From 08fccc55723f28fe4b18f24ee1dc6d3dd38cbf19 Mon Sep 17 00:00:00 2001 From: Andrew Cafourek Date: Sun, 25 Apr 2021 13:06:47 -0400 Subject: [PATCH] Add filters to authentication flow to allow external authentication Adds two filters: `graphql_jwt_auth_use_wp_authentication` -- returns boolean to determine if should use WP authentication `graphql_jwt_auth_authenticate_user` -- returns authenticated user or WP_Error Also passes full query input along to Auth functions and filters to give SSO provider access to data --- src/Auth.php | 36 ++++++++++++++++++++++++++++-------- src/Login.php | 2 +- 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/src/Auth.php b/src/Auth.php index d8afa2b..69f932a 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -38,7 +38,7 @@ public static function get_secret_key() { * @throws \Exception * @since 0.0.1 */ - public static function login_and_get_token( $username, $password ) { + public static function login_and_get_token( $username, $password, $fullInput ) { /** * First thing, check the secret key if not exist return a error @@ -50,7 +50,7 @@ public static function login_and_get_token( $username, $password ) { /** * Authenticate the user and get the Authenticated user object in response */ - $user = self::authenticate_user( $username, $password ); + $user = self::authenticate_user( $username, $password, $fullInput ); /** * Set the current user to the authenticated user @@ -351,18 +351,38 @@ public static function is_refresh_token() { * * @return null|\WP_Error|\WP_User */ - protected static function authenticate_user( $username, $password ) { + protected static function authenticate_user( $username, $password, $fullInput ) { - /** - * Try to authenticate the user with the passed credentials - */ - $user = wp_authenticate( sanitize_user( $username ), trim( $password ) ); + /** + * Filter boolean if we should use WordPress authentication + * + * @param boolean true + * @param object $fullInput + */ + if(apply_filters( 'graphql_jwt_auth_use_wp_authentication', true, $fullInput )){ + + /** + * Try to authenticate the user with the passed credentials + */ + $user = wp_authenticate( sanitize_user( $username ), trim( $password ) ); + } else { + + /** + * Filter login input data to authenticate user using some other method. + * + * @param string username + * @param string password + * @param object $fullInput + */ + $defaultDenial = new \WP_Error(__('Those credentials were not authenticated by any third party provider')); + $user = apply_filters( 'graphql_jwt_auth_authenticate_user', $defaultDenial, sanitize_user( $username ), trim( $password ), $fullInput ); + } /** * If the authentication fails return a error */ if ( is_wp_error( $user ) ) { - $error_code = ! empty( $user->get_error_code() ) ? $user->get_error_code() : 'invalid login'; + $error_code = (! empty( $user->get_error_code() ) ? $user->get_error_code() : 'invalid login')." | ".$user->get_error_message(); throw new UserError( esc_html( $error_code ) ); } diff --git a/src/Login.php b/src/Login.php index 4ad5db5..c3136e7 100644 --- a/src/Login.php +++ b/src/Login.php @@ -49,7 +49,7 @@ public static function register_mutation() { ], 'mutateAndGetPayload' => function( $input, AppContext $context, ResolveInfo $info ) { // Login the user in and get an authToken and user in response. - return Auth::login_and_get_token( sanitize_user( $input['username'] ), trim( $input['password'] ) ); + return Auth::login_and_get_token( sanitize_user( $input['username'] ), trim( $input['password'] ),$input ); }, ] );