Update Lock, Auth0.js; add setting to use default

WP_Auth0.php

@@ -8,8 +8,8 @@
  * Text Domain: wp-auth0
  */
 
-define( 'WPA0_VERSION', '3.9.0' );
-define( 'AUTH0_DB_VERSION', 20 );
+define( 'WPA0_VERSION', '3.10.0-beta' );
+define( 'AUTH0_DB_VERSION', 21 );
 
 define( 'WPA0_PLUGIN_FILE', __FILE__ );
 define( 'WPA0_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
@@ -20,8 +20,8 @@
 define( 'WPA0_PLUGIN_LIB_URL', WPA0_PLUGIN_URL . 'assets/lib/' );
 define( 'WPA0_PLUGIN_BS_URL', WPA0_PLUGIN_URL . 'assets/bootstrap/' );
 
-define( 'WPA0_LOCK_CDN_URL', 'https://cdn.auth0.com/js/lock/11.5/lock.min.js' );
-define( 'WPA0_AUTH0_JS_CDN_URL', 'https://cdn.auth0.com/js/auth0/9.4/auth0.min.js' );
+define( 'WPA0_LOCK_CDN_URL', 'https://cdn.auth0.com/js/lock/11.14/lock.min.js' );
+define( 'WPA0_AUTH0_JS_CDN_URL', 'https://cdn.auth0.com/js/auth0/9.10/auth0.min.js' );
 
 define( 'WPA0_AUTH0_LOGIN_FORM_ID', 'auth0-login-form' );
 define( 'WPA0_CACHE_GROUP', 'wp_auth0' );

assets/css/initial-setup/main.styl

@@ -141,7 +141,10 @@
     }
 
     .modal-dialog {
-      input[type=text],input[type=password], textarea {
+      input[type=text],
+      input[type=password],
+      input[type=url],
+      textarea {
         border:1px solid settingsInputBorder;
         line-height: 1em;
         height: 40px;
@@ -751,7 +754,9 @@
 
     margin-top:20px;
 
-    input[type=text], input[type=password] {
+    input[type=text],
+    input[type=password],
+    input[type=url] {
       width:100%;
       border:1px solid adminFormBorder;
       height: 50px;
@@ -856,15 +861,20 @@
       font-weight: 500;
     }
 
-    input[type=text],input[type=password], textarea {
+    input[type=text],
+    input[type=password],
+    input[type=url],
+    textarea {
       border:1px solid settingsInputBorder;
       padding: 0 10px;
       border-radius: 3px 3px 3px 3px;
       width: 100%;
       color:text;
     }
 
-    input[type=text],input[type=password] {
+    input[type=text],
+    input[type=password],
+    input[type=url] {
       line-height: 1em;
       height: 40px;
     }

lib/WP_Auth0_DBManager.php

@@ -43,7 +43,6 @@ public function install_db( $version_to_install = null, $app_token = '' ) {
 		$client_secret   = $options->get( 'client_secret' );
 		$domain          = $options->get( 'domain' );
 		$sso             = $options->get( 'sso' );
-		$cdn_url         = $options->get( 'cdn_url' );
 
 		// Plugin version < 2.2.3
 		if ( $this->current_db_version <= 7 ) {
@@ -95,7 +94,6 @@ public function install_db( $version_to_install = null, $app_token = '' ) {
 		// Plugin version < 3.4.0
 		if ( $this->current_db_version < 15 || 15 === $version_to_install ) {
 			$options->set( 'cdn_url', WPA0_LOCK_CDN_URL );
-			$options->set( 'auth0js-cdn', WPA0_AUTH0_JS_CDN_URL );
 			$options->set( 'cache_expiration', 1440 );
 
 			// Update Client
@@ -130,10 +128,6 @@ public function install_db( $version_to_install = null, $app_token = '' ) {
 				$options->set( 'cdn_url', WPA0_LOCK_CDN_URL );
 			}
 
-			if ( '//cdn.auth0.com/js/auth0/9.0.0/auth0.min.js' === $options->get( 'auth0js-cdn' ) ) {
-				$options->set( 'auth0js-cdn', WPA0_AUTH0_JS_CDN_URL );
-			}
-
 			// Update app type and client grant
 			$client_grant_created = false;
 			if ( $decoded_token ) {
@@ -270,9 +264,6 @@ public function install_db( $version_to_install = null, $app_token = '' ) {
 				$options->set( 'extra_conf', json_encode( $lock_json_decoded ) );
 			}
 
