Add Management API endpoints; add email verify endpoint

auth0 · Sep 26, 2018 · fc5c23c · fc5c23c
1 parent a0b6e7d
commit fc5c23c
Show file tree

Hide file tree

Showing 18 changed files with 1,826 additions and 45 deletions.
diff --git a/WP_Auth0.php b/WP_Auth0.php
@@ -508,6 +508,7 @@ private function autoloader( $class ) {
 		$paths = array(
 			$source_dir,
 			$source_dir . 'admin/',
+			$source_dir . 'api/',
 			$source_dir . 'exceptions/',
 			$source_dir . 'wizard/',
 			$source_dir . 'initial-setup/',

diff --git a/assets/js/die-with-verify-email.js b/assets/js/die-with-verify-email.js
@@ -1,30 +1,33 @@
-/* globals jQuery, console, WPAuth0EmailVerification */
+/* globals jQuery, alert, WPAuth0EmailVerification */
 
 jQuery( document ).ready( function ($) {
+    'use strict';
 
     var $resendLink = $( '#js-a0-resend-verification' );
 
     $resendLink.click( function () {
 
         var postData = {
             action: 'resend_verification_email',
-            nonce: WPAuth0EmailVerification.nonce,
+            _ajax_nonce: WPAuth0EmailVerification.nonce,
             sub: WPAuth0EmailVerification.sub
         };
+        var errorMsg = WPAuth0EmailVerification.e_msg;
 
         $.post( WPAuth0EmailVerification.ajaxUrl, postData )
-            .done( function( data ) {
-
-                if ( 'success' === data ) {
+            .done( function( response ) {
+                if ( response.success ) {
                     $resendLink.after( WPAuth0EmailVerification.s_msg );
                     $resendLink.remove();
                 } else {
-                    alert( WPAuth0EmailVerification.e_msg );
+                    if ( response.data && response.data.error ) {
+                        errorMsg = response.data.error;
+                    }
+                    alert( errorMsg );
                 }
-
             } )
             .fail( function() {
-                alert( WPAuth0EmailVerification.e_msg );
+                alert( errorMsg );
             } );
     } );
 } );
diff --git a/lib/WP_Auth0_Api_Client.php b/lib/WP_Auth0_Api_Client.php
@@ -120,6 +120,14 @@ public static function ro( $domain, $client_id, $username, $password, $connectio
 
 	}
 
+	/**
+	 * Validate the scopes of the API token.
+	 * TODO: Deprecate, not used.
+	 *
+	 * @param string $app_token - API token.
+	 *
+	 * @return bool
+	 */
 	public static function validate_user_token( $app_token ) {
 
 		if ( empty( $app_token ) ) {
@@ -149,20 +157,13 @@ public static function validate_user_token( $app_token ) {
 	}
 
 	/**
-	 * Get required telemetry header
+	 * Get required telemetry header.
+	 * TODO: Refactor to use WP_Auth0_Api_Abstract::get_info_headers and deprecate.
 	 *
 	 * @return array
 	 */
 	public static function get_info_headers() {
-		$header_value = array(
-			'name'        => 'wp-auth0',
-			'version'     => WPA0_VERSION,
-			'environment' => array(
-				'PHP'       => phpversion(),
-				'WordPress' => get_bloginfo( 'version' ),
-			),
-		);
-		return array( 'Auth0-Client' => base64_encode( wp_json_encode( $header_value ) ) );
+		return WP_Auth0_Api_Abstract::get_info_headers();
 	}
 
 	/**
@@ -190,6 +191,7 @@ private static function get_headers( $token = '', $content_type = 'application/j
 		return $headers;
 	}
 
+
 	public static function get_token( $domain, $client_id, $client_secret, $grantType = 'client_credentials', $extraBody = null ) {
 		if ( ! is_array( $extraBody ) ) {
 			$body = array();
@@ -224,6 +226,7 @@ public static function get_token( $domain, $client_id, $client_secret, $grantTyp
 
 	/**
 	 * Get a client_credentials token using default stored connection info
+	 * TODO: Change implementations to use WP_Auth0_Api_Abstract and deprecate.
 	 *
 	 * @since 3.4.1
 	 *
@@ -276,6 +279,9 @@ public static function get_user_info( $domain, $access_token ) {
 		);
 	}
 
+	/**
+	 * TODO: Deprecate, not used.
+	 */
 	public static function search_users( $domain, $jwt, $q = '', $page = 0, $per_page = 100, $include_totals = false, $sort = 'user_id:1' ) {
 
