From 2a9117dcdf06f103d7880dc1724a2cb7dd803142 Mon Sep 17 00:00:00 2001
From: Josh Cunningham <josh@joshcanhelp.com>
Date: Mon, 3 Feb 2020 16:31:49 -0800
Subject: [PATCH] Add settings validation to import settings

---
 lib/WP_Auth0_Import_Settings.php        | 15 ++++++-
 lib/admin/WP_Auth0_Admin.php            | 30 +++++++++-----
 templates/import_settings.php           |  6 ++-
 templates/settings.php                  | 12 ++++++
 tests/testAdminAppearanceValidation.php |  9 -----
 tests/testAdminBasicValidation.php      |  9 -----
 tests/testImportExportSettings.php      | 53 +++++++++++++++++++++++++
 tests/testOptionLockCdn.php             | 25 +++++++-----
 tests/testOptionMigrationIps.php        | 24 ++++++-----
 tests/testOptionMigrationWs.php         | 27 ++++++++-----
 tests/testOptionSlo.php                 | 21 +++++-----
 tests/testOptionWle.php                 | 22 +++++-----
 tests/testRequiredEmail.php             | 25 +++++++-----
 13 files changed, 184 insertions(+), 94 deletions(-)

diff --git a/lib/WP_Auth0_Import_Settings.php b/lib/WP_Auth0_Import_Settings.php
index 32959510..e679cc4e 100644
--- a/lib/WP_Auth0_Import_Settings.php
+++ b/lib/WP_Auth0_Import_Settings.php
@@ -31,8 +31,19 @@ public function import_settings() {
 			exit;
 		}
 
-		foreach ( $settings as $key => $value ) {
-			$this->a0_options->set( $key, $value, false );
+		// Keep original settings keys so we only save imported values.
+		$settings_keys = array_keys( $settings );
+
+		$admin              = new WP_Auth0_Admin( $this->a0_options, new WP_Auth0_Routes( $this->a0_options ) );
+
+		// Default setting values will be added to the array.
+		$settings_validated = $admin->input_validator( $settings );
+
+		foreach ( $settings_keys as $settings_key ) {
+			// Invalid settings keys are removed in WP_Auth0_Admin::input_validator().
+			if ( isset( $settings_validated[ $settings_key ] ) ) {
+				$this->a0_options->set( $settings_key, $settings_validated[ $settings_key ], false );
+			}
 		}
 
 		$this->a0_options->update_all();
diff --git a/lib/admin/WP_Auth0_Admin.php b/lib/admin/WP_Auth0_Admin.php
index a032fff0..b83fde21 100755
--- a/lib/admin/WP_Auth0_Admin.php
+++ b/lib/admin/WP_Auth0_Admin.php
@@ -6,11 +6,18 @@ class WP_Auth0_Admin {
 
 	protected $router;
 
-	protected $sections = [];
+	protected $sections;
 
 	public function __construct( WP_Auth0_Options $a0_options, WP_Auth0_Routes $router ) {
 		$this->a0_options = $a0_options;
 		$this->router     = $router;
+
+		$this->sections = [
+			'basic'      => new WP_Auth0_Admin_Basic( $this->a0_options ),
+			'features'   => new WP_Auth0_Admin_Features( $this->a0_options ),
+			'appearance' => new WP_Auth0_Admin_Appearance( $this->a0_options ),
+			'advanced'   => new WP_Auth0_Admin_Advanced( $this->a0_options, $this->router ),
+		];
 	}
 
 	/**
@@ -58,17 +65,10 @@ public function admin_enqueue() {
 	}
 
 	public function init_admin() {
-		$this->sections['basic'] = new WP_Auth0_Admin_Basic( $this->a0_options );
-		$this->sections['basic']->init();
-
-		$this->sections['features'] = new WP_Auth0_Admin_Features( $this->a0_options );
-		$this->sections['features']->init();
 
-		$this->sections['appearance'] = new WP_Auth0_Admin_Appearance( $this->a0_options );
-		$this->sections['appearance']->init();
-
-		$this->sections['advanced'] = new WP_Auth0_Admin_Advanced( $this->a0_options, $this->router );
-		$this->sections['advanced']->init();
+		foreach ( $this->sections as $name => $section ) {
+			$section->init();
+		}
 
 		register_setting(
 			$this->a0_options->get_options_name() . '_basic',
@@ -95,6 +95,14 @@ public function input_validator( array $input ) {
 			$input[ $key ] = $this->a0_options->get_constant_val( $key );
 		}
 
+		// Remove unknown keys.
+		$option_keys = $this->a0_options->get_defaults( true );
+		foreach ( $input as $key => $val ) {
+			if ( ! in_array( $key, $option_keys ) ) {
+				unset( $input[ $key ] );
+			}
+		}
+
 		foreach ( $this->sections as $name => $section ) {
 			$input = $section->input_validator( $input );
 		}
diff --git a/templates/import_settings.php b/templates/import_settings.php
index 413ab167..06354073 100644
--- a/templates/import_settings.php
+++ b/templates/import_settings.php
@@ -28,7 +28,11 @@
 		  <form action="options.php" method="post" enctype="multipart/form-data">
 			<input type="hidden" name="action" value="wpauth0_import_settings" />
 
-			  <p class="a0-step-text top-margin"><?php _e( 'Paste the settings JSON in the field below:', 'wp-auth0' ); ?>
+			  <p class="a0-step-text top-margin"><?php
+					  _e( 'Paste the settings JSON in the field below. ', 'wp-auth0' );
+					  _e( 'Settings that are not in the imported JSON will use existing values. ', 'wp-auth0' );
+					  _e( 'Setting values will be validated so check the final values once import is complete. ', 'wp-auth0' );
+					  ?>
 			  <div class="a0-step-text top-margin"><textarea name="settings-json" class="large-text code" rows="6"></textarea></div>
 
 			<div class="a0-buttons">
diff --git a/templates/settings.php b/templates/settings.php
index d9f52e95..40274255 100644
--- a/templates/settings.php
+++ b/templates/settings.php
@@ -6,6 +6,18 @@
 
 			<?php settings_errors(); ?>
 
+		<?php if ( wp_auth0_get_option( 'client_id' ) ) : ?>
+		<a href="https://manage.auth0.com/#/applications/
+			<?php
+			echo esc_attr( wp_auth0_get_option( 'client_id' ) );
+			?>
+			" target="_blank">
+			<?php
+			_e( 'Manage this application at Auth0', 'wp-auth0' );
+			?>
+			</a>
+		<?php endif; ?>
+
 			<p class="nav nav-tabs" role="tablist">
 					<a id="tab-basic" href="#basic" class="js-a0-settings-tabs">
 						<?php _e( 'Basic', 'wp-auth0' ); ?>
diff --git a/tests/testAdminAppearanceValidation.php b/tests/testAdminAppearanceValidation.php
index a07b7e91..e1d49acd 100644
--- a/tests/testAdminAppearanceValidation.php
+++ b/tests/testAdminAppearanceValidation.php
@@ -25,15 +25,6 @@ class TestAdminAppearanceValidation extends WP_Auth0_Test_Case {
 	public static function setUpBeforeClass() {
 		parent::setUpBeforeClass();
 		self::$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
-		self::$admin->init_admin();
-	}
-
-	public static function tearDownAfterClass() {
-		parent::tearDownAfterClass();
-		unregister_setting(
-			'wp_auth0_settings_basic',
-			'wp_auth0_settings'
-		);
 	}
 
 	/**
diff --git a/tests/testAdminBasicValidation.php b/tests/testAdminBasicValidation.php
index 951389a3..960201ac 100644
--- a/tests/testAdminBasicValidation.php
+++ b/tests/testAdminBasicValidation.php
@@ -34,15 +34,6 @@ class TestAdminBasicValidation extends WP_Auth0_Test_Case {
 	public static function setUpBeforeClass() {
 		parent::setUpBeforeClass();
 		self::$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
-		self::$admin->init_admin();
-	}
-
-	public static function tearDownAfterClass() {
-		parent::tearDownAfterClass();
-		unregister_setting(
-			'wp_auth0_settings_basic',
-			'wp_auth0_settings'
-		);
 	}
 
 	public function testThatDomainIsValidatedProperly() {
diff --git a/tests/testImportExportSettings.php b/tests/testImportExportSettings.php
index 4ef0bff3..19474345 100644
--- a/tests/testImportExportSettings.php
+++ b/tests/testImportExportSettings.php
@@ -165,4 +165,57 @@ public function testThatSettingsAreUpdatedWithValidJson() {
 		$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
 		$this->assertEquals( 302, $redirect_data['status'] );
 	}
+
+	public function testThatImportedSettingsAreValidated() {
+		$this->startRedirectHalting();
+		$this->setGlobalUser();
+		$_POST['settings-json'] = '{"client_signing_algorithm":"__invalid_alg__"}';
+
+		try {
+			wp_auth0_import_settings_admin_action();
+			$redirect_data = [ 'location' => 'No redirect caught' ];
+		} catch ( Exception $e ) {
+			$redirect_data = unserialize( $e->getMessage() );
+		}
+
+		$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
+		$this->assertNotEquals( '__invalid_alg__', wp_auth0_get_option( 'client_signing_algorithm' ) );
+	}
+
+	public function testThatOnlyImportedSettingsAreSaved() {
+		$this->startRedirectHalting();
+		$this->setGlobalUser();
+		self::$opts->set( 'client_id', '__test_existing_client_id__' );
+		$_POST['settings-json'] = '{"domain":"__test_domain__"}';
+
+		try {
+			wp_auth0_import_settings_admin_action();
+			$redirect_data = [ 'location' => 'No redirect caught' ];
+		} catch ( Exception $e ) {
+			$redirect_data = unserialize( $e->getMessage() );
+		}
+
+		$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
+		$this->assertEquals( '__test_domain__', wp_auth0_get_option( 'domain' ) );
+		$this->assertEquals( '__test_existing_client_id__', wp_auth0_get_option( 'client_id' ) );
+	}
+
+	public function testThatUnknownImportedKeysAreRemoved() {
+		$this->startRedirectHalting();
+		$this->setGlobalUser();
+		$_POST['settings-json'] = '{"domain":"__test_domain__", "__invalid_key__": "__test_val__"}';
+
+		try {
+			wp_auth0_import_settings_admin_action();
+			$redirect_data = [ 'location' => 'No redirect caught' ];
+		} catch ( Exception $e ) {
+			$redirect_data = unserialize( $e->getMessage() );
+		}
+
+		$this->assertEquals( 'http://example.org/wp-admin/admin.php?page=wpa0', $redirect_data['location'] );
+
+		$db_options = get_option( 'wp_auth0_settings' );
+		$this->assertEquals( '__test_domain__', $db_options['domain'] );
+		$this->assertArrayNotHasKey( '__invalid_key__', $db_options );
+	}
 }
diff --git a/tests/testOptionLockCdn.php b/tests/testOptionLockCdn.php
index 04e698b8..a7584dca 100644
--- a/tests/testOptionLockCdn.php
+++ b/tests/testOptionLockCdn.php
@@ -139,20 +139,21 @@ public function testThatLockCdnUrlFieldDisplaysProperly() {
 	 * Test that the Custom Lock CDN URL setting is validated properly.
 	 */
 	public function testThatCustomLockCdnIsValidatedOnSave() {
+		$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => false ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => false ] );
 		$this->assertEquals( false, $validated['custom_cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => 0 ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => 0 ] );
 		$this->assertEquals( false, $validated['custom_cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => 1 ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => 1 ] );
 		$this->assertEquals( true, $validated['custom_cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => '1' ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => '1' ] );
 		$this->assertEquals( true, $validated['custom_cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'custom_cdn_url' => uniqid() ] );
+		$validated = $admin->input_validator( [ 'custom_cdn_url' => uniqid() ] );
 		$this->assertEquals( false, $validated['custom_cdn_url'] );
 	}
 
@@ -160,15 +161,16 @@ public function testThatCustomLockCdnIsValidatedOnSave() {
 	 * Test that the Custom Lock CDN URL setting does not change the Lock CDN URL.
 	 */
 	public function testThatCustomLockCdnDoesNotChangeSavedCdnUrl() {
+		$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
 