-			// Set passwordless_cdn_url to latest Lock
-			$options->set( 'passwordless_cdn_url', WPA0_LOCK_CDN_URL );
-
 			// Force passwordless_method to delete
 			$update_options = $options->get_options();
 			unset( $update_options['passwordless_method'] );
@@ -308,6 +299,28 @@ public function install_db( $version_to_install = null, $app_token = '' ) {
 			}
 		}
 
+		// 3.10.0
+		if ( ( $this->current_db_version < 21 && 0 !== $this->current_db_version ) || 21 === $version_to_install ) {
+
+			if ( 'https://cdn.auth0.com/js/lock/11.5/lock.min.js' === $options->get( 'cdn_url' ) ) {
+				$options->set( 'cdn_url', WPA0_LOCK_CDN_URL );
+				$options->set( 'custom_cdn_url', null );
+			} else {
+				$options->set( 'custom_cdn_url', 1 );
+			}
+
+			// Nullify and delete all removed options.
+			$options->set( 'auth0js-cdn', null );
+			$options->set( 'passwordless_cdn_url', null );
+			$options->set( 'cdn_url_legacy', null );
+
+			$update_options = $options->get_options();
+			unset( $update_options['auth0js-cdn'] );
+			unset( $update_options['passwordless_cdn_url'] );
+			unset( $update_options['cdn_url_legacy'] );
+			update_option( $options->get_options_name(), $update_options );
+		}
+
 		$this->current_db_version = AUTH0_DB_VERSION;
 		update_option( 'auth0_db_version', AUTH0_DB_VERSION );
 

lib/WP_Auth0_Lock10_Options.php

@@ -303,7 +303,7 @@ public function can_show() {
 	}
 
 	/**
-	 * @deprecated - 3.6.0, not used, use WP_Auth0_Options::Instance->get( 'cdn_url' ) instead.
+	 * @deprecated - 3.6.0, not used, use WP_Auth0_Options::Instance->get_lock_url() instead.
 	 *
 	 * @return string
 	 *

lib/WP_Auth0_LoginManager.php

@@ -619,7 +619,7 @@ public function auth0_sso_footer( $previous_html ) {
 			return $previous_html;
 		}
 
-		wp_enqueue_script( 'wpa0_auth0js', $this->a0_options->get( 'auth0js-cdn' ) );
+		wp_enqueue_script( 'wpa0_auth0js', apply_filters( 'auth0_sso_auth0js_url', WPA0_AUTH0_JS_CDN_URL ) );
 		ob_start();
 		include WPA0_PLUGIN_DIR . 'templates/auth0-sso-handler-lock10.php';
 		return $previous_html . ob_get_clean();

lib/WP_Auth0_Options.php

@@ -116,6 +116,16 @@ public function get_logout_url() {
 		return add_query_arg( 'action', 'logout', site_url( 'wp-login.php', 'login' ) );
 	}
 
+	/**
+	 * Get a custom Lock URL or the default, depending on settings.
+	 *
+	 * @return string
+	 */
+	public function get_lock_url() {
+		$cdn_url = $this->get( 'cdn_url' );
+		return $cdn_url && $this->get( 'custom_cdn_url' ) ? $cdn_url : WPA0_LOCK_CDN_URL;
+	}
+
 	/**
 	 * Get the authentication domain.
 	 *
@@ -192,7 +202,6 @@ protected function defaults() {
 			'last_step'                 => 1,
 			'migration_token_id'        => null,
 			'jwt_auth_integration'      => false,
-			'auth0js-cdn'               => WPA0_AUTH0_JS_CDN_URL,
 
