includes/WPStrava/Auth.php

<?php

abstract class WPStrava_Auth {

	protected $auth_url = 'https://www.strava.com/oauth/authorize?response_type=code';
	protected $feedback = '';

	/**
	 * Factory method to get the correct Auth class based on specified string
	 * or by the options setting.
	 *
	 * @param string $auth 'refresh' or 'forever' (default 'refresh').
	 * @return WPStrava_Auth Instance of Auth
	 * @author Justin Foell <justin@foell.org>
	 */
	public static function get_auth( $auth = 'refresh' ) {
		if ( 'forever' === $auth ) {
			return new WPStrava_AuthForever();
		}
		// Default to refresh.
		return new WPStrava_AuthRefresh();
	}

	abstract protected function get_authorize_url( $client_id );

	public function hook() {
		if ( is_admin() ) {
			add_filter( 'pre_set_transient_settings_errors', array( $this, 'maybe_oauth' ) );
			add_action( 'admin_init', array( $this, 'init' ) );
		}
	}

	/**
	 * This runs after options are saved
	 */
	public function maybe_oauth( $value ) {
		$settings = WPStrava::get_instance()->settings;

		// User is clearing to start-over, don't oauth, ignore other errors.

		$input_args = array(
			'strava_id'            => array(
				'filter' => FILTER_SANITIZE_NUMBER_INT,
				'flags'  => FILTER_REQUIRE_ARRAY,
			),
			'strava_client_id'     => array(
				'filter' => FILTER_SANITIZE_NUMBER_INT,
				'flags'  => FILTER_REQUIRE_SCALAR,
			),
			'strava_client_secret' => FILTER_SANITIZE_STRING,
		);

		$input = filter_input_array( INPUT_POST, $input_args );

		if ( $settings->ids_empty( $input['strava_id'] ) ) {
			return array();
		}

		// Redirect only if all the right options are in place.
		if ( $settings->is_settings_updated( $value ) && $settings->is_option_page() ) {
			// Only re-auth if client ID and secret were saved.
			if ( ! empty( $input['strava_client_id'] ) && ! empty( $input['strava_client_secret'] ) ) {
				wp_redirect( $this->get_authorize_url( $input['strava_client_id'] ) );
				exit();
			}
		}
		return $value;
	}

	public function init() {
		$settings = WPStrava::get_instance()->settings;

		$input_args = array(
			'settings-updated' => FILTER_SANITIZE_STRING,
			'code'             => FILTER_SANITIZE_STRING,
		);

		$input = filter_input_array( INPUT_GET, $input_args );

		//only update when redirected back from strava
		if ( ! isset( $input['settings-updated'] ) && $settings->is_settings_page() ) {
			if ( isset( $input['code'] ) ) {
				$info = $this->token_exchange_initial( $input['code'] );
				if ( isset( $info->access_token ) ) {
					// Translators: New strava token
					add_settings_error( 'strava_token', 'strava_token', sprintf( __( 'New Strava token retrieved. %s', 'wp-strava' ), $this->feedback ), 'updated' );
				} else {
					// throw new WPStrava_Exception( '' );
					add_settings_error( 'strava_token', 'strava_token', $this->feedback );
				}
			} elseif ( isset( $_GET['error'] ) ) {
				// Translators: authentication error mess
				add_settings_error( 'strava_token', 'strava_token', sprintf( __( 'Error authenticating at Strava: %s', 'wp-strava' ), str_replace( '_', ' ', $_GET['error'] ) ) );
			}
		}
	}

	protected function get_redirect_param() {
		$page_name = WPStrava::get_instance()->settings->get_page_name();
		return rawurlencode( admin_url( "options-general.php?page={$page_name}" ) );
	}

	// Was fetch_token();
	private function token_exchange_initial( $code ) {
		$settings      = WPStrava::get_instance()->settings;
		$client_id     = $settings->client_id;
		$client_secret = $settings->client_secret;

		$settings->delete_id_secret();

		if ( $client_id && $client_secret ) {

			$data = array(
				'client_id'     => $client_id,
				'client_secret' => $client_secret,
				'code'          => $code,
			);

			$data = $this->add_initial_params( $data );