 		$include_totals = $include_totals ? 'true' : 'false';
@@ -296,7 +302,8 @@ public static function search_users( $domain, $jwt, $q = '', $page = 0, $per_pag
 	}
 
 	/**
-	 * Trigger a verification email re-send
+	 * Trigger a verification email re-send.
+	 * TODO: Deprecate, not used.
 	 *
 	 * @since 3.5.0
 	 *
@@ -349,6 +356,9 @@ public static function get_user( $domain, $jwt, $user_id ) {
 
 	}
 
+	/**
+	 * TODO: Deprecate, not used.
+	 */
 	public static function create_user( $domain, $jwt, $data ) {
 
 		$endpoint = "https://$domain/api/v2/users";
@@ -524,6 +534,9 @@ public static function create_client( $domain, $app_token, $name ) {
 		return json_decode( $response['body'] );
 	}
 
+	/**
+	 * TODO: Deprecate, not used.
+	 */
 	public static function search_clients( $domain, $app_token ) {
 		$endpoint = "https://$domain/api/v2/clients";
 
@@ -810,6 +823,9 @@ public static function get_connection( $domain, $app_token, $id ) {
 		return json_decode( $response['body'] );
 	}
 
+	/**
+	 * TODO: Deprecate, not used.
+	 */
 	public static function get_current_user( $domain, $app_token ) {
 		list( $head, $payload, $signature ) = explode( '.', $app_token );
 		$decoded                            = json_decode( JWT::urlsafeB64Decode( $payload ) );
@@ -852,6 +868,9 @@ public static function update_connection( $domain, $app_token, $id, $payload ) {
 		return json_decode( $response['body'] );
 	}
 
+	/**
+	 * TODO: Deprecate, not used.
+	 */
 	public static function delete_connection( $domain, $app_token, $id ) {
 		$endpoint = "https://$domain/api/v2/connections/$id";
 
@@ -982,6 +1001,9 @@ public static function change_password( $domain, $payload ) {
 		return json_decode( $response['body'] );
 	}
 
+	/**
+	 * TODO: Deprecate, not used.
+	 */
 	public static function link_users( $domain, $app_token, $main_user_id, $user_id, $provider, $connection_id = null ) {
 		$endpoint = "https://$domain/api/v2/users/$main_user_id/identities";
 

diff --git a/lib/WP_Auth0_Email_Verification.php b/lib/WP_Auth0_Email_Verification.php
@@ -1,37 +1,62 @@
 <?php
+/**
+ * Contains class WP_Auth0_Email_Verification
+ *
+ * @package WP-Auth0
+ *
+ * @since 3.5.0
+ */
 
 /**
- * Class WP_Auth0_Email_Verification
+ * Class WP_Auth0_Email_Verification.
  */
 class WP_Auth0_Email_Verification {
 
 	const RESEND_NONCE_ACTION = 'auth0_resend_verification_email';
 
 	/**
-	 * Setup hooks tied to functions that can be dequeued
+	 * WP_Auth0_Api_Jobs_Verification instance.
+	 *
+	 * @var WP_Auth0_Api_Jobs_Verification
+	 */
+	protected $api_jobs_resend;
+
+	/**
+	 * WP_Auth0_Email_Verification constructor.
+	 *
+	 * @param WP_Auth0_Api_Jobs_Verification $api_jobs_resend - WP_Auth0_Api_Jobs_Verification instance.
+	 */
+	public function __construct( WP_Auth0_Api_Jobs_Verification $api_jobs_resend ) {
+		$this->api_jobs_resend = $api_jobs_resend;
+	}
+
+	/**
+	 * Set up hooks tied to functions that can be dequeued.
+	 *
+	 * @codeCoverageIgnore - Called at startup, tested in TestEmailVerification::testHooks()
 	 */
 	public static function init() {
 		add_action( 'wp_ajax_nopriv_resend_verification_email', 'wp_auth0_ajax_resend_verification_email' );
 	}
 
 	/**
-	 * Stop the login process and show email verification prompt
+	 * Stop the login process and show email verification prompt.
 	 *
-	 * @param object $userinfo
+	 * @param object $userinfo - User profile object returned from Auth0.
 	 */
 	public static function render_die( $userinfo ) {
 		$user_id = isset( $userinfo->user_id ) ? $userinfo->user_id : $userinfo->sub;
 
-		$html = sprintf( '<p>%s</p>', __( 'This site requires a verified email address. ', 'wp-auth0' ) );
+		$html = sprintf( '<p>%s</p>', __( 'This site requires a verified email address.', 'wp-auth0' ) );
 
