Changeset 3016412

Timestamp:

01/02/2024 12:08:25 PM (2 years ago)

Author:

iteras

Message:

Paywall signing key is now handled separately

Location:

iteras/trunk

Files:

• README.txt (modified) (2 diffs)
• admin/iteras-admin.php (modified) (2 diffs)
• admin/views/admin.php (modified) (1 diff)
• admin/views/post-meta-box.php (modified) (1 diff)
• iteras.php (modified) (1 diff)
• languages/iteras-da_DK.mo (modified) (previous)
• languages/iteras-da_DK.po (modified) (11 diffs)
• public/iteras-public.php (modified) (8 diffs)

iteras/trunk/README.txt

@@ -3 +3 @@
 Requires at least: 3.5.1
 Tested up to: 6.4.2
-Stable tag: 1.6.0
+Stable tag: 1.7.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -111 +111 @@
 
 == Changelog ==
+= 1.7.0 =
+* Paywall signing key is now handled separately
+
 = 1.6.0 =
 * Added bulk action for updating paywall state on posts

iteras/trunk/admin/iteras-admin.php

@@ -21 +21 @@
 
   protected $plugin = null;
-
-  public $access_levels = null;
-
+  protected $plugin_slug = null;
+
+  protected $access_levels = null;
+  protected $paywall_display_types = null;
+  protected $paywall_integration_methods = null;
 
   private function __construct() {
@@ -334 +336 @@
     $settings = array(
       'api_key' => sanitize_text_field($_POST['api_key']),
+      'signing_key' => sanitize_text_field($_POST['signing_key']),
       'paywalls' => $prev_settings['paywalls'],
       'profile_name' => sanitize_text_field($_POST['profile']),

iteras/trunk/admin/views/admin.php

@@ -20 +20 @@
 
       <tr>
+        <th scope="row"><label for="signingkey"><?php _e('ITERAS signing key', $domain); ?></label></th>
+        <td>
+          <input class="regular-text" id="signingkey" name="signing_key" placeholder="<?php _e('e.g.', $domain); ?> j8kau2v3lzp0n12ilw1d0hurr6059gyo" type="text" value="<?=$settings['signing_key']; ?>">
+          <p class="description"><?php _e('You can find your signing key in the general settings section in the top right menu in ITERAS.', $domain); ?></p>
+        </td>
+      </tr>
+
+      <tr>
         <th scope="row"><label for="apikey"><?php _e('ITERAS API key', $domain); ?></label></th>
         <td>
-          <input class="regular-text" id="apikey" name="api_key" placeholder="<?php _e('e.g. drurhphapaikr5fcywk158n93ghat0vz', $domain); ?>" type="text" value="<?=$settings['api_key']; ?>">
-          <p class="description"><?php _e('You can find your API key in the general settings section in the top right menu in ITERAS.', $domain); ?></p>
+          <input class="regular-text" id="apikey" name="api_key" placeholder="<?php _e('e.g.', $domain); ?> drurhphapaikr5fcywk158n93ghat0vz" type="text" value="<?=$settings['api_key']; ?>">
+          <p class="description"><?php _e('You can create an API key under integrations in the top right menu in ITERAS.', $domain); ?></p>
         </td>
       </tr>

iteras/trunk/admin/views/post-meta-box.php

@@ -3 +3 @@
 wp_nonce_field( "post".$post->ID, 'iteras_paywall_post_nonce' );
 
-if (!$settings['api_key']) {
+if (!$settings['api_key'] || !$settings['signing_key']) {
 ?>
   <div class="attention-box">

iteras/trunk/iteras.php

@@ -13 +13 @@
  * Plugin URI:        https://app.iteras.dk
  * Description:       Integration with ITERAS, a cloud-based state-of-the-art system for managing subscriptions/memberships and payments.
- * Version:           1.6.0
+ * Version:           1.7.0
  * Author:            ITERAS
  * Author URI:        https://www.iteras.dk

iteras/trunk/languages/iteras-da_DK.po

@@ -6 +6 @@
 "Project-Id-Version: iteras\n"
 "Report-Msgid-Bugs-To: [email protected]\n"
-"POT-Creation-Date: 2023-12-19 19:48+0100\n"
-"PO-Revision-Date: 2023-12-19 19:48+0100\n"
+"POT-Creation-Date: 2024-01-02 13:05+0100\n"
+"PO-Revision-Date: 2024-01-02 13:05+0100\n"
 "Last-Translator: Ole Laursen <[email protected]>\n"
 "Language-Team: da\n"
@@ -15 +15 @@
 "Content-Transfer-Encoding: 8bit\n"
 
