Changeset 2106419

Timestamp:

06/14/2019 07:45:14 PM (7 years ago)

Author:

VanillaForums

Message:

Update jsConnect client library

Location:

vanilla-forums/trunk

Files:

• README.md (modified) (1 diff)
• functions.jsconnect.php (modified) (1 diff)
• plugin.php (modified) (2 diffs)
• readme.txt (modified) (1 diff)
• sso.php (modified) (1 diff)

vanilla-forums/trunk/README.md

@@ -3 +3 @@
 
 The official Vanilla Forums Wordpress plugin.
+
+# Updating Vanilla-WordPress plugin using subversion
+
+Vanilla-WordPress URL https://plugins.svn.wordpress.org/vanilla-forums.
+
+WordPress uses subversion (SVN) which is a free open source version control.
+
+## SVN Installation
+```sh
+brew install subversion
+```
+## SVN Client
+
+TurtoiseSVN for Windows or SCPlugin for MAC.
+
+## SVN Checkout
+
+* Pick a directory on your local machine you want subversion to track.Ex. wordpress-plugin-public/vanilla-forums.
+
+* To start tracking the project, we need to hook our local Vanilla-forums WordPress plugin. Right-click wordpress-plugin-public/vanilla-forums and choose svn checkout
+
+**URL of the repository should be**
+
+https://plugins.svn.wordpress.org/vanilla-forums
+
+**Checkout directory should be** 
+
+wordpress-plugin-public/vanilla-forums
+
+
+Your subversion client will begin to pull all of the files as they currently stand on the subversion server.
+
+Open wordpress-plugin-public/vanilla-forums you should see a .svn folder, branches, tags and trunk.
+
+## Folders Strcuture
+
+**Trunk**: contains the latest version of the plugin.
+
+**Tags**: contains the public ready version which is a copy of the trunk.
+
+## Pushing updates to SVN server
+
+Copy your changes for the local Vanilla-wordpress plugin folder and paste it in the trunk folder, make sure you update the plugin version in readme.txt file.
+
+Right click on wordpress-plugin-public/vanilla-forums and choose svn commit.
+
+You will be asked to provide Vanilla's WordPress username and password.
+
+*When you do a commit, the username to use is from readme.txt/Contributors, it is case-sensitive.*
+
+## Tagging a version
+
+Once you are ready for the public to use your plugin, you need to tag a version to set asside and leave alone.
+
+Right click on wordpress-plugin-public/vanilla-forums/trunk and choose SVN Branch/Tag. 
+
+In the "to path" add a /vanilla-forums/tags/version(ex. tags/1.1.18).
+
+
+
+
+

vanilla-forums/trunk/functions.jsconnect.php

@@ -1 +1 @@
 <?php
 /**
- * @version 1.0b
- * @copyright Copyright 2008, 2009 Vanilla Forums Inc.
- * @license http://www.opensource.org/licenses/gpl-2.0.php GPLv2
+ * This file contains the client code for Vanilla jsConnect single sign on.
+ *
+ * @author Todd Burry <[email protected]>
+ * @version 2.0
+ * @copyright 2008-2017 Vanilla Forums, Inc.
+ * @license GNU GPLv2 http://www.opensource.org/licenses/gpl-2.0.php
  */
 
 define('JS_TIMEOUT', 24 * 60);
 
-function WriteJsConnect($User, $Request, $ClientID, $Secret, $Secure = TRUE) {
-   $User = array_change_key_case($User);
-   
-   // Error checking.
-   if ($Secure) {
-      // Check the client.
-      if (!isset($Request['client_id']))
-         $Error = array('error' => 'invalid_request', 'message' => 'The client_id parameter is missing.');
-      elseif ($Request['client_id'] != $ClientID)
-         $Error = array('error' => 'invalid_client', 'message' => "Unknown client {$Request['client_id']}.");
-      elseif (!isset($Request['timestamp']) && !isset($Request['signature'])) {
-         if (is_array($User) && count($User) > 0) {
-            // This isn't really an error, but we are just going to return public information when no signature is sent.
-            $Error = array('name' => $User['name'], 'photourl' => @$User['photourl']);
-         } else {
-            $Error = array('name' => '', 'photourl' => '');
-         }
-      } elseif (!isset($Request['timestamp']) || !is_numeric($Request['timestamp']))
-         $Error = array('error' => 'invalid_request', 'message' => 'The timestamp parameter is missing or invalid.');
-      elseif (!isset($Request['signature']))
-         $Error = array('error' => 'invalid_request', 'message' => 'Missing  signature parameter.');
-      elseif (($Diff = abs($Request['timestamp'] - JsTimestamp())) > JS_TIMEOUT)
-         $Error = array('error' => 'invalid_request', 'message' => 'The timestamp is invalid.');
-      else {
-         // Make sure the timestamp hasn't timed out.
-         $Signature = md5($Request['timestamp'].$Secret);
-         if ($Signature != $Request['signature'])
-            $Error = array('error' => 'access_denied', 'message' => 'Signature invalid.');
-      }
-   }
-   
-   if (isset($Error))
-      $Result = $Error;
-   elseif (is_array($User) && count($User) > 0) {
-      if ($Secure === NULL) {
-         $Result = $User;
-      } else {
-         $Result = SignJsConnect($User, $ClientID, $Secret, TRUE);
-      }
-   } else
-      $Result = array('name' => '', 'photourl' => '');
-   
-   $Json = json_encode($Result);
-   
-   
-   if (isset($Request['callback'])) {
-      header("Content-Type: application/javascript");
-      echo "{$Request['callback']}($Json);";
-   } else {
-      header("Content-Type: application/json");
-      echo $Json;
-   }
+/**
+ * Write the jsConnect string for single sign on.
+ *
+ * @param array $user An array containing information about the currently signed on user. If no user is signed in then this should be an empty array.
+ * @param array $request An array of the $_GET request.
+ * @param string $clientID The string client ID that you set up in the jsConnect settings page.
+ * @param string $secret The string secret that you set up in the jsConnect settings page.
+ * @param string|bool $secure Whether or not to check for security. This is one of these values.
+ *  - true: Check for security and sign the response with an md5 hash.
+ *  - false: Don't check for security, but sign the response with an md5 hash.
+ *  - string: Check for security and sign the response with the given hash algorithm. See hash_algos() for what your server can support.
+ *  - null: Don't check for security and don't sign the response.
+ * @since 1.1b Added the ability to provide a hash algorithm to $secure.
+ */
+function writeJsConnect($user, $request, $clientID, $secret, $secure = true) {
+    $user = array_change_key_case($user);
+
+    // Error checking.
+    if ($secure) {
+        // Check the client.
+        if (!isset($request['v'])) {
+            $error = ['error' => 'invalid_request', 'message' => 'Missing the v parameter.'];
+        } elseif ($request['v'] !== '2') {
+            $error = ['error' => 'invalid_request', 'message' => "Unsupported version {$request['v']}."];
+        } elseif (!isset($request['client_id'])) {
+            $error = ['error' => 'invalid_request', 'message' => 'The client_id parameter is missing.'];
+        } elseif ($request['client_id'] != $clientID) {
+            $error = ['error' => 'invalid_client', 'message' => "Unknown client {$request['client_id']}."];
+        } elseif (!isset($request['timestamp']) && !isset($request['sig'])) {
+            if (is_array($user) && count($user) > 0) {
+                // This isn't really an error, but we are just going to return public information when no signature is sent.
+                $error = ['name' => (string)@$user['name'], 'photourl' => @$user['photourl'], 'signedin' => true];
+            } else {
+                $error = ['name' => '', 'photourl' => ''];
+            }
+        } elseif (!isset($request['timestamp']) || !is_numeric($request['timestamp'])) {
+            $error = ['error' => 'invalid_request', 'message' => 'The timestamp parameter is missing or invalid.'];
+        } elseif (!isset($request['sig'])) {
+            $error = ['error' => 'invalid_request', 'message' => 'Missing sig parameter.'];
+        } // Make sure the timestamp hasn't timedout
+        elseif (abs($request['timestamp'] - jsTimestamp()) > JS_TIMEOUT) {
+            $error = ['error' => 'invalid_request', 'message' => 'The timestamp is invalid.'];
+        } elseif (!isset($request['nonce'])) {
+            $error = ['error' => 'invalid_request', 'message' => 'Missing nonce parameter.'];
+        } elseif (!isset($request['ip'])) {
+            $error = ['error' => 'invalid_request', 'message' => 'Missing ip parameter.'];
+        } else {
+            $signature = jsHash($request['ip'].$request['nonce'].$request['timestamp'].$secret, $secure);
+            if ($signature != $request['sig']) {
+                $error = ['error' => 'access_denied', 'message' => 'Signature invalid.'];
+            }
+        }
+    }
+
+    if (isset($error)) {
+        $result = $error;
+    } elseif (is_array($user) && count($user) > 0) {
+        if ($secure === null) {
+            $result = $user;
+        } else {
+            $user['ip'] = $request['ip'];
+            $user['nonce'] = $request['nonce'];
+            $result = signJsConnect($user, $clientID, $secret, $secure, true);
+            $result['v'] = '2';
+        }
+    } else {
+        $result = ['name' => '', 'photourl' => ''];
+    }
+
+    $json = json_encode($result);
+
+    if (isset($request['callback'])) {
+        echo "{$request['callback']}($json)";
+    } else {
+        echo $json;
+    }
 }
 
-function SignJsConnect($Data, $ClientID, $Secret, $ReturnData = FALSE) {
-   $Data = array_change_key_case($Data);
-   ksort($Data);
+/**
+ *
+ *
+ * @param $data
+ * @param $clientID
+ * @param $secret
+ * @param $hashType
+ * @param bool $returnData
+ * @return array|string
+ */
+function signJsConnect($data, $clientID, $secret, $hashType, $returnData = false) {
+    $normalizedData = array_change_key_case($data);
+    ksort($normalizedData);
 
-   foreach ($Data as $Key => $Value) {
-      if ($Value === NULL)
-         $Data[$Key] = '';
-   }
-   
-   $String = http_build_query($Data);
-//   echo "$String\n";
-   $Signature = md5($String.$Secret);
-   
-   if ($ReturnData) {
-      $Data['client_id'] = $ClientID;
-      $Data['signature'] = $Signature;
-//      $Data['string'] = $String;
-      return $Data;
-   } else {
-      return $Signature;
-   }
+    foreach ($normalizedData as $key => $value) {
+        if ($value === null) {
+            $normalizedData[$key] = '';
+        }
+    }
+
+    $stringifiedData = http_build_query($normalizedData, null, '&');
+    $signature = jsHash($stringifiedData.$secret, $hashType);
+    if ($returnData) {
+        $normalizedData['client_id'] = $clientID;
+        $normalizedData['sig'] = $signature;
+        return $normalizedData;
+    } else {
+        return $signature;
+    }
 }
 
-function JsTimestamp() {
-   return time();
+/**
+ * Return the hash of a string.
+ *
+ * @param string $string The string to hash.
+ * @param string|bool $secure The hash algorithm to use. true means md5.
+ * @return string
+ */
+function jsHash($string, $secure = true) {
+    if ($secure === true) {
+        $secure = 'md5';
+    }
+
+    switch ($secure) {
+        case 'sha1':
+            return sha1($string);
+            break;
+        case 'md5':
+        case false:
+            return md5($string);
+        default:
+            return hash($secure, $string);
+    }
 }
+
+/**
+ *
+ *
+ * @return int
+ */
+function jsTimestamp() {
+    return time();
+}
+
+/**
+ * Generate an SSO string suitable for passing in the url for embedded SSO.
+ *
+ * @param array $user The user to sso.
+ * @param string $clientID Your client ID.
+ * @param string $secret Your secret.
+ * @return string
+ */
+function jsSSOString($user, $clientID, $secret) {
+    if (!isset($user['client_id'])) {
+        $user['client_id'] = $clientID;
+    }
+
+    $string = base64_encode(json_encode($user));
+    $timestamp = time();
+    $hash = hash_hmac('sha1', "$string $timestamp", $secret);
+
+    $result = "$string $hash $timestamp hmacsha1";
+    return $result;
+}

vanilla-forums/trunk/plugin.php

@@ -2 +2 @@
 /*
 Plugin Name: Vanilla Forums
-Plugin URI: http://vanillaforums.org/addons/
+Plugin URI: https://vanillaforums.com
 Description: Integrates Vanilla Forums with WordPress: embedded blog comments, embedded forum, single sign on, and WordPress widgets.
-Version: 1.1.18
-Author: Todd Burry
-Author URI: http://www.vanillaforums.org/
+Version: 1.2
+Author: Vanilla Forums
+Author URI: https://vanillaforums.com
 
 ChangeLog:
@@ -68 +68 @@
 1.1.18
 - Update handling of /categories/all.json
+1.2
+- Update jsConnect client library
 
 Copyright 2010-2016 Vanilla Forums Inc

vanilla-forums/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 3
 Tested up to: 4.9.5
-Stable tag: 1.1.18
+Stable tag: 1.2
 
 == Description ==

vanilla-forums/trunk/sso.php

@@ -9 +9 @@
 $VFRequest = vf_get_value('VFRequest', $_GET);
 switch ($VFRequest) {
-    // Show the signed in user
-    case 'connect':
-      require_once dirname(__FILE__).'/functions.jsconnect.php';
-      
-      $user = vf_get_user();
-        $options = get_option(VF_OPTIONS_NAME);
-        $clientID = vf_get_value('sso-clientid', $options, '');
-        $secret = vf_get_value('sso-secret', $options, '');
-        WriteJsConnect($user, $_GET, $clientID, $secret, true);
-        exit();
-        break;
-    // Generate a secret to be used for security.
-    case 'generate-secret':
-        echo md5(time());
-        exit();
-        break;
+    // Show the signed in user
+    case 'connect':
+        require_once dirname(__FILE__).'/functions.jsconnect.php';
+        $user = vf_get_user();
+        $options = get_option(VF_OPTIONS_NAME);
+        $clientID = vf_get_value('sso-clientid', $options, '');
+        $secret = vf_get_value('sso-secret', $options, '');
+        WriteJsConnect($user, $_GET, $clientID, $secret, true);
+        exit();
+        break;
+    // Generate a secret to be used for security.
+    case 'generate-secret':
+        echo wp_generate_password(64, true, true);
+        exit();
+        break;
 }