 			// Basic
 			'domain'                    => '',
@@ -230,8 +239,7 @@ protected function defaults() {
 			'passwordless_enabled'      => false,
 			'force_https_callback'      => false,
 			'cdn_url'                   => WPA0_LOCK_CDN_URL,
-			'cdn_url_legacy'            => 'https://cdn.auth0.com/js/lock-9.2.min.js',
-			'passwordless_cdn_url'      => WPA0_LOCK_CDN_URL,
+			'custom_cdn_url'            => null,
 			'lock_connections'          => '',
 			'auto_provisioning'         => false,
 			'migration_ws'              => false,

lib/WP_Auth0_Options_Generic.php

@@ -205,7 +205,7 @@ public function delete() {
 	public function reset() {
 		$this->_opts = null;
 		$this->delete();
-		$this->get_options();
+		$this->save();
 	}
 
 	/**

lib/WP_Auth0_Routes.php

@@ -128,7 +128,7 @@ protected function coo_fallback() {
 			var auth0 = new auth0.WebAuth({clientID:"%s",domain:"%s",redirectUri:"%s"});
 			auth0.crossOriginAuthenticationCallback();
 			</script></head><body></body></html>',
-			esc_url( $this->a0_options->get( 'auth0js-cdn' ) ),
+			esc_url( apply_filters( 'auth0_coo_auth0js_url', WPA0_AUTH0_JS_CDN_URL ) ),
 			sanitize_text_field( $this->a0_options->get( 'client_id' ) ),
 			sanitize_text_field( $this->a0_options->get_auth_domain() ),
 			esc_url( $this->a0_options->get_wp_auth0_url( $protocol ) )

lib/admin/WP_Auth0_Admin.php

@@ -64,8 +64,7 @@ public function admin_enqueue() {
 		wp_enqueue_style( 'wpa0_admin_initial_settup' );
 
 		if ( 'wpa0-setup' === $wpa0_curr_page && isset( $_REQUEST['signup'] ) ) {
-			$cdn_url = $this->a0_options->get( 'cdn_url' );
-			wp_enqueue_script( 'wpa0_lock', $cdn_url, array( 'jquery' ) );
+			wp_enqueue_script( 'wpa0_lock', $this->a0_options->get_lock_url(), array( 'jquery' ) );
 		}
 
 		wp_enqueue_style( 'media' );

lib/admin/WP_Auth0_Admin_Advanced.php

@@ -74,7 +74,13 @@ public function init() {
 				'function' => 'render_force_https_callback',
 			),
 			array(
-				'name'     => __( 'Lock JS CDN URL', 'wp-auth0' ),
+				'name'     => __( 'Use Custom Lock JS URL', 'wp-auth0' ),
+				'opt'      => 'custom_cdn_url',
+				'id'       => 'wpa0_custom_cdn_url',
+				'function' => 'render_custom_cdn_url',
+			),
+			array(
+				'name'     => __( 'Custom Lock JS URL', 'wp-auth0' ),
 				'opt'      => 'cdn_url',
 				'id'       => 'wpa0_cdn_url',
 				'function' => 'render_cdn_url',
@@ -280,6 +286,27 @@ public function render_force_https_callback( $args = array() ) {
 		);
 	}
 
+	/**
+	 * Render form field and description for the `custom_cdn_url` option.
+	 * IMPORTANT: Internal callback use only, do not call this function directly!
+	 *
+	 * @param array $args - callback args passed in from add_settings_field().
+	 *
+	 * @see WP_Auth0_Admin_Generic::init_option_section()
+	 * @see add_settings_field()
+	 */
+	public function render_custom_cdn_url( $args = array() ) {
+		$this->render_switch( $args['label_for'], $args['opt_name'], 'wpa0_cdn_url' );
+		$this->render_field_description( __( 'Use a custom Lock CDN URL instead of the default. ', 'wp-auth0' ) );
+
+		if ( ! $this->options->get( $args['opt_name'] ) ) {
+			$this->render_field_description(
+				__( 'Currently using:', 'wp-auth0' ) .
+				' <code>' . WPA0_LOCK_CDN_URL . '</code>'
+			);
+		}
+	}
+
 	/**
 	 * Render form field and description for the `cdn_url` option.
 	 * IMPORTANT: Internal callback use only, do not call this function directly!
@@ -290,7 +317,7 @@ public function render_force_https_callback( $args = array() ) {
 	 * @see add_settings_field()
 	 */
 	public function render_cdn_url( $args = array() ) {
-		$this->render_text_field( $args['label_for'], $args['opt_name'] );
+		$this->render_text_field( $args['label_for'], $args['opt_name'], 'url' );
 		$this->render_field_description(
 			__( 'This should point to the latest Lock JS available in the CDN and rarely needs to change', 'wp-auth0' )
 		);
@@ -531,6 +558,16 @@ public function basic_validation( $old_options, $input ) {
 		$input['auth0_implicit_workflow'] = ( isset( $input['auth0_implicit_workflow'] ) ? $input['auth0_implicit_workflow'] : 0 );
 		$input['force_https_callback']    = ( isset( $input['force_https_callback'] ) ? $input['force_https_callback'] : 0 );
 