-#: admin/iteras-admin.php:59
+#: admin/iteras-admin.php:61
 msgid "Everybody"
 msgstr "Alle"
 
-#: admin/iteras-admin.php:65
+#: admin/iteras-admin.php:67
 msgid "Redirect to subscribe landing page"
 msgstr "Omdiriger til abonnér-landingsside"
 
-#: admin/iteras-admin.php:66
+#: admin/iteras-admin.php:68
 msgid "Cut text and add call-to-action box"
 msgstr "Beskær tekst og tilføj call to action-boks"
 
-#: admin/iteras-admin.php:70
+#: admin/iteras-admin.php:72
 msgid "Automatic"
 msgstr "Automatisk"
 
-#: admin/iteras-admin.php:71
+#: admin/iteras-admin.php:73
 msgid "Custom"
 msgstr "Specialudviklet"
 
-#: admin/iteras-admin.php:88
+#: admin/iteras-admin.php:90
 msgid "ITERAS Paywall"
 msgstr "ITERAS-paywall"
 
-#: admin/iteras-admin.php:93
+#: admin/iteras-admin.php:95
 msgid "Paywall"
 msgstr "Betalingsmur"
 
-#: admin/iteras-admin.php:138
+#: admin/iteras-admin.php:140
 msgid "Does not restrict visitors, everyone can see the content"
 msgstr "Begrænser ingen besøgende, alle kan se indholdet"
 
-#: admin/iteras-admin.php:139
+#: admin/iteras-admin.php:141
 msgid ""
 "Content restricted to visitors who are in the subscriber database (but they "
@@ -55 +55 @@
 "have et aktivt abonnement)"
 
-#: admin/iteras-admin.php:140
+#: admin/iteras-admin.php:142
 msgid "Content restricted to visitors with an active subscription"
 msgstr "Indhold begrænset til besøgende i abonnentdatabasen"
 
-#: admin/iteras-admin.php:185
+#: admin/iteras-admin.php:184
 msgid "Add paywall"
 msgstr "Tilføj betalingsmur"
 
-#: admin/iteras-admin.php:188
+#: admin/iteras-admin.php:187
 msgid "Remove paywalls"
 msgstr "Fjern betalingsmure"
 
-#: admin/iteras-admin.php:247
+#: admin/iteras-admin.php:246
 msgid "ITERAS configuration"
 msgstr "ITERAS-konfiguration"
 
-#: admin/iteras-admin.php:248
+#: admin/iteras-admin.php:247
 msgid "ITERAS"
 msgstr "ITERAS"
 
-#: admin/iteras-admin.php:287
+#: admin/iteras-admin.php:286
 msgid "Synchronization of paywalls from ITERAS complete"
 msgstr "Synkronisering af betalingsmure fra ITERAS gennemført"
 
-#: admin/iteras-admin.php:293
+#: admin/iteras-admin.php:292
 msgid "Couldn't synchronize paywalls from ITERAS"
 msgstr "Kunne ikke synkronisere betalingsmure fra ITERAS"
 
-#: admin/iteras-admin.php:325
+#: admin/iteras-admin.php:324
 msgid "Settings"
 msgstr "Indstillinger"
@@ -104 +104 @@
 
 #: admin/views/admin.php:22
+msgid "ITERAS signing key"
+msgstr "ITERAS signeringsnøgle"
+
+#: admin/views/admin.php:24 admin/views/admin.php:32
+msgid "e.g."
+msgstr "f.eks."
+
+#: admin/views/admin.php:25
+msgid ""
+"You can find your signing key in the general settings section in the top "
+"right menu in ITERAS."
+msgstr ""
+"Du kan finde din signeringsnøgle under grundindstillingerne i menuen øverst "
+"til højre i ITERAS."
+
+#: admin/views/admin.php:30
 msgid "ITERAS API key"
 msgstr "ITERAS API-nøgle"
 
-#: admin/views/admin.php:24
-msgid "e.g. drurhphapaikr5fcywk158n93ghat0vz"
-msgstr "f.eks. drurhphapaikr5fcywk158n93ghat0vz"
-
-#: admin/views/admin.php:25
-msgid ""
-"You can find your API key in the general settings section in the top right "
-"menu in ITERAS."
-msgstr ""
-"Du kan finde din API-nøgle under grundindstillingerne i menuen øverst til "
-"højre i ITERAS."
-
-#: admin/views/admin.php:30
+#: admin/views/admin.php:33
+msgid ""
+"You can create an API key under integrations in the top right menu in ITERAS."
+msgstr ""
+"Du kan oprette en API-nøgle under integrationer i menuen øverst til højre i "
+"ITERAS."
+
+#: admin/views/admin.php:38
 msgid "Available paywalls"
 msgstr "Tilgængelige betalingsmure"
 