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[
 				'cdn_url' => WPA0_LOCK_CDN_URL,
 			]
 		);
 		$this->assertEquals( WPA0_LOCK_CDN_URL, $validated['cdn_url'] );
 
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[
 				'custom_cdn_url' => '1',
 				'cdn_url'        => WPA0_LOCK_CDN_URL,
@@ -181,17 +183,18 @@ public function testThatCustomLockCdnDoesNotChangeSavedCdnUrl() {
 	 * Test that the Lock CDN URL setting is validated properly.
 	 */
 	public function testThatLockCdnUrlIsValidatedOnSave() {
+		$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
 
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[ 'cdn_url' => WPA0_LOCK_CDN_URL ]
 		);
 		$this->assertEquals( WPA0_LOCK_CDN_URL, $validated['cdn_url'] );
 
-		$validated = self::$admin->basic_validation( [ 'cdn_url' => ' ' . WPA0_LOCK_CDN_URL . ' ' ] );
+		$validated = $admin->input_validator( [ 'cdn_url' => ' ' . WPA0_LOCK_CDN_URL . ' ' ] );
 		$this->assertEquals( WPA0_LOCK_CDN_URL, $validated['cdn_url'] );
 
 		self::$opts->set( 'cdn_url', '__old_cdn_url__' );
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[
 				'custom_cdn_url' => true,
 				'cdn_url'        => '__invalid_cdn_url__',
@@ -200,7 +203,7 @@ public function testThatLockCdnUrlIsValidatedOnSave() {
 		$this->assertEquals( '__old_cdn_url__', $validated['cdn_url'] );
 
 		self::$opts->set( 'cdn_url', null );
-		$validated = self::$admin->basic_validation(
+		$validated = $admin->input_validator(
 			[
 				'custom_cdn_url' => true,
 				'cdn_url'        => '',
diff --git a/tests/testOptionMigrationIps.php b/tests/testOptionMigrationIps.php
index 3bd7077a..4cae5604 100644
--- a/tests/testOptionMigrationIps.php
+++ b/tests/testOptionMigrationIps.php
@@ -19,9 +19,9 @@ class TestOptionMigrationIps extends WP_Auth0_Test_Case {
 	use UsersHelper;
 
 	/**
-	 * Instance of WP_Auth0_Admin_Advanced.
+	 * Instance of WP_Auth0_Admin.
 	 *
-	 * @var WP_Auth0_Admin_Advanced
+	 * @var WP_Auth0_Admin
 	 */
 	public static $admin;
 
@@ -38,7 +38,7 @@ class TestOptionMigrationIps extends WP_Auth0_Test_Case {
 	public function setUp() {
 		parent::setUp();
 		$router         = new WP_Auth0_Routes( self::$opts );
-		self::$admin    = new WP_Auth0_Admin_Advanced( self::$opts, $router );
+		self::$admin    = new WP_Auth0_Admin( self::$opts, $router );
 		self::$ip_check = new WP_Auth0_Ip_Check();
 	}
 
@@ -49,10 +49,12 @@ public function testThatSettingsFieldRendersProperly() {
 			'label_for' => 'wpa0_migration_ws_ips',
 			'opt_name'  => 'migration_ips',
 		];
+		$router     = new WP_Auth0_Routes( self::$opts );
+		$admin      = new WP_Auth0_Admin_Advanced( self::$opts, $router );
 
 		// Get the field HTML.
 		ob_start();
-		self::$admin->render_migration_ws_ips( $field_args );
+		$admin->render_migration_ws_ips( $field_args );
 		$field_html = ob_get_clean();
 
 		$textarea = $this->getDomListFromTagName( $field_html, 'textarea' );
@@ -74,22 +76,22 @@ public function testThatSettingsFieldRendersProperly() {
 
 	public function testThatEmptyIpsAreValidatedToAnEmptyString() {
 		$input     = [ 'migration_ips' => 0 ];
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '', $validated['migration_ips'] );
 
 		$input     = [ 'migration_ips' => false ];
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '', $validated['migration_ips'] );
 