			$strava_info = $this->token_request( $data );

			if ( isset( $strava_info->access_token ) ) {
				$settings->add_id( $client_id );
				$settings->save_info( $client_id, $client_secret, $strava_info );

				$this->feedback .= __( 'Successfully authenticated.', 'wp-strava' );
				return $strava_info;
			}

			// Translators: error message from Strava
			$this->feedback .= sprintf( __( 'There was an error receiving data from Strava: <pre>%s</pre>', 'wp-strava' ), print_r( $strava_info, true ) ); // phpcs:ignore -- Debug output.
			return false;

		}

		$this->feedback .= __( 'Missing Client ID or Client Secret.', 'wp-strava' );
		return false;
	}

	protected function token_request( $data ) {
		$api = new WPStrava_API();
		return $api->post( 'oauth/token', $data );
	}

	protected function add_initial_params( $data ) {
		return $data;
	}

}
Auth WIP 2019-04-01 14:50:36 -05:00			`<?php`

			`abstract class WPStrava_Auth {`

			`protected $auth_url = 'https://www.strava.com/oauth/authorize?response_type=code';`
Updated visibility of auth feedback 2019-09-21 23:41:18 -05:00			`protected $feedback = '';`
Auth WIP 2019-04-01 14:50:36 -05:00
			`/**`
			`* Factory method to get the correct Auth class based on specified string`
			`* or by the options setting.`
			`*`
			`* @param string $auth 'refresh' or 'forever' (default 'refresh').`
			`* @return WPStrava_Auth Instance of Auth`
			`* @author Justin Foell <justin@foell.org>`
			`*/`
			`public static function get_auth( $auth = 'refresh' ) {`
			`if ( 'forever' === $auth ) {`
			`return new WPStrava_AuthForever();`
			`}`
			`// Default to refresh.`
			`return new WPStrava_AuthRefresh();`
			`}`

			`abstract protected function get_authorize_url( $client_id );`

			`public function hook() {`
Added refresh cron and refresh method 2019-06-03 14:27:14 -05:00			`if ( is_admin() ) {`
			`add_filter( 'pre_set_transient_settings_errors', array( $this, 'maybe_oauth' ) );`
			`add_action( 'admin_init', array( $this, 'init' ) );`
			`}`
Auth WIP 2019-04-01 14:50:36 -05:00			`}`

			`/**`
			`* This runs after options are saved`
			`*/`
			`public function maybe_oauth( $value ) {`
			`$settings = WPStrava::get_instance()->settings;`

			`// User is clearing to start-over, don't oauth, ignore other errors.`
Added input filtering 2019-11-01 14:26:57 -05:00
			`$input_args = array(`
			`'strava_id' => array(`
			`'filter' => FILTER_SANITIZE_NUMBER_INT,`
			`'flags' => FILTER_REQUIRE_ARRAY,`
			`),`
			`'strava_client_id' => array(`
			`'filter' => FILTER_SANITIZE_NUMBER_INT,`
			`'flags' => FILTER_REQUIRE_SCALAR,`
			`),`
			`'strava_client_secret' => FILTER_SANITIZE_STRING,`
			`);`

			`$input = filter_input_array( INPUT_POST, $input_args );`

			`if ( $settings->ids_empty( $input['strava_id'] ) ) {`
Auth WIP 2019-04-01 14:50:36 -05:00			`return array();`
			`}`

			`// Redirect only if all the right options are in place.`
			`if ( $settings->is_settings_updated( $value ) && $settings->is_option_page() ) {`
			`// Only re-auth if client ID and secret were saved.`
Added input filtering 2019-11-01 14:26:57 -05:00			`if ( ! empty( $input['strava_client_id'] ) && ! empty( $input['strava_client_secret'] ) ) {`
			`wp_redirect( $this->get_authorize_url( $input['strava_client_id'] ) );`
Auth WIP 2019-04-01 14:50:36 -05:00			`exit();`
			`}`
			`}`
			`return $value;`
			`}`

			`public function init() {`
			`$settings = WPStrava::get_instance()->settings;`

Added input filtering 2019-11-01 14:26:57 -05:00			`$input_args = array(`
			`'settings-updated' => FILTER_SANITIZE_STRING,`
			`'code' => FILTER_SANITIZE_STRING,`
			`);`

			`$input = filter_input_array( INPUT_GET, $input_args );`

Auth WIP 2019-04-01 14:50:36 -05:00			`//only update when redirected back from strava`
Added input filtering 2019-11-01 14:26:57 -05:00			`if ( ! isset( $input['settings-updated'] ) && $settings->is_settings_page() ) {`
			`if ( isset( $input['code'] ) ) {`
			`$info = $this->token_exchange_initial( $input['code'] );`
Auth WIP 2019-04-01 14:50:36 -05:00			`if ( isset( $info->access_token ) ) {`
			`// Translators: New strava token`
			`add_settings_error( 'strava_token', 'strava_token', sprintf( __( 'New Strava token retrieved. %s', 'wp-strava' ), $this->feedback ), 'updated' );`
			`} else {`
			`// throw new WPStrava_Exception( '' );`
			`add_settings_error( 'strava_token', 'strava_token', $this->feedback );`
			`}`
			`} elseif ( isset( $_GET['error'] ) ) {`
			`// Translators: authentication error mess`
			`add_settings_error( 'strava_token', 'strava_token', sprintf( __( 'Error authenticating at Strava: %s', 'wp-strava' ), str_replace( '_', ' ', $_GET['error'] ) ) );`
			`}`
			`}`
			`}`

			`protected function get_redirect_param() {`
			`$page_name = WPStrava::get_instance()->settings->get_page_name();`
			`return rawurlencode( admin_url( "options-general.php?page={$page_name}" ) );`
			`}`

Fixed Activity filter and added Activity Unit Test 2019-10-04 15:50:08 -05:00			`// Was fetch_token();`
Auth WIP 2019-04-01 14:50:36 -05:00			`private function token_exchange_initial( $code ) {`
Added input filtering 2019-11-01 14:26:57 -05:00			`$settings = WPStrava::get_instance()->settings;`
Auth WIP 2019-04-01 14:50:36 -05:00			`$client_id = $settings->client_id;`
			`$client_secret = $settings->client_secret;`

			`$settings->delete_id_secret();`

			`if ( $client_id && $client_secret ) {`

			`$data = array(`
			`'client_id' => $client_id,`
			`'client_secret' => $client_secret,`
			`'code' => $code,`
			`);`

Added refresh cron and refresh method 2019-06-03 14:27:14 -05:00			`$data = $this->add_initial_params( $data );`

Auth WIP 2019-04-01 14:50:36 -05:00			`$strava_info = $this->token_request( $data );`

			`if ( isset( $strava_info->access_token ) ) {`
Moved from token being the identifier to Client ID 2019-04-01 16:21:13 -05:00			`$settings->add_id( $client_id );`
Added refresh cron and refresh method 2019-06-03 14:27:14 -05:00			`$settings->save_info( $client_id, $client_secret, $strava_info );`
Moved from token being the identifier to Client ID 2019-04-01 16:21:13 -05:00
Auth WIP 2019-04-01 14:50:36 -05:00			`$this->feedback .= __( 'Successfully authenticated.', 'wp-strava' );`
			`return $strava_info;`
			`}`

			`// Translators: error message from Strava`
			`$this->feedback .= sprintf( __( 'There was an error receiving data from Strava: <pre>%s</pre>', 'wp-strava' ), print_r( $strava_info, true ) ); // phpcs:ignore -- Debug output.`
			`return false;`

			`}`

			`$this->feedback .= __( 'Missing Client ID or Client Secret.', 'wp-strava' );`
			`return false;`
			`}`

			`protected function token_request( $data ) {`
Added input filtering 2019-11-01 14:26:57 -05:00			`$api = new WPStrava_API();`
Auth WIP 2019-04-01 14:50:36 -05:00			`return $api->post( 'oauth/token', $data );`
			`}`

Added refresh cron and refresh method 2019-06-03 14:27:14 -05:00			`protected function add_initial_params( $data ) {`
			`return $data;`
			`}`

Auth WIP 2019-04-01 14:50:36 -05:00			`}`