auth0 · joshcanhelp · Jan 9, 2019 · Jan 8, 2019 · Jan 8, 2019 · Jan 9, 2019
diff --git a/lib/WP_Auth0_Routes.php b/lib/WP_Auth0_Routes.php
@@ -77,6 +77,7 @@ public function custom_requests( $wp, $return = false ) {
 			return false;
 		}
 
+		$json_header = true;
 		switch ( $page ) {
 			case 'oauth2-config':
 				$output = wp_json_encode( $this->oauth2_config() );
@@ -88,7 +89,8 @@ public function custom_requests( $wp, $return = false ) {
 				$output = wp_json_encode( $this->migration_ws_get_user() );
 				break;
 			case 'coo-fallback':
-				$output = $this->coo_fallback();
+				$json_header = false;
+				$output      = $this->coo_fallback();
 				break;
 			default:
 				return false;
@@ -98,10 +100,27 @@ public function custom_requests( $wp, $return = false ) {
 			return $output;
 		}
 
+		if ( $json_header ) {
+			add_filter( 'wp_headers', array( $this, 'add_json_header' ) );
+			$wp->send_headers();
+		}
+
 		echo $output;
 		exit;
 	}
 
+	/**
+	 * Use with the wp_headers filter to add a Content-Type header for JSON output.
+	 *
+	 * @param array $headers - Existing headers to modify.
+	 *
+	 * @return mixed
+	 */
+	public function add_json_header( array $headers ) {
+		$headers['Content-Type'] = 'application/json; charset=' . get_bloginfo( 'charset' );
+		return $headers;
+	}
+
 	protected function coo_fallback() {
 		$protocol = $this->a0_options->get( 'force_https_callback', false ) ? 'https' : null;
 		return sprintf(

diff --git a/lib/admin/WP_Auth0_Admin_Advanced.php b/lib/admin/WP_Auth0_Admin_Advanced.php
@@ -567,7 +567,8 @@ public function basic_validation( $old_options, $input ) {
 	 * @return array
 	 */
 	public function migration_ws_validation( array $old_options, array $input ) {
-		$input['migration_ws'] = (int) ! empty( $input['migration_ws'] );
+		$input['migration_ws']    = (int) ! empty( $input['migration_ws'] );
+		$input['migration_token'] = $this->options->get( 'migration_token' );
 
 		// Migration endpoints or turned off, nothing to do.
 		if ( empty( $input['migration_ws'] ) ) {
@@ -589,6 +590,7 @@ public function migration_ws_validation( array $old_options, array $input ) {
 		if ( ! empty( $input['client_secret_b64_encoded'] ) ) {
 			$secret = base64_decode( $input['client_secret'] );
 		}
+
 		try {
 			$token_decoded               = JWT::decode( $input['migration_token'], $secret, array( 'HS256' ) );
 			$input['migration_token_id'] = isset( $token_decoded->jti ) ? $token_decoded->jti : null;

diff --git a/tests/testAdvancedOptionsValidation.php → tests/testOptionLoginRedirect.php b/tests/testAdvancedOptionsValidation.php → tests/testOptionLoginRedirect.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * Contains Class TestAdvancedOptionsValidation.
+ * Contains Class TestOptionLoginRedirect.
  *
  * @package WP-Auth0
  *
@@ -10,10 +10,10 @@
 use PHPUnit\Framework\TestCase;
 
 /**
- * Class TestAdvancedOptionsValidation.
+ * Class TestOptionLoginRedirect.
  * Tests that Advanced settings are validated properly.
  */
-class TestAdvancedOptionsValidation extends TestCase {
+class TestOptionLoginRedirect extends TestCase {
 
 	use setUpTestDb {
 		setUp as setUpDb;

diff --git a/tests/testOptionMigrationWs.php b/tests/testOptionMigrationWs.php
@@ -58,6 +58,7 @@ public static function setUpBeforeClass() {
 	public function setUp() {
 		parent::setUp();
 		self::setUpDb();
+		self::$opts->reset();
 		$router      = new WP_Auth0_Routes( self::$opts );
 		self::$admin = new WP_Auth0_Admin_Advanced( self::$opts, $router );
 	}
@@ -74,30 +75,31 @@ public function tearDown() {
 	 * Test that turning migration endpoints off does not affect new input.
 	 */
 	public function testThatChangingMigrationToOffKeepsTokenData() {
+		self::$opts->set( 'migration_token', 'existing_token' );
 		$input     = [
 			'migration_ws'       => 0,
-			'migration_token'    => 'new_token',
-			'migration_token_id' => 'new_token_id',
+			'migration_token_id' => 'existing_token_id',
 		];
-		$old_input = [ 'migration_ws' => 1 ];
-		$validated = self::$admin->migration_ws_validation( $old_input, $input );
-		$this->assertEquals( $input, $validated );
+		$validated = self::$admin->migration_ws_validation( [], $input );
+
+		$this->assertEquals( $input['migration_ws'], $validated['migration_ws'] );
+		$this->assertEquals( $input['migration_token_id'], $validated['migration_token_id'] );
+		$this->assertEquals( 'existing_token', $validated['migration_token'] );
 	}
 