 		$input     = [ 'migration_ips' => null ];
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '', $validated['migration_ips'] );
 	}
 
 	public function testThatDuplicateIpsAreRemovedDuringValidation() {
 		$input = [ 'migration_ips' => '1.2.3.4, 2.3.4.5,1.2.3.4,3.4.5.6, 2.3.4.5' ];
 
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '1.2.3.4, 2.3.4.5, 3.4.5.6', $validated['migration_ips'] );
 	}
 
@@ -101,21 +103,21 @@ public function testThatExistingWhitelistIpsAreRemovedDuringValidation() {
 			'domain'        => 'test.eu.auth0.com',
 		];
 
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '4.5.6.7, 5.6.7.8', $validated['migration_ips'] );
 	}
 
 	public function testThatUnsafeValuesAreRemovedDuringValidation() {
 		$input = [ 'migration_ips' => '6.7.8.9,<script>alert("Hello")</script>,7.8.9.10' ];
 
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '6.7.8.9, 7.8.9.10', $validated['migration_ips'] );
 	}
 
 	public function testThatEmptyValuesAreRemovedDuringValidation() {
 		$input = [ 'migration_ips' => '8.9.10.11, , 9.10.11.12, 0' ];
 
-		$validated = self::$admin->migration_ips_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 		$this->assertEquals( '8.9.10.11, 9.10.11.12', $validated['migration_ips'] );
 	}
 }
diff --git a/tests/testOptionMigrationWs.php b/tests/testOptionMigrationWs.php
index 810b2955..bf4ff253 100644
--- a/tests/testOptionMigrationWs.php
+++ b/tests/testOptionMigrationWs.php
@@ -21,9 +21,9 @@ class TestOptionMigrationWs extends WP_Auth0_Test_Case {
 	use UsersHelper;
 
 	/**
-	 * Instance of WP_Auth0_Admin_Advanced.
+	 * Instance of WP_Auth0_Admin.
 	 *
-	 * @var WP_Auth0_Admin_Advanced
+	 * @var WP_Auth0_Admin
 	 */
 	public static $admin;
 
@@ -33,7 +33,7 @@ class TestOptionMigrationWs extends WP_Auth0_Test_Case {
 	public function setUp() {
 		parent::setUp();
 		$router      = new WP_Auth0_Routes( self::$opts );
-		self::$admin = new WP_Auth0_Admin_Advanced( self::$opts, $router );
+		self::$admin = new WP_Auth0_Admin( self::$opts, $router );
 	}
 
 	/**
@@ -44,10 +44,12 @@ public function testThatSettingsFieldRendersProperly() {
 			'label_for' => 'wpa0_migration_ws',
 			'opt_name'  => 'migration_ws',
 		];
+		$router     = new WP_Auth0_Routes( self::$opts );
+		$admin      = new WP_Auth0_Admin_Advanced( self::$opts, $router );
 
 		// Get the field HTML.
 		ob_start();
-		self::$admin->render_migration_ws( $field_args );
+		$admin->render_migration_ws( $field_args );
 		$field_html = ob_get_clean();
 
 		$input = $this->getDomListFromTagName( $field_html, 'input' );
@@ -68,12 +70,14 @@ public function testThatCorrectFieldDocsShowWhenMigrationIsOff() {
 			'label_for' => 'wpa0_migration_ws',
 			'opt_name'  => 'migration_ws',
 		];
+		$router     = new WP_Auth0_Routes( self::$opts );
+		$admin      = new WP_Auth0_Admin_Advanced( self::$opts, $router );
 
 		$this->assertFalse( self::$opts->get( $field_args['opt_name'] ) );
 
 		// Get the field HTML.
 		ob_start();
-		self::$admin->render_migration_ws( $field_args );
+		$admin->render_migration_ws( $field_args );
 		$field_html = ob_get_clean();
 
 		$this->assertContains( 'User migration endpoints deactivated', $field_html );
@@ -92,9 +96,12 @@ public function testThatCorrectFieldDocsShowWhenMigrationIsOn() {
 
 		self::$opts->set( $field_args['opt_name'], 1 );
 
+		$router = new WP_Auth0_Routes( self::$opts );
+		$admin  = new WP_Auth0_Admin_Advanced( self::$opts, $router );
+
 		// Get the field HTML.
 		ob_start();
-		self::$admin->render_migration_ws( $field_args );
+		$admin->render_migration_ws( $field_args );
 		$field_html = ob_get_clean();
 
 		$this->assertContains( 'User migration endpoints activated', $field_html );
@@ -128,7 +135,7 @@ public function testThatChangingMigrationToOffKeepsTokenData() {
 		$input     = [
 			'migration_token_id' => 'existing_token_id',
 		];
-		$validated = self::$admin->migration_ws_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 
 		$this->assertArrayHasKey( 'migration_ws', $validated );
 		$this->assertEmpty( $validated['migration_ws'] );
@@ -146,7 +153,7 @@ public function testThatChangingMigrationToOnKeepsToken() {
 			'client_secret' => '__test_client_secret__',
 		];
 
-		$validated = self::$admin->migration_ws_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 
 		$this->assertEquals( 'new_token', $validated['migration_token'] );
 		$this->assertNull( $validated['migration_token_id'] );
@@ -165,7 +172,7 @@ public function testThatChangingMigrationToOnKeepsWithJwtSetsId() {
 			'client_secret' => $client_secret,
 		];
 
-		$validated = self::$admin->migration_ws_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 
 		$this->assertEquals( $input['migration_ws'], $validated['migration_ws'] );
 		$this->assertEquals( $migration_token, $validated['migration_token'] );
@@ -178,7 +185,7 @@ public function testThatChangingMigrationToOnKeepsWithJwtSetsId() {
 	public function testThatChangingMigrationToOnGeneratesNewToken() {
 		$input = [ 'migration_ws' => '1' ];
 
-		$validated = self::$admin->migration_ws_validation( $input );
+		$validated = self::$admin->input_validator( $input );
 
 		$this->assertGreaterThan( 64, strlen( $validated['migration_token'] ) );
 		$this->assertNull( $validated['migration_token_id'] );
diff --git a/tests/testOptionSlo.php b/tests/testOptionSlo.php
index 29ff4b2a..5ab2a400 100644
--- a/tests/testOptionSlo.php
+++ b/tests/testOptionSlo.php
@@ -16,9 +16,9 @@ class TestOptionSlo extends WP_Auth0_Test_Case {
 	use DomDocumentHelpers;
 
 	/**
-	 * WP_Auth0_Admin_Features instance.
+	 * WP_Auth0_Admin instance.
 	 *
-	 * @var WP_Auth0_Admin_Features
+	 * @var WP_Auth0_Admin
 	 */
 	public static $admin;
 
@@ -27,13 +27,14 @@ class TestOptionSlo extends WP_Auth0_Test_Case {
 	 */
 	public static function setUpBeforeClass() {
 		parent::setUpBeforeClass();
-		self::$admin = new WP_Auth0_Admin_Features( self::$opts );
+		self::$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
 	}
 
 	/**
 	 * Test the input HTML for the custom domain setting.
 	 */
 	public function testSloFieldOutput() {
+		$admin      = new WP_Auth0_Admin_Features( self::$opts );
 		$field_args = [
 			'label_for' => 'wpa0_singlelogout',
 			'opt_name'  => 'singlelogout',
@@ -41,7 +42,7 @@ public function testSloFieldOutput() {
 
 		// Get the field HTML.
 		ob_start();
-		self::$admin->render_singlelogout( $field_args );
+		$admin->render_singlelogout( $field_args );
 		$field_html = ob_get_clean();
 
 		// Check field HTML for required attributes.
@@ -74,22 +75,22 @@ public function testSloFieldOutput() {
 	 * See testThatSloIsTurnedOffIfSsoIsOff for tests regarding that behavior.
 	 */
 	public function testThatSloIsValidatedOnSave() {
-		$validated = self::$admin->basic_validation( [ 'singlelogout' => false ] );
+		$validated = self::$admin->input_validator( [ 'singlelogout' => false ] );
 		$this->assertEquals( false, $validated['singlelogout'] );
 
-		$validated = self::$admin->basic_validation( [ 'singlelogout' => 0 ] );
+		$validated = self::$admin->input_validator( [ 'singlelogout' => 0 ] );
 		$this->assertEquals( false, $validated['singlelogout'] );
 
-		$validated = self::$admin->basic_validation( [ 'singlelogout' => 1 ] );
+		$validated = self::$admin->input_validator( [ 'singlelogout' => 1 ] );
 		$this->assertEquals( true, $validated['singlelogout'] );
 
-		$validated = self::$admin->basic_validation( [ 'singlelogout' => '1' ] );
+		$validated = self::$admin->input_validator( [ 'singlelogout' => '1' ] );
 		$this->assertEquals( true, $validated['singlelogout'] );
 
-		$validated = self::$admin->basic_validation( [] );
+		$validated = self::$admin->input_validator( [] );
 		$this->assertEquals( false, $validated['singlelogout'] );
 
-		$validated = self::$admin->basic_validation( [ 'singlelogout' => uniqid() ] );
+		$validated = self::$admin->input_validator( [ 'singlelogout' => uniqid() ] );
 		$this->assertEquals( false, $validated['singlelogout'] );
 	}
 }
diff --git a/tests/testOptionWle.php b/tests/testOptionWle.php
index e17a4122..8792862b 100644
--- a/tests/testOptionWle.php
+++ b/tests/testOptionWle.php
@@ -132,22 +132,24 @@ public function testThatWleSettingRendersProperlyWhenChanged() {
 	 * Test that wordpress_login_enabled is validated properly on save.
 	 */
 	public function testThatWleIsValiatedOnSave() {
-		$validated = self::$admin->basic_validation( [ 'wordpress_login_enabled' => 'link' ] );
+		$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
+
+		$validated = $admin->input_validator( [ 'wordpress_login_enabled' => 'link' ] );
 		$this->assertEquals( 'link', $validated['wordpress_login_enabled'] );
 
-		$validated = self::$admin->basic_validation( [ 'wordpress_login_enabled' => 'isset' ] );
+		$validated = $admin->input_validator( [ 'wordpress_login_enabled' => 'isset' ] );
 		$this->assertEquals( 'isset', $validated['wordpress_login_enabled'] );
 
-		$validated = self::$admin->basic_validation( [ 'wordpress_login_enabled' => 'code' ] );
+		$validated = $admin->input_validator( [ 'wordpress_login_enabled' => 'code' ] );
 		$this->assertEquals( 'code', $validated['wordpress_login_enabled'] );
 
-		$validated = self::$admin->basic_validation( [ 'wordpress_login_enabled' => 'no' ] );
+		$validated = $admin->input_validator( [ 'wordpress_login_enabled' => 'no' ] );
 		$this->assertEquals( 'no', $validated['wordpress_login_enabled'] );
 
-		$validated = self::$admin->basic_validation( [ 'wordpress_login_enabled' => uniqid() ] );
+		$validated = $admin->input_validator( [ 'wordpress_login_enabled' => uniqid() ] );
 		$this->assertEquals( 'link', $validated['wordpress_login_enabled'] );
 
-		$validated = self::$admin->basic_validation( [ 'wordpress_login_enabled' => false ] );
+		$validated = $admin->input_validator( [ 'wordpress_login_enabled' => false ] );
 		$this->assertEquals( 'link', $validated['wordpress_login_enabled'] );
 	}
 
@@ -155,17 +157,19 @@ public function testThatWleIsValiatedOnSave() {
 	 * Test that wle_code is validated properly on save.
 	 */
 	public function testThatWleCodeIsKeptIfSavedGeneratedIfEmpty() {
+		$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
+
 		$wle_code = uniqid();
 		self::$opts->set( 'wle_code', $wle_code );
-		$validated = self::$admin->basic_validation( [ 'wordpress_login_enabled' => uniqid() ] );
+		$validated = $admin->input_validator( [ 'wordpress_login_enabled' => uniqid() ] );
 		$this->assertEquals( $wle_code, $validated['wle_code'] );
 
 		self::$opts->set( 'wle_code', null );
-		$validated = self::$admin->basic_validation( [ 'wordpress_login_enabled' => uniqid() ] );
+		$validated = $admin->input_validator( [ 'wordpress_login_enabled' => uniqid() ] );
 		$this->assertGreaterThan( 24, strlen( $validated['wle_code'] ) );
 
