Merge pull request #324 from auth0/fixed-migration-base64secret

Fixed migration for older plugins that use base64 secret
auth0 · Jun 23, 2017 · ef97f42 · ef97f42
2 parents 51aaaec + 4dd0167
commit ef97f42
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 5 deletions.
diff --git a/WP_Auth0.php b/WP_Auth0.php
@@ -10,7 +10,7 @@
 define( 'WPA0_PLUGIN_DIR', trailingslashit( plugin_dir_path( __FILE__ ) ) );
 define( 'WPA0_PLUGIN_URL', trailingslashit( plugin_dir_url( __FILE__ ) ) );
 define( 'WPA0_LANG', 'wp-auth0' );
-define( 'AUTH0_DB_VERSION', 13 );
+define( 'AUTH0_DB_VERSION', 14 );
 define( 'WPA0_VERSION', '3.2.21' );
 
 /**

diff --git a/lib/WP_Auth0_DBManager.php b/lib/WP_Auth0_DBManager.php
@@ -133,6 +133,14 @@ public function install_db() {
       }
     }
 
+	if ( $this->current_db_version < 14 && is_null($options->get('client_secret_b64_encoded' ))) {
+		if ( $options->get('client_id' )) {
+			$options->set('client_secret_b64_encoded', true);
+		} else {
+			$options->set('client_secret_b64_encoded', false);
+		}
+	}
+
 		$this->current_db_version = AUTH0_DB_VERSION;
 		update_option( 'auth0_db_version', AUTH0_DB_VERSION );
 	}

diff --git a/lib/WP_Auth0_Options.php b/lib/WP_Auth0_Options.php
@@ -58,7 +58,7 @@ protected function defaults() {
 			'auto_login_method' => '',
 			'client_id' => '',
 			'client_secret' => '',
-			'client_secret_b64_encoded' => false,
+			'client_secret_b64_encoded' => null,
 			'domain' => '',
 			'form_title' => '',
 			'icon_url' => '',

diff --git a/lib/admin/WP_Auth0_Admin_Basic.php b/lib/admin/WP_Auth0_Admin_Basic.php
@@ -174,10 +174,9 @@ public function basic_validation( $old_options, $input ) {
 
 		// Only replace the secret or token if a new value was set. If not, we will keep the last one entered.
 		$input['client_secret'] = ( !empty( $input['client_secret'] ) ? $input['client_secret'] : $old_options['client_secret'] );
-		$input['client_secret_b64_encoded'] = ( isset( $input['client_secret_b64_encoded'] ) ? $input['client_secret_b64_encoded'] : 0 );
+		$input['client_secret_b64_encoded'] = ( isset( $input['client_secret_b64_encoded'] ) ? $input['client_secret_b64_encoded'] == 1 : false );
 		$input['auth0_app_token'] = ( !empty( $input['auth0_app_token'] ) ? $input['auth0_app_token'] : $old_options['auth0_app_token'] );
 
-
 		$error = '';
 		$completeBasicData = true;
 		if ( empty( $input['domain'] ) ) {

diff --git a/lib/php-jwt/Authentication/JWT.php b/lib/php-jwt/Authentication/JWT.php
@@ -75,7 +75,7 @@ public static function decode($jwt, $key = null, $allowed_algs = array())
 
             // Check the signature
             if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) {
-                throw new SignatureInvalidException('Signature verification failed, disabling "Settings \ Basic \ Client Secret Base64 Encoded" may resolve this issue.');
+                throw new SignatureInvalidException('Signature verification failed, check "Client Secret Base64 Encoded" value matches your Auth0 client.');
             }
 
             // Check if the nbf if it is defined. This is the time that the