Skip to content

Commit

Permalink
Add settings validation to import settings
Browse files Browse the repository at this point in the history
  • Loading branch information
joshcanhelp committed Feb 4, 2020
1 parent 918d094 commit 2a9117d
Show file tree
Hide file tree
Showing 13 changed files with 184 additions and 94 deletions.
15 changes: 13 additions & 2 deletions lib/WP_Auth0_Import_Settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,19 @@ public function import_settings() {
exit;
}

foreach ( $settings as $key => $value ) {
$this->a0_options->set( $key, $value, false );
// Keep original settings keys so we only save imported values.
$settings_keys = array_keys( $settings );

$admin = new WP_Auth0_Admin( $this->a0_options, new WP_Auth0_Routes( $this->a0_options ) );

// Default setting values will be added to the array.
$settings_validated = $admin->input_validator( $settings );

foreach ( $settings_keys as $settings_key ) {
// Invalid settings keys are removed in WP_Auth0_Admin::input_validator().
if ( isset( $settings_validated[ $settings_key ] ) ) {
$this->a0_options->set( $settings_key, $settings_validated[ $settings_key ], false );
}
}

$this->a0_options->update_all();
Expand Down
30 changes: 19 additions & 11 deletions lib/admin/WP_Auth0_Admin.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,18 @@ class WP_Auth0_Admin {

protected $router;

protected $sections = [];
protected $sections;

public function __construct( WP_Auth0_Options $a0_options, WP_Auth0_Routes $router ) {
$this->a0_options = $a0_options;
$this->router = $router;

$this->sections = [
'basic' => new WP_Auth0_Admin_Basic( $this->a0_options ),
'features' => new WP_Auth0_Admin_Features( $this->a0_options ),
'appearance' => new WP_Auth0_Admin_Appearance( $this->a0_options ),
'advanced' => new WP_Auth0_Admin_Advanced( $this->a0_options, $this->router ),
];
}

/**
Expand Down Expand Up @@ -58,17 +65,10 @@ public function admin_enqueue() {
}

public function init_admin() {
$this->sections['basic'] = new WP_Auth0_Admin_Basic( $this->a0_options );
$this->sections['basic']->init();

$this->sections['features'] = new WP_Auth0_Admin_Features( $this->a0_options );
$this->sections['features']->init();

$this->sections['appearance'] = new WP_Auth0_Admin_Appearance( $this->a0_options );
$this->sections['appearance']->init();

$this->sections['advanced'] = new WP_Auth0_Admin_Advanced( $this->a0_options, $this->router );
$this->sections['advanced']->init();
foreach ( $this->sections as $name => $section ) {
$section->init();
}

register_setting(
$this->a0_options->get_options_name() . '_basic',
Expand All @@ -95,6 +95,14 @@ public function input_validator( array $input ) {
$input[ $key ] = $this->a0_options->get_constant_val( $key );
}

// Remove unknown keys.
$option_keys = $this->a0_options->get_defaults( true );
foreach ( $input as $key => $val ) {
if ( ! in_array( $key, $option_keys ) ) {
unset( $input[ $key ] );
}
}

foreach ( $this->sections as $name => $section ) {
$input = $section->input_validator( $input );
}
Expand Down
6 changes: 5 additions & 1 deletion templates/import_settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,11 @@
<form action="options.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="action" value="wpauth0_import_settings" />

<p class="a0-step-text top-margin"><?php _e( 'Paste the settings JSON in the field below:', 'wp-auth0' ); ?>
<p class="a0-step-text top-margin"><?php
_e( 'Paste the settings JSON in the field below. ', 'wp-auth0' );
_e( 'Settings that are not in the imported JSON will use existing values. ', 'wp-auth0' );
_e( 'Setting values will be validated so check the final values once import is complete. ', 'wp-auth0' );
?>
<div class="a0-step-text top-margin"><textarea name="settings-json" class="large-text code" rows="6"></textarea></div>

<div class="a0-buttons">
Expand Down
12 changes: 12 additions & 0 deletions templates/settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,18 @@

<?php settings_errors(); ?>

<?php if ( wp_auth0_get_option( 'client_id' ) ) : ?>
<a href="https://manage.auth0.com/#/applications/
<?php
echo esc_attr( wp_auth0_get_option( 'client_id' ) );
?>
" target="_blank">
<?php
_e( 'Manage this application at Auth0', 'wp-auth0' );
?>
</a>
<?php endif; ?>

<p class="nav nav-tabs" role="tablist">
<a id="tab-basic" href="#basic" class="js-a0-settings-tabs">
<?php _e( 'Basic', 'wp-auth0' ); ?>
Expand Down
9 changes: 0 additions & 9 deletions tests/testAdminAppearanceValidation.php
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,6 @@ class TestAdminAppearanceValidation extends WP_Auth0_Test_Case {
public static function setUpBeforeClass() {
parent::setUpBeforeClass();
self::$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
self::$admin->init_admin();
}

public static function tearDownAfterClass() {
parent::tearDownAfterClass();
unregister_setting(
'wp_auth0_settings_basic',
'wp_auth0_settings'
);
}