-#: admin/views/admin.php:34
+#: admin/views/admin.php:42
 msgid "No paywalls available"
 msgstr "Ingen betalingsmure tilgængelig"
 
-#: admin/views/admin.php:44
+#: admin/views/admin.php:52
 msgid "Synchronize"
 msgstr "Synkronisér"
 
-#: admin/views/admin.php:45
+#: admin/views/admin.php:53
 msgid ""
 "You can configure paywalls in ITERAS in the paywalls section under "
@@ -141 +152 @@
 "knappen her bagefter."
 
-#: admin/views/admin.php:50
+#: admin/views/admin.php:58
 msgid "Default paywall access"
 msgstr "Forvalgt paywall-adgang"
 
-#: admin/views/admin.php:58
+#: admin/views/admin.php:66
 msgid "Default paywall access for new posts."
 msgstr "Betalingsmur-indstilling som nye indlæg og sider får som forvalg."
 
-#: admin/views/admin.php:63
+#: admin/views/admin.php:71
 msgid "Access restriction"
 msgstr "Adgangsbegrænsning"
 
-#: admin/views/admin.php:71
+#: admin/views/admin.php:79
 msgid "How users will be greeted on an article they don't have access to."
 msgstr ""
 "Hvordan besøgende bliver modtaget på en artikel som de ikke har adgang til."
 
-#: admin/views/admin.php:76
+#: admin/views/admin.php:84
 msgid "Subscribe landing page"
 msgstr "Abonnér-landingsside"
 
-#: admin/views/admin.php:78
+#: admin/views/admin.php:86
 msgid "e.g. /?page_id=1"
 msgstr "f.eks. /?page_id=1"
 
-#: admin/views/admin.php:79
+#: admin/views/admin.php:87
 msgid ""
 "URL to the landing page for logging in or becoming a <b>paying subscriber</"
@@ -174 +185 @@
 "b>."
 
-#: admin/views/admin.php:84
+#: admin/views/admin.php:92
 msgid "User landing page"
 msgstr "Bruger-landingsside"
 
-#: admin/views/admin.php:86
+#: admin/views/admin.php:94
 msgid "e.g. /?page_id=2"
 msgstr "f.eks. /?page_id=2"
 
-#: admin/views/admin.php:87
+#: admin/views/admin.php:95
 msgid ""
 "URL to the landing page for logging in or registering as a <b>user</b>. The "
@@ -190 +201 @@
 "b>. Abonnér- og bruger-landingssiderne kan pege på den samme Wordpress-side."
 
-#: admin/views/admin.php:92
+#: admin/views/admin.php:100
 msgid "Cut text at"
 msgstr "Beskær tekst ved"
 
-#: admin/views/admin.php:94
+#: admin/views/admin.php:102
 msgid "characters"
 msgstr "tegn"
 
-#: admin/views/admin.php:94
+#: admin/views/admin.php:102
 msgid "e.g. 30"
 msgstr "f.eks. 30"
 
-#: admin/views/admin.php:99
+#: admin/views/admin.php:107
 msgid "Call-to-action content"
 msgstr "Call to action-indhold"
 
-#: admin/views/admin.php:102
+#: admin/views/admin.php:110
 msgid ""
 "Present ordering offers and a login option. If you link to separate ordering "
@@ -220 +231 @@
 "side efter at have bestilt eller logget ind."
 
-#: admin/views/admin.php:107
+#: admin/views/admin.php:115
 msgid "Validation method"
 msgstr "Verifikationsmåde"
 
-#: admin/views/admin.php:109
+#: admin/views/admin.php:117
 msgid "Enable server-side validation of access pass cookie"
 msgstr "Aktiver serverkontrol af adgangstegn-cookie"
 
-#: admin/views/admin.php:112
+#: admin/views/admin.php:120
 msgid ""
 "With server-side validation, the ITERAS API key will be used to check the "
@@ -247 +258 @@
 "serverkontrol."
 
-#: admin/views/admin.php:117
+#: admin/views/admin.php:125
 msgid "Paywall integration method"
 msgstr "Integrationsmåde for betalingsmur"
 
-#: admin/views/admin.php:125
+#: admin/views/admin.php:133
 msgid ""
 "For custom integration use either <code>[iteras-paywall-content]...[/iteras-"
@@ -261 +272 @@
 "<code>Iteras::get_instance().potentially_paywall_content(...)</code>."
 
-#: admin/views/admin.php:137
+#: admin/views/admin.php:145
 msgid ""
 "For more information about the ITERAS API check out the <a target=\"_blank\" "
@@ -290 +301 @@
 "href='%url%'>siden med indstillinger</a> for at rette dem."
 
-#: public/iteras-public.php:425 public/iteras-public.php:596
+#: public/iteras-public.php:429 public/iteras-public.php:604
 msgid "This content is paywalled"
 msgstr "Dette indhold er bag betalingsmur"
 
-#: public/iteras-public.php:425 public/iteras-public.php:603
-#: public/iteras-public.php:651
+#: public/iteras-public.php:429 public/iteras-public.php:611
+#: public/iteras-public.php:659
 msgid "You are seeing the content because you are logged into WordPress admin."
 msgstr "Du ser indholdet da du er logget ind i WordPress admin."
 
-#: public/iteras-public.php:434
+#: public/iteras-public.php:438
 msgid "ITERAS plugin improperly configured. Paywall box content is missing"
 msgstr ""
 "ITERAS-plugin er ikke konfigureret rigtigt. Call to action-indhold mangler."
 
-#: public/iteras-public.php:577
+#: public/iteras-public.php:585
 msgid "You need to be logged in to see this content"
 msgstr "Du skal være logget ind for at se indholdet"
 
-#: public/iteras-public.php:600
+#: public/iteras-public.php:608
 msgid "paywallid not declared"
 msgstr "paywallid ikke udfyldt"
+
+#~ msgid "e.g. drurhphapaikr5fcywk158n93ghat0vz"
+#~ msgstr "f.eks. drurhphapaikr5fcywk158n93ghat0vz"
 
 #~ msgid "Paying subscribers"

iteras/trunk/public/iteras-public.php

@@ -16 +16 @@
 class Iteras {
 
-  const VERSION = '1.6.0';
+  const VERSION = '1.7.0';
 
   const SETTINGS_KEY = "iteras_settings";
@@ -194 +194 @@
         $settings['paywall_server_side_validation'] = true;
       }
+      if (version_compare($old_version, "1.7", "lt")) {
+        $settings['signing_key'] = $settings['api_key'];
+      }
 
       wp_cache_delete(self::SETTINGS_KEY);
@@ -261 +264 @@
     if (empty($settings)) {
       $settings = array(
+        'signing_key' => "",
         'api_key' => "",
         'profile_name' => "", // outphase
@@ -340 +344 @@
   }
 
-  private function pass_authorized($pass, $restriction, $key) {
+  private function pass_authorized($pass, $restriction, $signing_key) {
     // check signature
     $pos = strrpos($pass, "/");
@@ -357 +361 @@
       return false;
 
-    $computed_hmac = hash_hmac($algo, $data, $key);
-
-    if ($computed_hmac !== false && $key && (function_exists("hash_equals") ? !hash_equals($computed_hmac, $hmac) : $computed_hmac != $hmac))
+    $computed_hmac = hash_hmac($algo, $data, $signing_key);
+
+    if ($computed_hmac !== false && $signing_key && (function_exists("hash_equals") ? !hash_equals($computed_hmac, $hmac) : $computed_hmac != $hmac))
       return false;
 
@@ -399 +403 @@
 
     $user_authorized = (
-      isset($_COOKIE['iteraspass']) && $this->pass_authorized($_COOKIE['iteraspass'], $paywall_ids, $this->settings['api_key'])
+      isset($_COOKIE['iteraspass']) && $this->pass_authorized($_COOKIE['iteraspass'], $paywall_ids, $this->settings['signing_key'])
     );
 
@@ -610 +614 @@
       $content = $admin_paywall_notice . $content;
     } else {
-      if (isset($_COOKIE['iteraspass']) && $this->pass_authorized($_COOKIE['iteraspass'], $paywall_ids, $this->settings['api_key'])) {
+      if (isset($_COOKIE['iteraspass']) && $this->pass_authorized($_COOKIE['iteraspass'], $paywall_ids, $this->settings['signing_key'])) {
         // User has access
       } else {
@@ -655 +659 @@
       $content = __("You are seeing the content because you are logged into WordPress admin.") . $content;
     } else {
-      if ((isset($_COOKIE['iteraspass']) && $this->pass_authorized($_COOKIE['iteraspass'], $paywall_ids, $this->settings['api_key'])) == $show_if_logged_in) {
+      if ((isset($_COOKIE['iteraspass']) && $this->pass_authorized($_COOKIE['iteraspass'], $paywall_ids, $this->settings['signing_key'])) == $show_if_logged_in) {
         // Returns the content without manipulation
       } else {