 		self::$opts->set( 'wle_code', '' );
-		$validated = self::$admin->basic_validation( [ 'wordpress_login_enabled' => uniqid() ] );
+		$validated = $admin->input_validator( [ 'wordpress_login_enabled' => uniqid() ] );
 		$this->assertGreaterThan( 24, strlen( $validated['wle_code'] ) );
 	}
 }
diff --git a/tests/testRequiredEmail.php b/tests/testRequiredEmail.php
index e0c139cc..ce20d4d7 100644
--- a/tests/testRequiredEmail.php
+++ b/tests/testRequiredEmail.php
@@ -73,22 +73,24 @@ public function testRequiredEmailFieldOutput() {
 	 * Test that the required email field is properly validated.
 	 */
 	public function testRequiredEmailValidation() {
-		$validated_opts = self::$admin->basic_validation( [ 'requires_verified_email' => '1' ] );
+		$admin = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
+
+		$validated_opts = $admin->input_validator( [ 'requires_verified_email' => '1' ] );
 		$this->assertEquals( true, $validated_opts['requires_verified_email'] );
 
-		$validated_opts = self::$admin->basic_validation( [ 'requires_verified_email' => 1 ] );
+		$validated_opts = $admin->input_validator( [ 'requires_verified_email' => 1 ] );
 		$this->assertEquals( true, $validated_opts['requires_verified_email'] );
 
-		$validated_opts = self::$admin->basic_validation( [ 'requires_verified_email' => true ] );
+		$validated_opts = $admin->input_validator( [ 'requires_verified_email' => true ] );
 		$this->assertEquals( true, $validated_opts['requires_verified_email'] );
 
-		$validated_opts = self::$admin->basic_validation( [] );
+		$validated_opts = $admin->input_validator( [] );
 		$this->assertEquals( false, $validated_opts['requires_verified_email'] );
 
-		$validated_opts = self::$admin->basic_validation( [ 'requires_verified_email' => 0 ] );
+		$validated_opts = $admin->input_validator( [ 'requires_verified_email' => 0 ] );
 		$this->assertEquals( false, $validated_opts['requires_verified_email'] );
 
-		$validated_opts = self::$admin->basic_validation( [ 'requires_verified_email' => '' ] );
+		$validated_opts = $admin->input_validator( [ 'requires_verified_email' => '' ] );
 		$this->assertEquals( false, $validated_opts['requires_verified_email'] );
 	}
 
@@ -135,20 +137,21 @@ public function testSkipStrategiesFieldOutput() {
 	 */
 	public function testSkipRequiredEmailValidation() {
 		$opt_name = 'skip_strategies';
+		$admin    = new WP_Auth0_Admin( self::$opts, new WP_Auth0_Routes( self::$opts ) );
 
-		$validated_opts = self::$admin->basic_validation( [ $opt_name => '' ] );
+		$validated_opts = $admin->input_validator( [ $opt_name => '' ] );
 		$this->assertEquals( '', $validated_opts[ $opt_name ] );
 
-		$validated_opts = self::$admin->basic_validation( [ $opt_name => '  ' ] );
+		$validated_opts = $admin->input_validator( [ $opt_name => '  ' ] );
 		$this->assertEquals( '', $validated_opts[ $opt_name ] );
 
-		$validated_opts = self::$admin->basic_validation( [ $opt_name => 'auth0' ] );
+		$validated_opts = $admin->input_validator( [ $opt_name => 'auth0' ] );
 		$this->assertEquals( 'auth0', $validated_opts[ $opt_name ] );
 
-		$validated_opts = self::$admin->basic_validation( [ $opt_name => ' auth0 ' ] );
+		$validated_opts = $admin->input_validator( [ $opt_name => ' auth0 ' ] );
 		$this->assertEquals( 'auth0', $validated_opts[ $opt_name ] );
 
-		$validated_opts = self::$admin->basic_validation( [ $opt_name => 'auth0,twitter' ] );
+		$validated_opts = $admin->input_validator( [ $opt_name => 'auth0,twitter' ] );
 		$this->assertEquals( 'auth0,twitter', $validated_opts[ $opt_name ] );
 	}