Last active
September 30, 2016 00:28
-
-
Save rheinardkorf/91431d6e8e7b5070730352321876d5d3 to your computer and use it in GitHub Desktop.
Very basic implementation of a Slack SSO plugin.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
Plugin Name: Slack SSO | |
Plugin URI: https://gist.github.com/rheinardkorf/91431d6e8e7b5070730352321876d5d3 | |
Description: Sign into your WordPress site with Slack. | |
Version: 0.1-alpha | |
Author: Rheinard Korf | |
Author URI: https://gist.github.com/rheinardkorf/91431d6e8e7b5070730352321876d5d3 | |
License: GPL2 | |
License URI: http://www.gnu.org/licenses/gpl-2.0.html | |
Text Domain: slack-sso | |
Domain Path: /languages | |
*/ | |
const SLACK_SSO_CLIENT_ID = '<YOUR_SLACK_CLIENT_ID>'; | |
const SLACK_SSO_CLIENT_SECRET = '<YOUR_SLACK_CLIENT_SECRET>'; | |
/** | |
* Handle Slack Sign-In. | |
*/ | |
add_action( 'init', function () { | |
/** | |
* Note: Set your callback URL to your login page and include ?slack_sso=1 as the URI parameter for the following to work. | |
**/ | |
$is_slack_sso = isset( $_GET['slack_sso'] ); | |
$is_slack_error = isset( $_GET['error'] ); | |
$is_slack_authenticated = isset( $_GET['code'] ); | |
$error_code = $is_slack_error ? sanitize_text_field( wp_unslash( $_GET['error'] ) ) : ''; | |
$auth_code = $is_slack_authenticated ? sanitize_text_field( wp_unslash( $_GET['code'] ) ) : ''; | |
if ( $is_slack_sso && $is_slack_authenticated ) { | |
/** | |
* User approved Slack Sign-In. | |
*/ | |
$slack_auth_uri = esc_url_raw( sprintf( 'https://slack.com/api/oauth.access?client_id=%s&client_secret=%s&code=%s', SLACK_SSO_CLIENT_ID, SLACK_SSO_CLIENT_SECRET, $auth_code ) ); | |
$response = wp_safe_remote_get( $slack_auth_uri ); | |
$response_object = json_decode( $response['body'] ); | |
if ( isset( $response_object->user ) ) { | |
$slack_user = $response_object->user; | |
$user = get_user_by( 'email', $slack_user->email ); | |
if ( false === $user ) { | |
$id = wp_create_user( $slack_user->name, wp_generate_password(), $slack_user->email ); | |
$user = ! is_wp_error( $id ) ? get_user_by( 'email', $slack_user->email ) : false; | |
} | |
if ( false === $user ) { | |
$is_slack_error = true; | |
$error_code = 'wp_user_error'; | |
} else { | |
// Save slack user to user meta. | |
update_user_option( $user->ID, 'slack_user', wp_json_encode( $slack_user ) ); | |
wp_set_auth_cookie( $user->ID ); | |
if ( isset( $_REQUEST['redirect_to'] ) ) { | |
$redirect_to = $_REQUEST['redirect_to']; | |
// Redirect to https if user wants ssl | |
if ( is_ssl() && false !== strpos( $redirect_to, 'wp-admin' ) ) { | |
$redirect_to = preg_replace( '|^http://|', 'https://', $redirect_to ); | |
} | |
} else { | |
$redirect_to = admin_url(); | |
} | |
wp_safe_redirect( $redirect_to ); | |
exit(); | |
} | |
} | |
} | |
/** | |
* Well this sign-in was unsuccessful. | |
*/ | |
if ( $is_slack_sso && $is_slack_error ) { | |
switch ( $error_code ) { | |
case 'wp_user_error': | |
$error_message = esc_html__( 'Could not find or create a user.', 'slack-sso' ); | |
break; | |
case 'access_denied': | |
$error_message = esc_html__( 'Could not log you in via Slack: Access Denied.', 'slack-sso' ); | |
break; | |
default: | |
$error_message = 'wat'; | |
} | |
add_filter( 'login_message', function ( $message ) use ( $error_message ) { | |
return '<div id="login_error">' . apply_filters( 'login_errors', $error_message ) . '</div>'; | |
} ); | |
} | |
} ); | |
/** | |
* Add "Sign in with Slack" button on Login Form. | |
*/ | |
add_action( 'login_form', function () { | |
echo sprintf( '<div><a href="https://slack.com/oauth/authorize?scope=identity.basic,identity.email,identity.team,identity.avatar&client_id=%s"><img alt="Sign in with Slack" height="40" width="172" src="https://platform.slack-edge.com/img/sign_in_with_slack.png" srcset="https://platform.slack-edge.com/img/sign_in_with_slack.png 1x, https://platform.slack-edge.com/img/sign_in_with_slack@2x.png 2x" /></a></div>', SLACK_SSO_CLIENT_ID ); // PHPCS: XSS ok. | |
} ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment