Last active
June 6, 2023 08:15
-
-
Save wpo365/58147512ded8b28812e6fc11dd4eaa07 to your computer and use it in GitHub Desktop.
An example of a plugin that hooks into the various WPO365 login hooks and filters. See https://docs.wpo365.com/article/82-developer-hooks for details.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Plugin Name: WPO365 Hooks (samples) | |
* Plugin URI: https://www.wpo365.com/downloads/wordpress-office-365-hooks/ | |
* Description: An example of a plugin that hooks into the various WPO365 login hooks. | |
* Version: 0.5 | |
* Author: marco@wpo365.com | |
* Author URI: https://www.wpo365.com | |
* License: GPL2+ | |
*/ | |
// Prevent public access to this script | |
defined( 'ABSPATH' ) or die( ); | |
/** | |
* The hook apply_filter( 'wpo365_skip_authentication' ) fires immediately after | |
* the plugin finished analysing whether or not authentication for the current | |
* request is required or not. Developers can use this hook to define and add | |
* custom business rules to skip authentication. | |
* | |
* Please note that the hook will not fire if a reason to skip authentication | |
* for the current request has been found prior to reaching the point where | |
* the hook is fired. | |
*/ | |
function skip_authentication_for_ip_range() { | |
if ( class_exists( '\Wpo\Services\Log_Service' ) ) { | |
\Wpo\Services\Log_Service::write_log( 'WARN', "The hook apply_filter( 'wpo365_skip_authentication' ) just fired" ); | |
} | |
return false; | |
} | |
add_filter( 'wpo365_skip_authentication', 'skip_authentication_for_ip_range', 10, 0 ); | |
/** | |
* The hook do_action( 'wpo365_openid_token_processed' ) fires immediately after | |
* a user successfully signed in with Microsoft. | |
* | |
* The hook provides the user's WordPress ID and optionally a one-dimensional | |
* array of GUIDs (as strings) of all the Azure AD groups the user is a member | |
* of. Developers wanting to use this array should test for emptiness. | |
*/ | |
function user_signed_in_with_microsoft( $wp_usr_id, $group_ids, $id_token ) { | |
if ( class_exists( '\Wpo\Services\Log_Service' ) ) { | |
\Wpo\Services\Log_Service::write_log( 'WARN', "The hook do_action( 'wpo365_openid_token_processed' ) just fired for user $wp_usr_id" ); | |
\Wpo\Services\Log_Service::write_log( 'DEBUG', $id_token ); | |
} | |
} | |
add_action( 'wpo365_openid_token_processed', 'user_signed_in_with_microsoft', 10, 3 ); | |
/** | |
* The hook do_action( 'wpo365_access_token_processed' ) fires immediately after | |
* a user successfully obtained an access token. | |
* | |
* The hook provides the user's WordPress ID and the bearer token that has just | |
* been obtained. | |
* | |
* Please note that the bearer token is only valid for up to one hour and the | |
* permissions assigned to it depend on the configuration of the static | |
* permissions that have been configured for the corresponding Azure AD | |
* App registration / Service Principal. | |
*/ | |
function users_obtained_access_token( $wp_usr_id, $bearer_token ) { | |
if ( class_exists( '\Wpo\Services\Log_Service' ) ) { | |
\Wpo\Services\Log_Service::write_log( 'WARN', "The hook do_action( 'wpo365_access_token_processed' ) just fired for user $wp_usr_id and provided the following bearer token: $bearer_token" ); | |
} | |
} | |
add_action( 'wpo365_access_token_processed', 'users_obtained_access_token', 10, 2 ); | |
/** | |
* The following example is to demonstrate how you can obtain a user's access token from Azure AD's | |
* v2.0 endpoint for the given scope https://graph.microsoft.com/User.Read.All using the internal | |
* WPO365 API in order to obtain a (Microsoft Graph) resource of type User. | |
* The example below hooks into the wp_footer action to print the user's display name | |
* in the bottom area of (any) front post / page. | |
*/ | |
function get_user_department() { | |
if ( !class_exists( '\Wpo\Services\Access_Token_Service' ) || !method_exists( '\Wpo\Services\Access_Token_Service', 'get_access_token' ) ) { | |
return; | |
} | |
$access_token = \Wpo\Services\Access_Token_Service::get_access_token( 'https://graph.microsoft.com/User.Read.All' ); | |
if ( \is_wp_error( $access_token ) ) { | |
// handle error | |
return; | |
} | |
$headers[] = 'Authorization: Bearer ' . $access_token->access_token; | |
$url = 'https://graph.microsoft.com/beta/me'; | |
$curl = curl_init(); | |
curl_setopt($curl, CURLOPT_URL, $url ); | |
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); | |
curl_setopt( $curl, CURLOPT_HTTPHEADER, $headers ); | |
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); // Skip verify peer | |
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); // Skip verify host | |
$raw = curl_exec( $curl ); | |
if ( curl_error( $curl ) ) { | |
// Handle error | |
curl_close( $curl ); | |
return; | |
} | |
curl_close( $curl ); | |
$graph_response = json_decode( $raw ); | |
$user_display_name = $graph_response->displayName; | |
echo "<p>Logged in user: $user_display_name</p>"; | |
} | |
add_action( 'wp_footer', 'get_user_department', 10, 1 ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment