Changeset 1932034

Timestamp:

08/28/2018 08:58:15 PM (7 years ago)

Author:

shfarr

Message:

moving to version 1.6

Location:

identity-plus/trunk

Files:

• identity-plus.php (modified) (1 diff)
• lib/identity_plus/Identity_Plus_API.php (modified) (10 diffs)
• lib/identity_plus/api/Communication.php (modified) (10 diffs)
• lib/initialize.php (modified) (9 diffs)
• lib/settings_panel.php (modified) (10 diffs)
• readme.txt (modified) (1 diff)

identity-plus/trunk/identity-plus.php

@@ -5 +5 @@
    Plugin URI: https://wordpress.org/plugins/identity-plus
    Description: Connect your WordPress with Identity + and enable invisible 2 factor authentication, secured SSO, SSL Client Certificate based access on select pages and join the Identity + network of trust where devices and people are anonymousely rated based on how they behave. 
-   Version: 1.5
+   Version: 1.6
    Author: Identity +
    Author URI: http://identity.plus

identity-plus/trunk/lib/identity_plus/Identity_Plus_API.php

@@ -17 +17 @@
 use identity_plus\api\communication\Reference_Number;
 use identity_plus\api\communication\Intrusion_Reference;
+use identity_plus\api\communication\Intent_Type;
+use identity_plus\api\communication\Intent;
+use identity_plus\api\communication\Intent_Reference;
 
 /*
@@ -146 +149 @@
      * should only be made in the presence of an ongoing session.
      * 
-     * @param unknown $anonymous_id: the anonymous id extracted from the SSL Client Certificate of the visitor currently holding the session
+     * @param unknown $serial_number: the anonymous id extracted from the SSL Client Certificate of the visitor currently holding the session
      * @param unknown $local_id: the local unique id to bind with this anonymous user, the id must point back to the currently logged in user
      * @param unknown $account_age_days: the number of days since this person has a local account
@@ -152 +155 @@
      * @return if all goes well an updated Identity_Profile (with the freshly bound local user) otherwise a Simple_Response containing an error code
      */
-    public function bind_local_user($anonymous_id, $local_id, $account_age_days, $trust_so_far = 100){
-        $request = new Local_User_Information($anonymous_id, $local_id, $account_age_days, $trust_so_far);
+    public function bind_local_user($serial_number, $local_id, $account_age_days, $trust_so_far = 100){
+        $request = new Local_User_Information($serial_number, $local_id, $account_age_days, $trust_so_far);
         return $this->issue_call($request, "PUT");
     }
@@ -185 +188 @@
      * Adjust your trust regime based on these values.
      * 
-     * @param unknown $local_user_id: the local id of the user, if applicable, if trust is added for a strange visitor this can be left empty
-     * @param unknown $anonymous_id: this is only needed if there is no local user, in that case the trust goes to the stranger bearing this anonymous id
+     * @param unknown $local_user_name: the local id of the user, if applicable, if trust is added for a strange visitor this can be left empty
+     * @param unknown $serial_number: this is only needed if there is no local user, in that case the trust goes to the stranger bearing this anonymous id
      * @param unknown $trust_tokens: the amount of trust.
      * @return if all goes well an updated Identity_Profile (containting the extra trust) otherwise a Simple_Response containing an error code
      */
-    public function put_trust($local_user_id, $anonymous_id, $trust_tokens){
-        $request = new Trust($local_user_id, $anonymous_id, $trust_tokens);
+    public function put_trust($local_user_name, $serial_number, $trust_tokens){
+        $request = new Trust($local_user_name, $serial_number, $trust_tokens);
         return $this->issue_call($request, "PUT");
     }
@@ -205 +208 @@
      * If it is legitimate adjust severity accordingly. 
      * 
-     * @param unknown $anonymous_id: the certificate to report against.
+     * @param unknown $serial_number: the certificate to report against.
      * @param unknown $severity: the severity of the intrusion see Intrusion_Severity class 
      * @param unknown $message: a message to send the owner
@@ -212 +215 @@
      * @return A reference Number for the intrusion
      */
-    public function report_intrustion($anonymous_id, $severity, $message, $url, $additional_information = ''){
+    public function report_intrustion($serial_number, $severity, $message, $url, $additional_information = ''){
         $headers = array();
         foreach ($_SERVER as $key => $value){
@@ -221 +224 @@
         
         $request = new Intrusion_Report(
-                $anonymous_id, $severity, $message, 
+                $serial_number, $severity, $message, 
                 $_SERVER['REMOTE_ADDR'],
                 $url, 
@@ -235 +238 @@
      * certificate since then.
      *   
-     * @param unknown $anonymous_id
+     * @param unknown $serial_number
      * @return if all goes well an Identity_Profile, otherwise a Simple_Response containing an error code
      */
-    public function query_identity_plus_profile($anonymous_id){
-        $request = new Identity_Inquiry($anonymous_id);
+    public function query_identity_plus_profile($serial_number){
+        $request = new Identity_Inquiry($serial_number);
         return $this->issue_call($request, "POST");
+    }
+
+    /**
+     * Creates an activity intent that can later be references 
+     *   
+     * @param unknown $serial_number
+     * @return if all goes well an Identity_Profile, otherwise a Simple_Response containing an error code
+     */
+    public function create_intent($type, $local_user_name, $name, $email_address, $phone_number, $return_url){
+        $request = new Intent($type, $local_user_name, $name, $email_address, $phone_number, $return_url);
+        return $this->issue_call($request, "PUT");
     }
     
@@ -323 +337 @@
         else if(property_exists($data, 'Reference-Number')) return new Reference_Number($data->{'Reference-Number'});
         else if(property_exists($data, 'Anonymous-ID')) return new Anonymous_ID($data->{'Anonymous-ID'});
+        else if(property_exists($data, 'Intent-Reference')) return new Intent_Reference($data->{'Intent-Reference'});
         else return new Simple_Response($data->{'Simple-Response'});
     }
@@ -356 +371 @@
         $payload =  Identity_Plus_Utils::base64url_decode($_GET['idp-api-response']);
         $response = $this->decrypt($payload);
-        $anonymous_id = Identity_Plus_API::decode(json_decode($response));
-        if($anonymous_id instanceof Anonymous_ID){
-            $http_session['identity-plus-anonymous-id'] = $anonymous_id->anonymous_id;
+
+        $serial_number = Identity_Plus_API::decode(json_decode($response));
+        if($serial_number instanceof Anonymous_ID){
+            $http_session['identity-plus-anonymous-id'] = $serial_number->serial_number;
         }
         else $http_session['identity-plus-anonymous-id'] = 'N/A';

identity-plus/trunk/lib/identity_plus/api/Communication.php

@@ -141 +141 @@
 
 /**
- * The Anonymous_ID is part of the Legacy HTTP call assembly.
+ * The serial_number is part of the Legacy HTTP call assembly.
  * This response comes URL encoded as part of the redirect when the the
  * identity + service is used to read the client certificate from the user browser.
@@ -156 +156 @@
      * The anonymous id as identified by the identity+ api
      */
-    public $anonymous_id;
+    public $serial_number;
 
     /**
@@ -176 +176 @@
         parent::__construct($data);
         
-        $this->anonymous_id = $data->{'anonymous-id'};
+        $this->serial_number = $data->{'serial-number'};
         $this->salt = $data->{'salt'};
     }
@@ -231 +231 @@
      * this field will be empty.
      */
-    public $local_user_id;
+    public $local_user_name;
 
     /**
@@ -287 +287 @@
         parent::__construct($data);
 
-        if(isset($data->{'local-user-id'})) $this->local_user_id = $data->{'local-user-id'};
+        if(isset($data->{'local-user-id'})) $this->local_user_name = $data->{'local-user-name'};
         if(isset($data->{'user-secret'})) $this->user_secret = $data->{'user-secret'};
         $this->trust_sponsors = $data->{'trust-sponsors'};
@@ -299 +299 @@
 }
 
+/**
+ * The response for an intent ia a reference token which comes encoded as a JSon object
+ * so it can be easily differentiated from an error response
+ *
+ * @author Stefan Harsan Farr
+ */
+class Intent_Reference extends API_Response{
+    /**
+     * The reference value
+     */
+    public $value;
+
+    public function __construct($data){
+        parent::__construct($data);
+        $this->value = $data->{'value'};
+    }
+}
+
+/**
+ * The type of the intent
+ * 
+ * @author Stefan Harsan Farr
+ */
+class Intent_Type {
+    /* check if the device has a certificate. This is usually necessary if the site cannot read the certificate itself. No action will be performed if certificate is not found */
+    const discover = 'discover';
+
+    /* request this device to be certified. Connect device or sign up for identity plus if necessary. The operation will be performed under the brand of the domain */
+    const request = 'request';
+
+    /* request this device to be certified and bind local user to it. Connect device or sign up for identity plus if necessary. The operation will be performed under the brand of the domain */
+    const bind = 'bind'; 
+}
+
+class Intent extends API_Request{
+    /**
+     * The type of the intent, can be any of {'discover', 'request', 'bind'}, see Inttent_Type
+     */
+    public $type;
+
+    /**
+     * Local user name for the identity plus account to be bound with.
+     * If they type is 'bind', this field must be specified
+     */
+    public $local_user_name;
+
+    /**
+     * the URL to return to after the operation
+     */
+    public $return_url;
+
+    /**
+     * Optionally share personal information with IdentityPlus, to speed up sign up procedure
+     */
+    public $name;
+    public $email_address;
+    public $phone_number;
+
+    public function __construct($type, $serial_number, $local_user_name, $name, $email_address, $phone_number, $return_url) {
+        $this->type = $type;
+        $this->local_user_name = $local_user_name;
+        $this->return_url = $return_url;
+        $this->email_address = $email_address;
+        $this->phone_number = $phone_number;
+        $this->name = $name;
+    }
+}
 
 class Identity_Inquiry extends API_Request{
     /**
-     * The anonymous id extracted from the identity + certificate of the visitor
-     */
-    public $anonymous_id;
-
-    public function __construct($anonymous_id) {
-        $this->anonymous_id = $anonymous_id;
+     * The serial number extracted from the identity + certificate of the visitor
+     */
+    public $serial_number;
+
+    public function __construct($serial_number) {
+        $this->serial_number = $serial_number;
     }
 }
@@ -346 +413 @@
      * at this stage identity + is not yet aware of the association, therefore it cannot search for the user name
      */
-    public $anonymous_id;
+    public $serial_number;
 
     /**
@@ -369 +436 @@
     public $tokens_of_trust;
 
-    public function __construct($anonymous_id, $local_user_name, $local_user_age, $tokes_of_trust = 100) {
+    public function __construct($serial_number, $local_user_name, $local_user_age, $tokes_of_trust = 100) {
         $this->local_user_name = $local_user_name;
         $this->tokens_of_trust = $tokes_of_trust;
-        $this->anonymous_id = $anonymous_id;
+        $this->serial_number = $serial_number;
         $this->local_user_age = $local_user_age;
     }
@@ -387 +454 @@
      * The anonymous id to refer. This is only available when the Identity + account is not bound to local user
      */
-    public $anonymous_id;
+    public $serial_number;
     
     /**
@@ -397 +464 @@
     public $tokens_of_trust;
 
-    public function __construct($local_user_name, $anonymous_id, $tokens_of_trust){
+    public function __construct($local_user_name, $serial_number, $tokens_of_trust){
         $this->local_user_name = $local_user_name;
-        $this->anonymous_id = $anonymous_id;
+        $this->serial_number = $serial_number;
         $this->tokens_of_trust = $tokens_of_trust;
     }

identity-plus/trunk/lib/initialize.php

@@ -14 +14 @@
 use identity_plus\api\Identity_Plus_API;
 use identity_plus\api\communication\Anonymous_ID;
+use identity_plus\api\communication\Intent_Type;
+use identity_plus\api\communication\Intent_Reference;
 
 add_action( 'wp_enqueue_scripts', 'identity_pluss_cf_frame_style' );
 add_action( 'admin_enqueue_scripts', 'identity_pluss_cf_admin_frame_style' );
 
+add_filter('manage_users_columns', 'idp_add_user_id_column');
+add_action('manage_users_custom_column',  'idp_show_user_id_column_content', 10, 3);
+
+function idp_add_user_id_column($columns) {
+    $columns['user_id'] = 'Id +';
+    return $columns;
+}
+ 
+function idp_show_user_id_column_content($value, $column_name, $user_id) {
+    $user = get_userdata( $user_id );
+    if ( 'user_id' == $column_name ){
+        $idp_bound = get_user_meta($user_id, 'identity-plus-bound', true);
+        if($idp_bound) return $idp_bound;
+        else return 'N/A';
+    }
+    return $value;
+}
 
 function identity_plus_initialize(){
@@ -39 +58 @@
             // attempt to start session
             session_start();
-            $identity_plus_api =null;
+            $identity_plus_api = null;
 
             // if returning from Identity + with information payload
@@ -60 +79 @@
                     
                 // Get Identity + User Profile if we have anonymous id
-                if(!isset($_SESSION['identity-plus-user-profile'])) $identity_plus_api = identity_plus_obtain_user_profile($options, $identity_plus_api);
+                if(!isset($_SESSION['identity-plus-user-profile'])){
+                     $identity_plus_api = identity_plus_obtain_user_profile($options, $identity_plus_api);
+                }
             }
     
@@ -66 +87 @@
             // If Identity + Profile Exists
             if(isset($_SESSION['identity-plus-user-profile'])) $identity_plus_api = identity_plus_autologin($options, $identity_plus_api);
-    
+
+            // see if we triggered a bind event
+            if(isset($_SESSION['identity-plus-user-profile']) && $_GET['bind'] && !get_user_meta($user_id, 'identity-plus-bound', true)){
+                $user_id = get_current_user_id();
+                
+                // the user was already bound, we specified that via the intent, but we need to this return value so that we can
+                // remember this connection locally (it is optional, but useful), and to give feedback to the user
+                add_user_meta($user_id, 'identity-plus-bound', $_SESSION['identity-plus-user-profile']->local_user_name);
+
+                $error = "I: Your wordpress account and your identity plus account have been connected!";
+                set_transient("identity_plus_acc_{$user_id}", $error, 45);      
+            }   
     
             // verify if the resource matches the filter
@@ -164 +196 @@
             
         // If user is logged in and the Identity + profile is not bound
-        // and if we have bind all enabled or the user is an administrator
-        if(is_user_logged_in() && !isset($profile->local_user_id) && (isset($options['bind_all']) && $options['bind_all'] || current_user_can('administrator'))){
+        if(is_user_logged_in() && !isset($profile->local_user_name) && false){
             if($identity_plus_api == null) $identity_plus_api = identity_plus_create_api($options);
     
@@ -178 +209 @@
         // Identity + Profile with local user ID connected
         // will log in the user automatically
-        if(!is_user_logged_in() && isset($profile->local_user_id)){
-            $user = get_user_by('id', $profile->local_user_id);
-    
+        if(!is_user_logged_in() && isset($profile->local_user_name)){
+            $user = get_user_by('id', $profile->local_user_name);
+
             // Automatically log in the user who owns the certificate
             if(!is_wp_error($user)){
@@ -194 +225 @@
         // but just in case so that we know which other users are connected, when they are
         // not necessarily on-line
-        if(is_user_logged_in() && isset($profile->local_user_id)) add_user_meta(wp_get_current_user()->ID, "identity-plus-bound", $profile->local_user_id, true);
+        if(is_user_logged_in() && isset($profile->local_user_name)) add_user_meta(wp_get_current_user()->ID, "identity-plus-bound", $profile->local_user_name, true);
 }
 
@@ -222 +253 @@
         // This one is more restrictive
         $lock_resource = false;
-        if(isset($options['lock-down']) && $options['lock-down'] && (!isset($_SESSION['identity-plus-user-profile']) || !isset($_SESSION['identity-plus-user-profile']->local_user_id))){
+
+        // unifying lock-down and enforce to avoid confusion so we are taking this sectionout
+        // if(isset($options['lock-down']) && $options['lock-down'] && (!isset($_SESSION['identity-plus-user-profile']) || !isset($_SESSION['identity-plus-user-profile']->local_user_name))){
             // If lock down is on and
             // No Identity + Profile or there is no local user bound
-            $lock_resource = true;
-        }
-        else if(isset($options['enforce']) && $options['enforce']  && !isset($_SESSION['identity-plus-user-profile'])){
+        //  $lock_resource = true;
+        //} else 
+
+        if(isset($options['enforce']) && $options['enforce']  && !isset($_SESSION['identity-plus-user-profile'])){
             // Enforce is on and
             // No Identity + Profile
@@ -263 +297 @@
                 
                 // add the footer cross-validation widget
-                if(isset($identity_plus_api) && $identity_plus_api != NULL){?>
+                if(false && isset($identity_plus_api) && $identity_plus_api != NULL){?>
                         <iframe src="<?php echo Identity_Plus_API::validation_endpoint; ?>/widgets/cross-validation?origin=<?php echo $identity_plus_api->cert_details['serialNumber'] ?>&challenge=<?php echo  $identity_plus_api->compute_challenge()?>" scrolling="no" class="identity-plus-cf"></iframe>
                         <?php

identity-plus/trunk/lib/settings_panel.php

@@ -6 +6 @@
 }
 
+use identity_plus\api\communication\Intent_Type;
+
+
 add_action( 'admin_enqueue_scripts', 'identity_plus_admin_styles' );
 add_action( 'admin_menu', 'identity_plus_add_admin_menu' );
@@ -13 +16 @@
 
 function identity_plus_add_admin_menu(  ) {
-        add_options_page( 'Identity +', 'Identity +', 'manage_options', 'identity_plus_network_of_trust', 'identity_plus_options_page' );
+        add_options_page( 'IdentityPlus Settings', 'Identity +', 'manage_options', 'identity_plus_network_of_trust', 'identity_plus_options_page' );
 }
 
@@ -36 +39 @@
         add_settings_field('cert-file', __( 'Certificate File', 'identity_plus' ),  'identity_plus_cert_file_render', 'identity_plus_cert_section', 'identity_plus_identity_plus_cert_section_section');
         add_settings_field('cert-password', __( 'Certificate Password', 'identity_plus' ), 'identity_plus_cert_password_render', 'identity_plus_cert_section',  'identity_plus_identity_plus_cert_section_section' );
-    
-        add_settings_section('identity_plus_behavior_section',  __( 'Behavior', 'identity_plus' ), 'identity_plus_behavior_section_callback', 'identity_plus_cert_section');
-        add_settings_field('bind_all', __( 'Connect Any User', 'identity_plus' ), 'identity_plus_bind_all_render', 'identity_plus_cert_section', 'identity_plus_behavior_section');
-        
+            
         add_settings_section('identity_plus_access_section',    __( 'Resource Access', 'identity_plus' ), 'identity_plus_settings_section_callback', 'identity_plus_cert_section');
         add_settings_field('enforce', __( 'Filtered Page Access', 'identity_plus' ), 'identity_plus_enforce_render', 'identity_plus_cert_section', 'identity_plus_access_section');
-        add_settings_field('lock-down', __( 'Lock Down Filtered Pages', 'identity_plus' ), 'identity_plus_lock_down_render', 'identity_plus_cert_section', 'identity_plus_access_section');
+#       add_settings_field('lock-down', __( 'Lock Down Filtered Pages', 'identity_plus' ), 'identity_plus_lock_down_render', 'identity_plus_cert_section', 'identity_plus_access_section');
         add_settings_field('page-filter', __( 'Page Filter', 'identity_plus' ), 'identity_plus_page_filter_render', 'identity_plus_cert_section',   'identity_plus_access_section');
     
@@ -65 +65 @@
 
 
-function identity_plus_bind_all_render(  ) {
-        $options = get_option( 'identity_plus_settings' );?>
-        <input type='checkbox' id='identity_plus_settings[bind_all]' name='identity_plus_settings[bind_all]' <?php isset($options['bind_all']) ? checked( $options['bind_all'], 1 ) : ""; ?> value='1'><label for='identity_plus_settings[bind_all]'>Enabled</label>
-        <p style="max-width:640px; font-size:90%; color:rgba(0, 0, 0, 0.6);">The default behavior is to only bind administrator accounts, but if this option is checked, the plug-in will bind all local user to their Identity + accounts. 
-        Caution must be taken with this option if you have the free, Personal API Ccertificate, as it only allows for 10 users to be bound</p><?php
-}
-
-
 
 function identity_plus_comments_render(  ) {
         $options = get_option( 'identity_plus_settings' );?>
         <input type='checkbox' id='identity_plus_settings[comments]' name='identity_plus_settings[comments]' <?php isset($options['comments']) ? checked( $options['comments'], 1 ) : ""; ?> value='1'><label for='identity_plus_settings[comments]'>Enforce Identity + SSL Client Certificate</label>
-        <p style="max-width:640px; font-size:90%; color:rgba(0, 0, 0, 0.6);">When Identity + SSL Client Certificate is enforced, comments will be blocked to devices with no certificates.
+        <p class="identity-plus-hint" style="max-width:640px; font-size:90%; color:rgba(0, 0, 0, 0.6);">When Identity + SSL Client Certificate is enforced, comments will be blocked to devices with no certificates.
         Devices that have certificate and submit spam, will be blocked upon the first report of the smap preventing them from repeating the action.
         This makes the life of spammers extremely difficul.</p><?php
@@ -87 +79 @@
         $options = get_option( 'identity_plus_settings' );?>
         <input type='checkbox' id='identity_plus_settings[enforce]' name='identity_plus_settings[enforce]' <?php isset($options['enforce']) ? checked( $options['enforce'], 1 ) : ""; ?> value='1'><label for='identity_plus_settings[enforce]'>Enforce Identity + Device Certificate</label>
-        <p style="max-width:640px; font-size:90%; color:rgba(0, 0, 0, 0.6);">When Identity + certificate is enforced, resources starting with any of the enumerated filters will only 
+        <p class="identity-plus-hint" style="max-width:640px; font-size:90%; color:rgba(0, 0, 0, 0.6);">When Identity + certificate is enforced, resources starting with any of the enumerated filters will only 
         be accessible from devices (desktop / laptop /mobile ) bearing a valid Identity + SSL Client Certificate. Local user roles apply</p><?php
 }
@@ -96 +88 @@
         $options = get_option( 'identity_plus_settings' );?>
         <input type='checkbox' id='identity_plus_settings[lock-down]' name='identity_plus_settings[lock-down]' <?php isset($options['lock-down']) ? checked( $options['lock-down'], 1 ) : ""; ?> value='1'><label for='identity_plus_settings[lock-down]'>Enabled</label>
-        <p style="max-width:640px; font-size:90%; color:rgba(0, 0, 0, 0.6);">When lock down is enabled the filtered resources will only be accessible to Identity + connected users.</p><?php
+        <p class="identity-plus-hint" style="max-width:640px; font-size:90%; color:rgba(0, 0, 0, 0.6);">When lock down is enabled the filtered resources will only be accessible to Identity + connected users.</p><?php
 }
 
@@ -103 +95 @@
 function identity_plus_page_filter_render(  ) { 
         $options = get_option( 'identity_plus_settings' );?>
+        <label for='identity_plus_settings[page-filter]'>One filter per line.</label>
         <textarea cols='40' rows='5' name='identity_plus_settings[page-filter]'><?php echo isset($options['page-filter']) && strlen($options['page-filter']) > 0 ? $options['page-filter'] : "/wp-admin\n/wp-login.php"; ?></textarea>
-        <label for='identity_plus_settings[page-filter]'>
-                <br>One filter per line.<br>
-        </label>
         <?php
 }
@@ -154 +144 @@
 
 
-function identity_plus_behavior_section_callback(  ) {
-        ?><p class="identity-plus-separator" style="padding-top:5px;"></p><p class="identity-plus-hint">Users that are connected can automatically be logged in.</p>
-        <?php 
-                // display at most 30 already bound users
-                $users = get_users(array('meta_key' => 'identity-plus-bound'));
-                $user_count = sizeof($users);
-                $display = 0;
-                $text = "";
-                
-                foreach ($users as $u){
-                        if(strlen($text) > 0){
-                                $text .= ", ";
-                                if($display % 10 == 0) $text .= "<br>";
-                        }
-                        $text .= $u->user_login.($u->user_login == wp_get_current_user()->user_login ? ' <sup style="color:#808080;" >(you)</sup>' : "")." {".$u->ID."}";
-                            
-                        if($display == 29) break;
-                        else $display++;
-                }
-
-                if($user_count > $display) $text .= "<br>and other ".($user_count - $display -31)." user(s)";
-        ?>
-        <div class="cert"><h4>Users Connected</h4><p><?php echo $text; ?></p></div><?php
-}
-
-
-
 function identity_plus_admin_styles(  ) {
         ?>
         <style>
-                .identity-plus-main-fm {margin:0; background:url('<?php echo plugins_url( 'img/identity-plus-shield.svg', __FILE__ ) ?>') no-repeat top left; background-size:96px;}
+                .identity-plus-main-fm {margin:0; background:url('<?php echo plugins_url( 'img/idp.svg', __FILE__ ) ?>') no-repeat top left; background-size:64px;}
                 .identity-plus-main-fm th{padding-bottom:15px; padding-top:15px; color:#136a92;}
                 .identity-plus-main-fm td{padding-bottom:10px; padding-top:10px; }
-                .identity-plus-main-fm h1{padding-left:95px; padding-top:20px; margin-bottom:0; font-size:36px;font-weight:normal; }
-                .identity-plus-main-fm h5{padding-left:95px; font-size:20px; font-weight:300; padding-top:0; margin-top:15px;}
-                .identity-plus-main-fm h2, .identity-plus-main-fm h3{border-bottom:0; background:#202020; float:left; padding:5px 20px; margin-bottom:0px; color:#D0D0D0; font-weight:normal; border-top-left-radius:5px; border-top-right-radius:5px; margin-left:10px;}
+                .identity-plus-main-fm h1{padding-left:80px; padding-top:10px; margin-bottom:0; font-size:36px;font-weight:normal; }
+                .identity-plus-main-fm h5{padding-left:80px; font-size:20px; font-weight:300; padding-bottom:5px; padding-top:0; margin-top:15px;}
+                .identity-plus-main-fm h2, .identity-plus-main-fm h3{border-bottom:0; background:#303030; float:left; clear:left; padding:5px 20px; margin-bottom:0px; color:#62B2F3; font-weight:normal; border-top-left-radius:5px; border-top-right-radius:5px; margin-left:10px;}
                 .identity-plus-main-fm h4{border-bottom:1px solid #E0E0E0; color:#707070; padding-bottom:3px; padding-top:10px; margin-bottom:5px; font-weight:normal; font-size:16px;padding-top:0; margin-top:0; }
                 .identity-plus-main-fm .cert {max-width:600px; border-radius:3px; float:left; clear:both;}
                 .identity-plus-main-fm .cert p span{font-weight:bold;}
-                .identity-plus-main-fm .cert p{margin:0px;}
+                .identity-plus-main-fm .cert p{margin:0px; float:left; clear:left;}
                 .identity-plus-main-fm .cert {padding:10px; background:rgba(255, 255, 255, 0.6); border:1px solid rgba(0, 0, 0, 0.3);}
-                .identity-plus-separator{border-top:1px solid #000000; margin-top:0px; float:left; width:90%; clear:both; -webkit-box-shadow: inset 0px 3px 13px -5px rgba(0,0,0,0.75); -moz-box-shadow: inset 0px 3px 13px -5px rgba(0,0,0,0.75); box-shadow: inset 0px 3px 13px -8px rgba(0,0,0,0.75); height:5px; margin-bottom:0px;}
+                .identity-plus-separator{border-top:1px solid #303030; margin-top:0px; float:left; width:90%; clear:both; height:5px; margin-bottom:0px;}
                 .identity-plus-hint{float:left; clear:both; max-width:600px; color:#606060; font-size:14px; margin-top:0px; margin-bottom:10px;}
+                .identity-plus-brand span{color:#4292D3;}
+                .identity-plus-main-fm input, .identity-plus-main-fm textarea{ float:left; clear:left;}
+                .identity-plus-main-fm input[type="checkbox"]{ margin-top:0; margin-right:5px;}
+                .identity-plus-main-fm label{ float:left; font-weight:400;}
+                .identity-plus-main-fm div{float:left; clear:left; overflow:hidden; margin-bottom:10px;}
+                .identity-plus-main-fm table{max-width:600px; float:left; clear:left;}
+                .identity-plus-main-fm table th img{border-radius:60px; border:3px solid #D0D0D0;}
         </style>
         <?php 
@@ -206 +176 @@
         ?>
         <form class="identity-plus-main-fm" action='options.php' method='post' enctype="multipart/form-data">
-                <h1>Identity +</h1>
-                <h5>of man &amp; machine</h5>
+                <h1 class="identity-plus-brand">Identity<span>plus</span></h1>
+                <h5>man &amp; machine</h5>
                 <?php
                         settings_fields( 'identity_plus_cert_section' );
@@ -244 +214 @@
 
 
+# -------------------------- Id + Menu Page
+
+add_action( 'admin_action_identity_plus_connect', 'identity_plus_connect');
+function identity_plus_connect(){
+        $user_id = get_current_user_id();
+        $options = get_option( 'identity_plus_settings' );
+        if($identity_plus_api == null) $identity_plus_api = identity_plus_create_api($options);
+
+        if(isset($_SESSION['identity-plus-user-profile'])){
+            $profile = $identity_plus_api->bind_local_user($_SESSION['identity-plus-anonymous-id'], $user_id, $days);
+
+            $_SESSION['identity-plus-user-profile'] = $profile;
+            add_user_meta($user_id, 'identity-plus-bound', $user_id);
+              $error = "I: Your wordpress account and your identity plus account have been connected!";
+            set_transient("identity_plus_acc_{$user_id}", $error, 45);      
+
+            wp_redirect( $_SERVER['HTTP_REFERER'] );
+        }
+        else{
+            $user_info = get_userdata($user_id);
+            $intent = $identity_plus_api->create_intent(Intent_Type::bind, $user_id, $user_info->user_firstname . ' ' . $user_info->user_lastname, $user_info->user_email, '', $_SERVER['HTTP_REFERER'] . '&bind=true');
+            wp_redirect('https://get.identity.plus?intent=' . $intent->value);
+        }
+
+        exit();
+}
+
+add_action( 'admin_action_identity_plus_disconnect', 'identity_plus_disconnect');
+function identity_plus_disconnect(){
+        $user_id = get_current_user_id();
+
+        if(!$_REQUEST['idp-i-am-sure']){
+            $error = "E: Please reinforce your desire to disconnect by checking the appropriate checkbox!";
+            set_transient("identity_plus_acc_{$user_id}", $error, 45);      
+        }
+        else{
+            $options = get_option('identity_plus_settings' );
+            if($identity_plus_api == null) $identity_plus_api = identity_plus_create_api($options);
+            $profile = $identity_plus_api->unbind_local_user($user_id);
+            $_SESSION['identity-plus-user-profile'] = $profile;
+
+            unset($_SESSION['identity-plus-user-profile']);
+            unset($_SESSION['identity-plus-anonymous-id']);
+
+            delete_user_meta($user_id, 'identity-plus-bound');
+            $error = "I: Your wordpress account and your identity plus account have been disconnected!";
+            set_transient("identity_plus_acc_{$user_id}", $error, 45);
+        }
+
+        wp_redirect( $_SERVER['HTTP_REFERER'] );
+        exit();
+}
+
+add_action( 'admin_menu', 'identity_plus_add_idp_page' );
+
+function identity_plus_add_idp_page(  ) {
+        $options = get_option( 'identity_plus_settings' );
+        if(!empty($options) && isset($options['cert-file'])){
+            add_menu_page( 
+                    'My IdentityPlus',
+                    'Device Identity', 
+                    'manage_options', 
+                    'identity_plus_authentication', 
+                    'identity_plus_authentication_page',
+                    'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHN2ZyAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIgICB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIiAgIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyIgICB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiAgIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgICB4bWxuczpzb2RpcG9kaT0iaHR0cDovL3NvZGlwb2RpLnNvdXJjZWZvcmdlLm5ldC9EVEQvc29kaXBvZGktMC5kdGQiICAgeG1sbnM6aW5rc2NhcGU9Imh0dHA6Ly93d3cuaW5rc2NhcGUub3JnL25hbWVzcGFjZXMvaW5rc2NhcGUiICAgdmVyc2lvbj0iMS4xIiAgIGlkPSJMYXllcl8xIiAgIHg9IjBweCIgICB5PSIwcHgiICAgd2lkdGg9IjEyOHB4IiAgIGhlaWdodD0iMTI4cHgiICAgdmlld0JveD0iMCAwIDEyOCAxMjgiICAgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMTI4IDEyODsiICAgeG1sOnNwYWNlPSJwcmVzZXJ2ZSIgICBpbmtzY2FwZTp2ZXJzaW9uPSIwLjkxIHIxMzcyNSIgICBzb2RpcG9kaTpkb2NuYW1lPSJkYXJrLXBsdXMtc2ltcGxlLnN2ZyI+PG1ldGFkYXRhICAgICBpZD0ibWV0YWRhdGEzOSI+PHJkZjpSREY+PGNjOldvcmsgICAgICAgICByZGY6YWJvdXQ9IiI+PGRjOmZvcm1hdD5pbWFnZS9zdmcreG1sPC9kYzpmb3JtYXQ+PGRjOnR5cGUgICAgICAgICAgIHJkZjpyZXNvdXJjZT0iaHR0cDovL3B1cmwub3JnL2RjL2RjbWl0eXBlL1N0aWxsSW1hZ2UiIC8+PC9jYzpXb3JrPjwvcmRmOlJERj48L21ldGFkYXRhPjxkZWZzICAgICBpZD0iZGVmczM3IiAvPjxzb2RpcG9kaTpuYW1lZHZpZXcgICAgIHBhZ2Vjb2xvcj0iI2ZmZmZmZiIgICAgIGJvcmRlcmNvbG9yPSIjNjY2NjY2IiAgICAgYm9yZGVyb3BhY2l0eT0iMSIgICAgIG9iamVjdHRvbGVyYW5jZT0iMTAiICAgICBncmlkdG9sZXJhbmNlPSIxMCIgICAgIGd1aWRldG9sZXJhbmNlPSIxMCIgICAgIGlua3NjYXBlOnBhZ2VvcGFjaXR5PSIwIiAgICAgaW5rc2NhcGU6cGFnZXNoYWRvdz0iMiIgICAgIGlua3NjYXBlOndpbmRvdy13aWR0aD0iOTQ4IiAgICAgaW5rc2NhcGU6d2luZG93LWhlaWdodD0iNDgwIiAgICAgaWQ9Im5hbWVkdmlldzM1IiAgICAgc2hvd2dyaWQ9ImZhbHNlIiAgICAgaW5rc2NhcGU6em9vbT0iMS40ODk3NjUxIiAgICAgaW5rc2NhcGU6Y3g9IjEwNi45NzU5IiAgICAgaW5rc2NhcGU6Y3k9IjY0IiAgICAgaW5rc2NhcGU6d2luZG93LXg9IjEzMSIgICAgIGlua3NjYXBlOndpbmRvdy15PSI0NDAiICAgICBpbmtzY2FwZTp3aW5kb3ctbWF4aW1pemVkPSIwIiAgICAgaW5rc2NhcGU6Y3VycmVudC1sYXllcj0iZzMiIC8+PGcgICAgIGlkPSJnMyIgICAgIHN0eWxlPSJmaWxsOiNjY2NjY2MiPjxwYXRoICAgICAgIHN0eWxlPSJmaWxsOiNjY2NjY2MiICAgICAgIGQ9Im0gMCwwIDAsMTI4IDEyOCwwIDAsLTEyOCB6IG0gMTIuNjQwNjI1LDQwLjAxNzU3OCAxMS43MzYzMjgsMCAwLDkuNTcyMjY2IC0xMS43MzYzMjgsMCB6IG0gNDQuMDY0NDUzLC02IDExLjgwMjczNCwwIDAsNTcuMDE1NjI1IGMgLTguMDAxNzcsLTAuMzY2MTE5IC0xMi41Nzk4MTgsMC4zMjQzMTMgLTIzLjkwMDM5LDAuOTQ5MjE5IC00LjUyNDU0NSwwIC04LjI0MTM2MywtMS43OTIyOSAtMTEuMTQ4NDM4LC01LjM3Njk1MyAtMi45MDcwNzQsLTMuNjA2NTIyIC00LjM1OTM3NSwtOC4yMzkyNDYgLTQuMzU5Mzc1LC0xMy45MDAzOTEgMCwtNS42NjExNDUgMS40NTIzMDEsLTEwLjI4NDQ3OCA0LjM1OTM3NSwtMTMuODY5MTQgMi45MDcwNzUsLTMuNjA2NTIyIDYuNjIzODkzLC01LjQxMDE1NyAxMS4xNDg0MzgsLTUuNDEwMTU3IDE3LjE0MDM1NywxLjA2OTY5IDExLjA2MDU2NCw0LjM5NDExNCAxMi4wOTc2NTYsLTE5LjQwODIwMyB6IG0gMzUuNzM2MzI4LDE0LjkxNzk2OSA3LjgwNDY4NCwwIDAsMTcuMTc5Njg3IDE3LjExMzI5LDAgMCw3LjczNjMyOCAtMTcuMTEzMjksMCAwLDE3LjE4MTY0MSAtNy44MDQ2ODQsMCAwLC0xNy4xODE2NDEgLTE3LjExMzI4MSwwIDAsLTcuNzM2MzI4IDE3LjExMzI4MSwwIHogbSAtNzkuODAwNzgxLDUuMzc2OTUzIDExLjczNjMyOCwwIDAsMzYuNzIwNzAzIC0xMS43MzYzMjgsMCB6IG0gMzYuMzI2MTcyLDcuNjM4NjcyIGMgLTIuNDkxNzc4LDAgLTQuNDAzMDA4LDAuOTE3ODU5IC01LjczNjMyOCwyLjc1MzkwNiAtMS4zMTE0NjIsMS44MzYwNDcgLTEuOTY4NzUsNC41MDI3NjcgLTEuOTY4NzUsOCAwLDMuNDk3MjMzIDAuNjU3Mjg4LDYuMTYzOTUzIDEuOTY4NzUsOCAxLjMzMzMyLDEuODM2MDQ3IDMuMjQ0NTUsMi43NTM5MDYgNS43MzYzMjgsMi43NTM5MDYgMi41MTM2MzYsMCA0LjQyNjgxOSwtMC45MTc4NTkgNS43MzgyODEsLTIuNzUzOTA2IDEuMzMzMzIsLTEuODM2MDQ3IDIsLTQuNTAyNzY3IDIsLTggMCwtMy40OTcyMzMgLTAuNjY2NjgsLTYuMTYzOTUzIC0yLC04IC0xLjMxMTQ2MiwtMS44MzYwNDcgLTMuMjI0NjQ1LC0yLjc1MzkwNiAtNS43MzgyODEsLTIuNzUzOTA2IHoiICAgICAgIGlkPSJyZWN0NSIgICAgICAgaW5rc2NhcGU6Y29ubmVjdG9yLWN1cnZhdHVyZT0iMCIgICAgICAgc29kaXBvZGk6bm9kZXR5cGVzPSJjY2NjY2NjY2NjY2NjY2NzY2NjY2NjY2NjY2NjY2NjY2NjY2Njc2NzY3Njc2NzIiAvPjwvZz48ZyAgICAgaWQ9ImcyNSIgLz48ZyAgICAgaWQ9ImcyNyIgLz48ZyAgICAgaWQ9ImcyOSIgLz48ZyAgICAgaWQ9ImczMSIgLz48ZyAgICAgaWQ9ImczMyIgLz48L3N2Zz4='
+            );
+        }
+}
+
+function identity_plus_idp_page(  ) {
+        $user_id = get_current_user_id();
+        $msg = get_transient("identity_plus_acc_{$user_id}");
+        if($msg){
+            if(strpos($msg, 'E: ') === 0){ ?><div class="error is-dismissible"><p><?php echo substr($msg, 3); ?></p></div><?php }
+            else{ ?><div class="notice notice-success is-dismissible"><p><?php echo substr($msg, 3); ?></p></div><?php }
+            delete_transient("identity_plus_acc_{$user_id}");
+        }
+
+        $options = get_option( 'identity_plus_settings' );
+
+        ?>
+                <?php if(get_user_meta($user_id, 'identity-plus-bound', true)){ ?>
+                    <table><tr>
+                            <th><img width="64" height="64" src="https://my.identity.plus/widgets/profile-picture"></th>
+                            <td><p class="identity-plus-hint">
+                                Your Wordpress uses <a target="_blank" title="My Identity Plus Application" href="https://my.identity.plus"><span>identity</span></a> to protect your account and your credentials.
+                                You can now enjoy secure password-less experience. Only devices owned and registered by you can access your Wordpress account.
+                            </p></td>
+                    </tr></table>
+
+                    <h2>Disconnect</h2><p class="identity-plus-separator" style="padding-top:5px;"></p>
+                    <?php if(isset($options['enforce']) && checked( $options['enforce'], 1 )){ ?>
+                        <p class="identity-plus-hint" >Your <a href="<?php echo admin_url('options-general.php?page=identity_plus_network_of_trust'); ?>">identityplus settings</a> only allow admin access from certified devices. Disconnect is disabled as you would lock yourself out from admin section.</p>
+                    <?php } else { ?>
+                        <p class="identity-plus-hint" >By disconnecting your identityplus account from the local account, you will lose the ability to sign in via device id. Are you sure?</p>
+                        <input type="hidden" name="action" value="identity_plus_disconnect">
+                        <div><input type="checkbox" id="idp-i-am-sure" name="idp-i-am-sure" onchange="document.getElementById('identity_plus_disconnect').style.display = document.getElementById('idp-i-am-sure').checked ? 'block' : 'none';"><label for="idp-i-am-sure">Yes, I am sure I want to disconnect.</label></div>
+                        <input type="submit" id="identity_plus_disconnect" style="display:none; background:#900000; color:#FFFFFF; padding:7px 15px 5px 15px; border-radius:2px; border:1px solid #500000" value="DISCONNECT">
+                    <?php } ?>
+
+                <?php } else if(isset($_SESSION['identity-plus-user-profile'])){ ?>
+                    <table><tr>
+                            <th><img width="64" height="64" src="https://my.identity.plus/widgets/profile-picture"></th>
+                            <td>
+                                <p class="identity-plus-hint">
+                                    Your Wordpress uses <a target="_blank" title="My Identity Plus Application" href="https://identity.plus"><span>identity</span></a> to protect your account and your credentials by
+                                    only allowing devices owned and registered by you to access your Wordpress account.
+                                </p>
+                            </td>
+                    </tr></table>
+                    
+                    <p class="identity-plus-hint" >Connect your identity<span class="identity-plus-brand">plus</span> account for secure, password-less login experience.</p>
+                    <input type="hidden" name="action" value="identity_plus_connect">
+                    <input type="submit" id="identity_plus_disconnect" style="background:#303030; color:#62B2F3; padding:7px 15px 5px 15px; border-radius:2px; border:1px solid #000000" value="CONNECT">
+                <?php } else { ?>
+                    <table><tr>
+                            <td>
+                                <p class="identity-plus-hint">
+                                    Your Wordpress uses <a target="_blank" title="My Identity Plus Application" href="https://identity.plus"><span>identity</span></a> to protect your account and your credentials by
+                                    only allowing devices owned and registered by you to access your Wordpress account.
+                                </p>
+                            </td>
+                    </tr></table>
+                    
+                    <p class="identity-plus-hint" >Get your free <span class="identity-plus-brand">plus</span> account for secure, password-less login experience.</p>
+                    <input type="hidden" name="action" value="identity_plus_connect">
+                    <input type="submit" id="identity_plus_disconnect" style="background:#303030; color:#62B2F3; padding:7px 15px 5px 15px; border-radius:2px; border:1px solid #000000" value="Get Id+">
+                <?php } ?>
+        <?php
+}
+
+
+function identity_plus_authentication_page(  ) {
+        ?>
+        <form class="identity-plus-main-fm" method="post" action="<?php echo admin_url( 'admin.php' ); ?>">
+                <h1 class="identity-plus-brand">Identity<span>plus</span></h1>
+                <h5>man &amp; machine</h5>
+                <?php wp_nonce_field('my_delete_action'); ?>
+                <?php identity_plus_idp_page(); ?>
+        </form>
+        <?php
+}
+
+
 add_filter('upload_mimes', 'identity_plus_enable_extra_extensions');
+

identity-plus/trunk/readme.txt

@@ -82 +82 @@
 == Changelog == 
 
+== 1.6 ==
+Migrated to v1.1 Identityplus API. Identityplus plugin now allows individual wordpress users to connect their accounts on-demand. This new version also lifted the 10 accounts limit for non-corporate certificates, meaning that not-for-profit sites (public benefit or personal sites that produce no revenue) can connect any number of accounts at no cost.
+
 = 1.5 =
 Verified compatibility with Wordpress 4.9.8.