/**
Expand Down
9 changes: 0 additions & 9 deletions tests/testAdminBasicValidation.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,6 @@ class TestAdminBasicValidation extends WP_Auth0_Test_Case {
public static function setUpBeforeClass() {
parent::setUpBeforeClass();
self::$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
self::$admin->init_admin();
}

public static function tearDownAfterClass() {
parent::tearDownAfterClass();
unregister_setting(
'wp_auth0_settings_basic',
'wp_auth0_settings'
);
}

public function testThatDomainIsValidatedProperly() {
Expand Down
53 changes: 53 additions & 0 deletions tests/testImportExportSettings.php
Original file line number Diff line number Diff line change
Expand Up @@ -165,4 +165,57 @@ public function testThatSettingsAreUpdatedWithValidJson() {
$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
$this->assertEquals( 302, $redirect_data['status'] );
}

public function testThatImportedSettingsAreValidated() {
$this->startRedirectHalting();
$this->setGlobalUser();
$_POST['settings-json'] = '{"client_signing_algorithm":"__invalid_alg__"}';

try {
wp_auth0_import_settings_admin_action();
$redirect_data = [ 'location' => 'No redirect caught' ];
} catch ( Exception $e ) {
$redirect_data = unserialize( $e->getMessage() );
}

$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
$this->assertNotEquals( '__invalid_alg__', wp_auth0_get_option( 'client_signing_algorithm' ) );
}

public function testThatOnlyImportedSettingsAreSaved() {
$this->startRedirectHalting();
$this->setGlobalUser();
self::$opts->set( 'client_id', '__test_existing_client_id__' );
$_POST['settings-json'] = '{"domain":"__test_domain__"}';

try {
wp_auth0_import_settings_admin_action();
$redirect_data = [ 'location' => 'No redirect caught' ];
} catch ( Exception $e ) {
$redirect_data = unserialize( $e->getMessage() );
}

$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
$this->assertEquals( '__test_domain__', wp_auth0_get_option( 'domain' ) );
$this->assertEquals( '__test_existing_client_id__', wp_auth0_get_option( 'client_id' ) );
}

public function testThatUnknownImportedKeysAreRemoved() {
$this->startRedirectHalting();
$this->setGlobalUser();
$_POST['settings-json'] = '{"domain":"__test_domain__", "__invalid_key__": "__test_val__"}';

try {
wp_auth0_import_settings_admin_action();
$redirect_data = [ 'location' => 'No redirect caught' ];
} catch ( Exception $e ) {
$redirect_data = unserialize( $e->getMessage() );
}

$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );

$db_options = get_option( 'wp_auth0_settings' );
$this->assertEquals( '__test_domain__', $db_options['domain'] );
$this->assertArrayNotHasKey( '__invalid_key__', $db_options );
}
}
25 changes: 14 additions & 11 deletions tests/testOptionLockCdn.php
Original file line number Diff line number Diff line change
Expand Up @@ -139,36 +139,38 @@ public function testThatLockCdnUrlFieldDisplaysProperly() {
* Test that the Custom Lock CDN URL setting is validated properly.
*/
public function testThatCustomLockCdnIsValidatedOnSave() {
$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );

$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => false ] );
$validated = $admin->input_validator( [ 'custom_cdn_url' => false ] );
$this->assertEquals( false, $validated['custom_cdn_url'] );

$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => 0 ] );
$validated = $admin->input_validator( [ 'custom_cdn_url' => 0 ] );
$this->assertEquals( false, $validated['custom_cdn_url'] );

$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => 1 ] );
$validated = $admin->input_validator( [ 'custom_cdn_url' => 1 ] );
$this->assertEquals( true, $validated['custom_cdn_url'] );

$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => '1' ] );
$validated = $admin->input_validator( [ 'custom_cdn_url' => '1' ] );
$this->assertEquals( true, $validated['custom_cdn_url'] );

$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => uniqid() ] );
$validated = $admin->input_validator( [ 'custom_cdn_url' => uniqid() ] );
$this->assertEquals( false, $validated['custom_cdn_url'] );
}

/**
* Test that the Custom Lock CDN URL setting does not change the Lock CDN URL.
*/
public function testThatCustomLockCdnDoesNotChangeSavedCdnUrl() {
$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );

$validated = self::$admin->basic_validation(
$validated = $admin->input_validator(
[
'cdn_url' => WPA0_LOCK_CDN_URL,
]
);
$this->assertEquals( WPA0_LOCK_CDN_URL, $validated['cdn_url'] );

$validated = self::$admin->basic_validation(
$validated = $admin->input_validator(
[
'custom_cdn_url' => '1',
'cdn_url' => WPA0_LOCK_CDN_URL,
Expand All @@ -181,17 +183,18 @@ public function testThatCustomLockCdnDoesNotChangeSavedCdnUrl() {
* Test that the Lock CDN URL setting is validated properly.
*/
public function testThatLockCdnUrlIsValidatedOnSave() {
$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );

$validated = self::$admin->basic_validation(
$validated = $admin->input_validator(
[ 'cdn_url' => WPA0_LOCK_CDN_URL ]
);
$this->assertEquals( WPA0_LOCK_CDN_URL, $validated['cdn_url'] );

$validated = self::$admin->basic_validation( [ 'cdn_url' => ' ' . WPA0_LOCK_CDN_URL . ' ' ] );
$validated = $admin->input_validator( [ 'cdn_url' => ' ' . WPA0_LOCK_CDN_URL . ' ' ] );
$this->assertEquals( WPA0_LOCK_CDN_URL, $validated['cdn_url'] );

self::$opts->set( 'cdn_url', '__old_cdn_url__' );
$validated = self::$admin->basic_validation(
$validated = $admin->input_validator(
[
'custom_cdn_url' => true,
'cdn_url' => '__invalid_cdn_url__',
Expand All @@ -200,7 +203,7 @@ public function testThatLockCdnUrlIsValidatedOnSave() {
$this->assertEquals( '__old_cdn_url__', $validated['cdn_url'] );

self::$opts->set( 'cdn_url', null );
$validated = self::$admin->basic_validation(
$validated = $admin->input_validator(
[
'custom_cdn_url' => true,
'cdn_url' => '',
Expand Down
24 changes: 13 additions & 11 deletions tests/testOptionMigrationIps.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@ class TestOptionMigrationIps extends WP_Auth0_Test_Case {
use UsersHelper;

/**
* Instance of WP_Auth0_Admin_Advanced.
* Instance of WP_Auth0_Admin.
*
* @var WP_Auth0_Admin_Advanced
* @var WP_Auth0_Admin
*/
public static $admin;

Expand All @@ -38,7 +38,7 @@ class TestOptionMigrationIps extends WP_Auth0_Test_Case {
public function setUp() {
parent::setUp();
$router = new WP_Auth0_Routes( self::$opts );
self::$admin = new WP_Auth0_Admin_Advanced( self::$opts, $router );
self::$admin = new WP_Auth0_Admin( self::$opts, $router );
self::$ip_check = new WP_Auth0_Ip_Check();
}

Expand All @@ -49,10 +49,12 @@ public function testThatSettingsFieldRendersProperly() {
'label_for' => 'wpa0_migration_ws_ips',
'opt_name' => 'migration_ips',
];
$router = new WP_Auth0_Routes( self::$opts );
$admin = new WP_Auth0_Admin_Advanced( self::$opts, $router );

// Get the field HTML.
ob_start();
self::$admin->render_migration_ws_ips( $field_args );
$admin->render_migration_ws_ips( $field_args );
$field_html = ob_get_clean();

$textarea = $this->getDomListFromTagName( $field_html, 'textarea' );
Expand All @@ -74,22 +76,22 @@ public function testThatSettingsFieldRendersProperly() {

public function testThatEmptyIpsAreValidatedToAnEmptyString() {
$input = [ 'migration_ips' => 0 ];
$validated = self::$admin->migration_ips_validation( $input );
$validated = self::$admin->input_validator( $input );
$this->assertEquals( '', $validated['migration_ips'] );

$input = [ 'migration_ips' => false ];
$validated = self::$admin->migration_ips_validation( $input );
$validated = self::$admin->input_validator( $input );
$this->assertEquals( '', $validated['migration_ips'] );

$input = [ 'migration_ips' => null ];
$validated = self::$admin->migration_ips_validation( $input );
$validated = self::$admin->input_validator( $input );
$this->assertEquals( '', $validated['migration_ips'] );
}

public function testThatDuplicateIpsAreRemovedDuringValidation() {
$input = [ 'migration_ips' => '1.2.3.4, 2.3.4.5,1.2.3.4,3.4.5.6, 2.3.4.5' ];

$validated = self::$admin->migration_ips_validation( $input );
$validated = self::$admin->input_validator( $input );
$this->assertEquals( '1.2.3.4, 2.3.4.5, 3.4.5.6', $validated['migration_ips'] );
}

Expand All @@ -101,21 +103,21 @@ public function testThatExistingWhitelistIpsAreRemovedDuringValidation() {
'domain' => 'test.eu.auth0.com',
];

$validated = self::$admin->migration_ips_validation( $input );
$validated = self::$admin->input_validator( $input );
$this->assertEquals( '4.5.6.7, 5.6.7.8', $validated['migration_ips'] );
}

public function testThatUnsafeValuesAreRemovedDuringValidation() {
$input = [ 'migration_ips' => '6.7.8.9,<script>alert("Hello")</script>,7.8.9.10' ];

$validated = self::$admin->migration_ips_validation( $input );
$validated = self::$admin->input_validator( $input );
$this->assertEquals( '6.7.8.9, 7.8.9.10', $validated['migration_ips'] );
}

public function testThatEmptyValuesAreRemovedDuringValidation() {
$input = [ 'migration_ips' => '8.9.10.11, , 9.10.11.12, 0' ];

$validated = self::$admin->migration_ips_validation( $input );
$validated = self::$admin->input_validator( $input );
$this->assertEquals( '8.9.10.11, 9.10.11.12', $validated['migration_ips'] );
}
}
Loading

0 comments on commit 2a9117d

Please sign in to comment.