this->a0_options->get_defaults( true );
+		foreach ( $input as $key => $val ) {
+			if ( ! in_array( $key, $option_keys ) ) {
+				unset( $input[ $key ] );
+			}
+		}
+
 		foreach ( $this->sections as $name => $section ) {
 			$input = $section->input_validator( $input );
 		}

diff --git a/templates/import_settings.php b/templates/import_settings.php
@@ -7,6 +7,7 @@
   <div class="container-fluid">
 
 	  <h1><?php _e( 'Import and Export Settings', 'wp-auth0' ); ?></h1>
+
 	  <p class="a0-step-text top-margin">
 			<?php _e( 'You can import and export your Auth0 WordPress plugin settings here. ', 'wp-auth0' ); ?>
 			<?php _e( 'This allows you to either backup the data, or to move your settings to a new WordPress instance.', 'wp-auth0' ); ?>
@@ -28,7 +29,12 @@
 		  <form action="options.php" method="post" enctype="multipart/form-data">
 			<input type="hidden" name="action" value="wpauth0_import_settings" />
 
-			  <p class="a0-step-text top-margin"><?php _e( 'Paste the settings JSON in the field below:', 'wp-auth0' ); ?>
+			  <p class="a0-step-text top-margin">
+			  <?php
+					  _e( 'Paste the settings JSON in the field below. ', 'wp-auth0' );
+					  _e( 'Settings that are not in the imported JSON will use existing values. ', 'wp-auth0' );
+					  _e( 'Setting values will be validated so check the final values once import is complete. ', 'wp-auth0' );
+				?>
 			  <div class="a0-step-text top-margin"><textarea name="settings-json" class="large-text code" rows="6"></textarea></div>
 
 			<div class="a0-buttons">

diff --git a/templates/settings.php b/templates/settings.php
@@ -6,6 +6,18 @@
 
 			<?php settings_errors(); ?>
 
+		<?php if ( wp_auth0_get_option( 'client_id' ) ) : ?>
+		<a href="https://manage.auth0.com/#/applications/
+			<?php
+			echo esc_attr( wp_auth0_get_option( 'client_id' ) );
+			?>
+			" target="_blank">
+			<?php
+			_e( 'Manage this application at Auth0', 'wp-auth0' );
+			?>
+			</a>
+		<?php endif; ?>
+
 			<p class="nav nav-tabs" role="tablist">
 					<a id="tab-basic" href="#basic" class="js-a0-settings-tabs">
 						<?php _e( 'Basic', 'wp-auth0' ); ?>

diff --git a/tests/testAdminAppearanceValidation.php b/tests/testAdminAppearanceValidation.php
@@ -25,15 +25,6 @@ class TestAdminAppearanceValidation extends WP_Auth0_Test_Case {
 	public static function setUpBeforeClass() {
 		parent::setUpBeforeClass();
 		self::$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
-		self::$admin->init_admin();
-	}
-
-	public static function tearDownAfterClass() {
-		parent::tearDownAfterClass();
-		unregister_setting(
-			'wp_auth0_settings_basic',
-			'wp_auth0_settings'
-		);
 	}
 
 	/**

diff --git a/tests/testAdminBasicValidation.php b/tests/testAdminBasicValidation.php
@@ -34,15 +34,6 @@ class TestAdminBasicValidation extends WP_Auth0_Test_Case {
 	public static function setUpBeforeClass() {
 		parent::setUpBeforeClass();
 		self::$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
-		self::$admin->init_admin();
-	}
-
-	public static function tearDownAfterClass() {
-		parent::tearDownAfterClass();
-		unregister_setting(
-			'wp_auth0_settings_basic',
-			'wp_auth0_settings'
-		);
 	}
 