-		// Only provide resend verification link for DB connection users
+		// Only provide resend verification link for DB connection users.
 		if ( 0 === strpos( $user_id, 'auth0|' ) ) {
 			$html .= sprintf(
 				'<p><a id="js-a0-resend-verification" href="#">%s</a></p>
-			<p><a href="%s?%d">%s</a></p>
-			<script>var WPAuth0EmailVerification={ajaxUrl:"%s",sub:"%s",nonce:"%s",e_msg:"%s",s_msg:"%s"}</script>
-			<script src="%s"></script>
-			<script src="%s"></script>',
+				<p><a href="%s?%d">%s</a></p>
+				<script>var WPAuth0EmailVerification={ajaxUrl:"%s",sub:"%s",nonce:"%s",e_msg:"%s",s_msg:"%s"}</script>
+				<script src="%s"></script>
+				<script src="%s"></script>',
 				__( 'Resend verification email.', 'wp-auth0' ),
 				wp_login_url(),
 				time(),
@@ -40,12 +65,7 @@ public static function render_die( $userinfo ) {
 				esc_js( $user_id ),
 				esc_js( wp_create_nonce( self::RESEND_NONCE_ACTION ) ),
 				esc_js( __( 'Something went wrong; please login and try again.', 'wp-auth0' ) ),
-				esc_js(
-					sprintf(
-						__( 'Email successfully re-sent to %s!', 'wp-auth0' ),
-						$userinfo->email
-					)
-				),
+				esc_js( __( 'Email successfully re-sent to ', 'wp-auth0' ) . $userinfo->email ),
 				'//code.jquery.com/jquery-1.12.4.js',
 				WPA0_PLUGIN_URL . 'assets/js/die-with-verify-email.js?ver=' . WPA0_VERSION
 			);
@@ -56,18 +76,53 @@ public static function render_die( $userinfo ) {
 	}
 
 	/**
-	 * AJAX handler to request that the verification email be resent
-	 * Triggered in $this->render_die
+	 * AJAX handler to request that the verification email be resent.
+	 * TODO: Deprecate, use $this->resend_verification_email()
+	 *
+	 * @codeCoverageIgnore - Not adding tests for soon-to-be-deprecated methods.
 	 */
 	public static function ajax_resend_email() {
-		check_ajax_referer( self::RESEND_NONCE_ACTION, 'nonce' );
+		check_ajax_referer( self::RESEND_NONCE_ACTION );
 		if ( ! empty( $_POST['sub'] ) ) {
-			echo WP_Auth0_Api_Client::resend_verification_email( sanitize_text_field( $_POST['sub'] ) ) ? 'success' : 'fail';
+			$user_id = sanitize_text_field( $_POST['sub'] );
+			$result  = WP_Auth0_Api_Client::resend_verification_email( $user_id );
+			echo $result ? 'success' : 'fail';
 		}
-		exit;
+	}
+
+	/**
+	 * AJAX handler to request that the verification email be resent.
+	 * Triggered in $this->render_die
+	 *
+	 * @codeCoverageIgnore - Tested in TestEmailVerification::testResendVerificationEmail()
+	 */
+	public function resend_verification_email() {
+		check_ajax_referer( self::RESEND_NONCE_ACTION );
+
+		if ( empty( $_POST['sub'] ) ) {
+			wp_send_json_error( array( 'error' => __( 'No Auth0 user ID provided.', 'wp-auth0' ) ) );
+		}
+
+		if ( ! $this->api_jobs_resend->call() ) {
+			wp_send_json_error( array( 'error' => __( 'API call failed.', 'wp-auth0' ) ) );
+		}
+
+		wp_send_json_success();
 	}
 }
 
+/**
+ * AJAX handler to re-send verification email.
+ * Hooked to: wp_ajax_nopriv_resend_verification_email
+ *
+ * @codeCoverageIgnore - Tested in TestEmailVerification::testResendVerificationEmail()
+ */
 function wp_auth0_ajax_resend_verification_email() {
-	WP_Auth0_Email_Verification::ajax_resend_email();
+	$options               = WP_Auth0_Options::Instance();
+	$api_client_creds      = new WP_Auth0_Api_Client_Credentials( $options );
+	$auth0_user_id         = isset( $_POST['sub'] ) ? $_POST['sub'] : null;
+	$api_jobs_verification = new WP_Auth0_Api_Jobs_Verification( $options, $api_client_creds, $auth0_user_id );
+	$email_verification    = new WP_Auth0_Email_Verification( $api_jobs_verification );
+
+	$email_verification->resend_verification_email();
 }