 	/**
 	 * Test that turning on migration keeps the existing token and sets an admin notification.
 	 */
 	public function testThatChangingMigrationToOnKeepsToken() {
-		$input     = [
-			'migration_ws'    => 1,
-			'migration_token' => 'new_token',
-			'client_secret'   => '__test_client_secret__',
+		self::$opts->set( 'migration_token', 'new_token' );
+		$input = [
+			'migration_ws'  => 1,
+			'client_secret' => '__test_client_secret__',
 		];
-		$old_input = [ 'migration_ws' => 0 ];
 
-		$validated = self::$admin->migration_ws_validation( $old_input, $input );
+		$validated = self::$admin->migration_ws_validation( [], $input );
 
-		$this->assertEquals( $input['migration_token'], $validated['migration_token'] );
+		$this->assertEquals( 'new_token', $validated['migration_token'] );
 		$this->assertNull( $validated['migration_token_id'] );
 		$this->assertEquals( $input['migration_ws'], $validated['migration_ws'] );
 	}
@@ -106,18 +108,18 @@ public function testThatChangingMigrationToOnKeepsToken() {
 	 * Test that turning on migration keeps the existing token and sets an admin notification.
 	 */
 	public function testThatChangingMigrationToOnKeepsWithJwtSetsId() {
-		$client_secret = '__test_client_secret__';
-		$input         = [
-			'migration_ws'    => 1,
-			'migration_token' => JWT::encode( [ 'jti' => '__test_token_id__' ], $client_secret ),
-			'client_secret'   => $client_secret,
+		$client_secret   = '__test_client_secret__';
+		$migration_token = JWT::encode( [ 'jti' => '__test_token_id__' ], $client_secret );
+		self::$opts->set( 'migration_token', $migration_token );
+		$input = [
+			'migration_ws'  => 1,
+			'client_secret' => $client_secret,
 		];
-		$old_input     = [ 'migration_ws' => 0 ];
 
-		$validated = self::$admin->migration_ws_validation( $old_input, $input );
+		$validated = self::$admin->migration_ws_validation( [], $input );
 
 		$this->assertEquals( $input['migration_ws'], $validated['migration_ws'] );
-		$this->assertEquals( $input['migration_token'], $validated['migration_token'] );
+		$this->assertEquals( $migration_token, $validated['migration_token'] );
 		$this->assertEquals( '__test_token_id__', $validated['migration_token_id'] );
 	}
 
@@ -126,15 +128,14 @@ public function testThatChangingMigrationToOnKeepsWithJwtSetsId() {
 	 */
 	public function testThatChangingMigrationToOnKeepsWithBase64JwtSetsId() {
 		$client_secret = '__test_client_secret__';
-		$input         = [
+		self::$opts->set( 'migration_token', JWT::encode( [ 'jti' => '__test_token_id__' ], $client_secret ) );
+		$input = [
 			'migration_ws'              => 1,
-			'migration_token'           => JWT::encode( [ 'jti' => '__test_token_id__' ], $client_secret ),
 			'client_secret'             => JWT::urlsafeB64Encode( $client_secret ),
 			'client_secret_b64_encoded' => 1,
 		];
-		$old_input     = [ 'migration_ws' => 0 ];
 
-		$validated = self::$admin->migration_ws_validation( $old_input, $input );
+		$validated = self::$admin->migration_ws_validation( [], $input );
 
 		$this->assertEquals( '__test_token_id__', $validated['migration_token_id'] );
 	}
@@ -143,10 +144,9 @@ public function testThatChangingMigrationToOnKeepsWithBase64JwtSetsId() {
 	 * Test that turning on migration endpoints without a stored token will generate one.
 	 */
 	public function testThatChangingMigrationToOnGeneratesNewToken() {
-		$input     = [ 'migration_ws' => 1 ];
-		$old_input = [ 'migration_ws' => 0 ];
+		$input = [ 'migration_ws' => 1 ];
 
-		$validated = self::$admin->migration_ws_validation( $old_input, $input );
+		$validated = self::$admin->migration_ws_validation( [], $input );
 
 		$this->assertGreaterThan( 64, strlen( $validated['migration_token'] ) );
 		$this->assertNull( $validated['migration_token_id'] );
@@ -160,18 +160,17 @@ public function testThatChangingMigrationToOnGeneratesNewToken() {
 	 */
 	public function testThatMigrationTokenInConstantSettingIsValidated() {
 		define( 'AUTH0_ENV_MIGRATION_TOKEN', '__test_constant_setting__' );
-		$input     = [
-			'migration_ws'    => 1,
-			'migration_token' => AUTH0_ENV_MIGRATION_TOKEN,
-			'client_secret'   => '__test_client_secret__',
+		self::$opts->set( 'migration_token', '__test_saved_setting__' );
+		$input = [
+			'migration_ws'  => 1,
+			'client_secret' => '__test_client_secret__',
 		];
-		$old_input = [ 'migration_ws' => 0 ];
 
 		$opts   = new WP_Auth0_Options();
 		$router = new WP_Auth0_Routes( $opts );
 		$admin  = new WP_Auth0_Admin_Advanced( $opts, $router );
 
-		$validated = $admin->migration_ws_validation( $old_input, $input );
+		$validated = $admin->migration_ws_validation( [], $input );
 
 		$this->assertNull( $validated['migration_token_id'] );
 		$this->assertEquals( $input['migration_ws'], $validated['migration_ws'] );