 	public function testThatDomainIsValidatedProperly() {

diff --git a/tests/testImportExportSettings.php b/tests/testImportExportSettings.php
@@ -165,4 +165,57 @@ public function testThatSettingsAreUpdatedWithValidJson() {
 		$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
 		$this->assertEquals( 302, $redirect_data['status'] );
 	}
+
+	public function testThatImportedSettingsAreValidated() {
+		$this->startRedirectHalting();
+		$this->setGlobalUser();
+		$_POST['settings-json'] = '{"client_signing_algorithm":"__invalid_alg__"}';
+
+		try {
+			wp_auth0_import_settings_admin_action();
+			$redirect_data = [ 'location' => 'No redirect caught' ];
+		} catch ( Exception $e ) {
+			$redirect_data = unserialize( $e->getMessage() );
+		}
+
+		$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
+		$this->assertNotEquals( '__invalid_alg__', wp_auth0_get_option( 'client_signing_algorithm' ) );
+	}
+
+	public function testThatOnlyImportedSettingsAreSaved() {
+		$this->startRedirectHalting();
+		$this->setGlobalUser();
+		self::$opts->set( 'client_id', '__test_existing_client_id__' );
+		$_POST['settings-json'] = '{"domain":"__test_domain__"}';
+
+		try {
+			wp_auth0_import_settings_admin_action();
+			$redirect_data = [ 'location' => 'No redirect caught' ];
+		} catch ( Exception $e ) {
+			$redirect_data = unserialize( $e->getMessage() );
+		}
+
+		$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
+		$this->assertEquals( '__test_domain__', wp_auth0_get_option( 'domain' ) );
+		$this->assertEquals( '__test_existing_client_id__', wp_auth0_get_option( 'client_id' ) );
+	}
+
+	public function testThatUnknownImportedKeysAreRemoved() {
+		$this->startRedirectHalting();
+		$this->setGlobalUser();
+		$_POST['settings-json'] = '{"domain":"__test_domain__", "__invalid_key__": "__test_val__"}';
+
+		try {
+			wp_auth0_import_settings_admin_action();
+			$redirect_data = [ 'location' => 'No redirect caught' ];
+		} catch ( Exception $e ) {
+			$redirect_data = unserialize( $e->getMessage() );
+		}
+
+		$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
+
+		$db_options = get_option( 'wp_auth0_settings' );
+		$this->assertEquals( '__test_domain__', $db_options['domain'] );
+		$this->assertArrayNotHasKey( '__invalid_key__', $db_options );
+	}
 }
diff --git a/tests/testOptionLockCdn.php b/tests/testOptionLockCdn.php
@@ -139,36 +139,38 @@ public function testThatLockCdnUrlFieldDisplaysProperly() {
 	 * Test that the Custom Lock CDN URL setting is validated properly.
 	 */
 	public function testThatCustomLockCdnIsValidatedOnSave() {
+		$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => false ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => false ] );
 		$this->assertEquals( false, $validated['custom_cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => 0 ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => 0 ] );
 		$this->assertEquals( false, $validated['custom_cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => 1 ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => 1 ] );
 		$this->assertEquals( true, $validated['custom_cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => '1' ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => '1' ] );
 		$this->assertEquals( true, $validated['custom_cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => uniqid() ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => uniqid() ] );
 		$this->assertEquals( false, $validated['custom_cdn_url'] );
 	}
 
 	/**
 	 * Test that the Custom Lock CDN URL setting does not change the Lock CDN URL.
 	 */
 	public function testThatCustomLockCdnDoesNotChangeSavedCdnUrl() {
+		$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
 
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[
 				'cdn_url' => WPA0_LOCK_CDN_URL,
 			]
 		);
 		$this->assertEquals( WPA0_LOCK_CDN_URL, $validated['cdn_url'] );
 
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[
 				'custom_cdn_url' => '1',
 				'cdn_url'        => WPA0_LOCK_CDN_URL,
@@ -181,17 +183,18 @@ public function testThatCustomLockCdnDoesNotChangeSavedCdnUrl() {
 	 * Test that the Lock CDN URL setting is validated properly.
 	 */
 	public function testThatLockCdnUrlIsValidatedOnSave() {
+		$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
 
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[ 'cdn_url' => WPA0_LOCK_CDN_URL ]
 		);
 		$this->assertEquals( WPA0_LOCK_CDN_URL, $validated['cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'cdn_url' => ' ' . WPA0_LOCK_CDN_URL . ' ' ] );
+		$validated = $admin->input_validator( [ 'cdn_url' => ' ' . WPA0_LOCK_CDN_URL . ' ' ] );
 		$this->assertEquals( WPA0_LOCK_CDN_URL, $validated['cdn_url'] );
 
 		self::$opts->set( 'cdn_url', '__old_cdn_url__' );
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[
 				'custom_cdn_url' => true,
 				'cdn_url'        => '__invalid_cdn_url__',
@@ -200,7 +203,7 @@ public function testThatLockCdnUrlIsValidatedOnSave() {
 		$this->assertEquals( '__old_cdn_url__', $validated['cdn_url'] );
 
 		self::$opts->set( 'cdn_url', null );
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[
 				'custom_cdn_url' => true,
 				'cdn_url'        => '',

diff --git a/tests/testOptionMigrationIps.php b/tests/testOptionMigrationIps.php
@@ -19,9 +19,9 @@ class TestOptionMigrationIps extends WP_Auth0_Test_Case {
 	use UsersHelper;
 
 	/**
-	 * Instance of WP_Auth0_Admin_Advanced.
+	 * Instance of WP_Auth0_Admin.
 	 *
-	 * @var WP_Auth0_Admin_Advanced
+	 * @var WP_Auth0_Admin
 	 */
 	public static $admin;
 
@@ -38,7 +38,7 @@ class TestOptionMigrationIps extends WP_Auth0_Test_Case {
 	public function setUp() {
 		parent::setUp();
 		$router         = new WP_Auth0_Routes( self::$opts );
-		self::$admin    = new WP_Auth0_Admin_Advanced( self::$opts, $router );
+		self::$admin    = new WP_Auth0_Admin( self::$opts, $router );
 		self::$ip_check = new WP_Auth0_Ip_Check();
 	}
 
@@ -49,10 +49,12 @@ public function testThatSettingsFieldRendersProperly() {
 			'label_for' => 'wpa0_migration_ws_ips',
 			'opt_name'  => 'migration_ips',
 		];
+		$router     = new WP_Auth0_Routes( self::$opts );
+		$admin      = new WP_Auth0_Admin_Advanced( self::$opts, $router );
 
 		// Get the field HTML.
 		ob_start();
-		self::$admin->render_migration_ws_ips( $field_args );
+		$admin->render_migration_ws_ips( $field_args );
 		$field_html = ob_get_clean();
 
 		$textarea = $this->getDomListFromTagName( $field_html, 'textarea' );
@@ -74,22 +76,22 @@ public function testThatSettingsFieldRendersProperly() {
 
 	public function testThatEmptyIpsAreValidatedToAnEmptyString() {
 		$input     = [ 'migration_ips' => 0 ];
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '', $validated['migration_ips'] );
 
 		$input     = [ 'migration_ips' => false ];
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '', $validated['migration_ips'] );
 
 		$input     = [ 'migration_ips' => null ];
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '', $validated['migration_ips'] );
 	}
 
 	public function testThatDuplicateIpsAreRemovedDuringValidation() {
 		$input = [ 'migration_ips' => '1.2.3.4, 2.3.4.5,1.2.3.4,3.4.5.6, 2.3.4.5' ];
 
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '1.2.3.4, 2.3.4.5, 3.4.5.6', $validated['migration_ips'] );
 	}
 
@@ -101,21 +103,21 @@ public function testThatExistingWhitelistIpsAreRemovedDuringValidation() {
 			'domain'        => 'test.eu.auth0.com',
 		];
 
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '4.5.6.7, 5.6.7.8', $validated['migration_ips'] );
 	}
 
 	public function testThatUnsafeValuesAreRemovedDuringValidation() {
 		$input = [ 'migration_ips' => '6.7.8.9,<script>alert("Hello")</script>,7.8.9.10' ];
 
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '6.7.8.9, 7.8.9.10', $validated['migration_ips'] );
 	}
 
 	public function testThatEmptyValuesAreRemovedDuringValidation() {
 		$input = [ 'migration_ips' => '8.9.10.11, , 9.10.11.12, 0' ];
 
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '8.9.10.11, 9.10.11.12', $validated['migration_ips'] );
 	}
 }