adamcapriola · February 5, 2015 04:13
diff --git a/wordpress-discourse-sso.php b/wordpress-discourse-sso.php
 <?php
 /**
 * SSO "Page"
 * 
 */
 add_action( 'parse_request', 'ac_parse_request' );

 function ac_parse_request() {

 	// Check for SSO request
 	if ( isset( $_GET['request'] ) && $_GET['request'] == 'sso' ) {

 		// Variables
 		$sso_secret = 'your_sso_secret';
 		$discourse_url = 'http://discourse.example.com'; // no trailing slash
 		$email = get_option( 'admin_email' );

 		//
 		// Check if user is logged in to WordPress
 		//

 		// Not logged in to WordPress, redirect to WordPress login page with redirect back to here
 		if ( ! is_user_logged_in() ) {

 			// Preserve sso and sig parameters
 			$redirect = add_query_arg( '', '' );

 			// Change %0A to %0B so it's not stripped out in wp_sanitize_redirect
 			$redirect = str_replace( '%0A', '%0B', $redirect );

 			// Build login URL
 			$login = wp_login_url( $redirect );

 			// Redirect to login
 			wp_redirect( $login );
 			exit;

 		}

 		// Logged in to WordPress, now try to log in to Discourse with WordPress user information
 		else {

 			// Payload and signature
 			$payload = $_GET['sso'];
 			$sig = $_GET['sig'];

 			// Change %0B back to %0A
 			$payload = urldecode( str_replace( '%0B', '%0A', urlencode( $payload ) ) );

 			// Check for helper class
 			if ( ! class_exists( 'Discourse_SSO' ) ) {

 				// Error message
 				echo( 'Helper class is not properly included.' );

 				// Terminate
 				exit;

 			}

 			// Validate signature
 			$sso = new Discourse_SSO( $sso_secret );

 			if ( ! ( $sso->validate( $payload, $sig ) ) ) {

 				// Error message
 				echo( '<p>Something went wrong. An administrator has been notified and will look into the issue.</p>' );
 				
 				// Notify administrator
 				mail( $email, 'Invalid SSO Request', $current_user->user_login . ' ' . $current_user->user_email );

 				// Terminate
 				exit;

 			}

 			// Nonce    
 			$nonce = $sso->getNonce( $payload );

 			// Current user info
 			get_currentuserinfo();

 			// Map information
 			$params = array(
 				'nonce' => $nonce,
 				'name' => $current_user->display_name,
 				'username' => $current_user->user_login,
 				'email' => $current_user->user_email,
 				'about_me' => $current_user->description,
 				'external_id' => $current_user->ID
 			);

 			// Build login string
 			$q = $sso->buildLoginString( $params );

 			// Redirect back to Discourse
 			wp_redirect( $discourse_url . '/session/sso_login?' . $q );
 			exit;

 		}

 	}

 }
	<?php
	/**
	* SSO "Page"
	*
	*/
	add_action( 'parse_request', 'ac_parse_request' );

	function ac_parse_request() {

	// Check for SSO request
	if ( isset( $_GET['request'] ) && $_GET['request'] == 'sso' ) {

	// Variables
	$sso_secret = 'your_sso_secret';
	$discourse_url = 'http://discourse.example.com'; // no trailing slash
	$email = get_option( 'admin_email' );

	//
	// Check if user is logged in to WordPress
	//

	// Not logged in to WordPress, redirect to WordPress login page with redirect back to here
	if ( ! is_user_logged_in() ) {

	// Preserve sso and sig parameters
	$redirect = add_query_arg( '', '' );

	// Change %0A to %0B so it's not stripped out in wp_sanitize_redirect
	$redirect = str_replace( '%0A', '%0B', $redirect );

	// Build login URL
	$login = wp_login_url( $redirect );

	// Redirect to login
	wp_redirect( $login );
	exit;

	}

	// Logged in to WordPress, now try to log in to Discourse with WordPress user information
	else {

	// Payload and signature
	$payload = $_GET['sso'];
	$sig = $_GET['sig'];

	// Change %0B back to %0A
	$payload = urldecode( str_replace( '%0B', '%0A', urlencode( $payload ) ) );

	// Check for helper class
	if ( ! class_exists( 'Discourse_SSO' ) ) {

	// Error message
	echo( 'Helper class is not properly included.' );

	// Terminate
	exit;

	}

	// Validate signature
	$sso = new Discourse_SSO( $sso_secret );

	if ( ! ( $sso->validate( $payload, $sig ) ) ) {

	// Error message
	echo( '<p>Something went wrong. An administrator has been notified and will look into the issue.</p>' );

	// Notify administrator
	mail( $email, 'Invalid SSO Request', $current_user->user_login . ' ' . $current_user->user_email );

	// Terminate
	exit;

	}

	// Nonce
	$nonce = $sso->getNonce( $payload );

	// Current user info
	get_currentuserinfo();

	// Map information
	$params = array(
	'nonce' => $nonce,
	'name' => $current_user->display_name,
	'username' => $current_user->user_login,
	'email' => $current_user->user_email,
	'about_me' => $current_user->description,
	'external_id' => $current_user->ID
	);

	// Build login string
	$q = $sso->buildLoginString( $params );

	// Redirect back to Discourse
	wp_redirect( $discourse_url . '/session/sso_login?' . $q );
	exit;

	}

	}

	}