+		$input['custom_cdn_url'] = empty( $input['custom_cdn_url'] ) ? 0 : 1;
+
+		$input['cdn_url'] = empty( $input['cdn_url'] ) ? WPA0_LOCK_CDN_URL : sanitize_text_field( $input['cdn_url'] );
+
+		// If an invalid URL is used, default to previously saved (if there is one) or default URL.
+		if ( ! filter_var( $input['cdn_url'], FILTER_VALIDATE_URL ) ) {
+			$input['cdn_url'] = isset( $old_options['cdn_url'] ) ? $old_options['cdn_url'] : WPA0_LOCK_CDN_URL;
+			self::add_validation_error( __( 'The Lock JS CDN URL used is not a valid URL.', 'wp-auth0' ) );
+		}
+
 		$input['social_twitter_key'] = isset( $input['social_twitter_key'] ) ?
 			sanitize_text_field( $input['social_twitter_key'] ) : '';
 

templates/login-form.php

@@ -5,19 +5,17 @@ function renderAuth0Form( $canShowLegacyLogin = true, $specialSettings = array()
 	}
 
 	if ( ! $canShowLegacyLogin || ! isset( $_GET['wle'] ) ) {
-		$options          = WP_Auth0_Options::Instance();
-		$lock_options     = new WP_Auth0_Lock10_Options( $specialSettings );
-		$use_sso          = ! isset( $_GET['skip_sso'] ) && $options->get( 'sso', false );
-		$use_passwordless = $options->get( 'passwordless_enabled', false );
-		$lock_cdn_url     = $options->get( $use_passwordless ? 'passwordless_cdn_url' : 'cdn_url' );
+		$options      = WP_Auth0_Options::Instance();
+		$lock_options = new WP_Auth0_Lock10_Options( $specialSettings );
+		$use_sso      = ! isset( $_GET['skip_sso'] ) && $options->get( 'sso', false );
 
 		// If we're on wp-login.php and SSO is enabled, load Auth0.js.
 		$check_sso = $GLOBALS['pagenow'] === 'wp-login.php' && $use_sso;
 		if ( $check_sso ) {
 			wp_enqueue_script( 'wpa0_auth0js', $options->get( 'auth0js-cdn' ), false, null, true );
 		}
 
-		wp_enqueue_script( 'wpa0_lock', $lock_cdn_url, array( 'jquery' ), false, true );
+		wp_enqueue_script( 'wpa0_lock', $options->get_lock_url(), array( 'jquery' ), false, true );
 		wp_enqueue_script( 'js-cookie', WPA0_PLUGIN_LIB_URL . 'js.cookie.min.js', false, '2.2.0', true );
 		wp_enqueue_script( 'wpa0_lock_init', WPA0_PLUGIN_JS_URL . 'lock-init.js', array( 'jquery' ), WPA0_VERSION, true );
 		wp_localize_script(
@@ -30,7 +28,7 @@ function renderAuth0Form( $canShowLegacyLogin = true, $specialSettings = array()
 				'clientId'        => $options->get( 'client_id' ),
 				'stateCookieName' => WP_Auth0_State_Handler::get_storage_cookie_name(),
 				'nonceCookieName' => WP_Auth0_Nonce_Handler::get_storage_cookie_name(),
-				'usePasswordless' => $use_passwordless,
+				'usePasswordless' => $options->get( 'passwordless_enabled', false ),
 				'loginFormId'     => WPA0_AUTH0_LOGIN_FORM_ID,
 				'showAsModal'     => ! empty( $specialSettings['show_as_modal'] ),
 				'ssoOpts'         => $check_sso ? $lock_options->get_sso_options() : null,