205 lines
9.3 KiB
PHP
205 lines
9.3 KiB
PHP
<?php
|
||
if ( ! defined( 'ABSPATH' ) ) exit;
|
||
|
||
add_action( 'admin_menu', 'authentik_admin_menu' );
|
||
function authentik_admin_menu() {
|
||
add_options_page(
|
||
'Authentik Login',
|
||
'Authentik Login',
|
||
'manage_options',
|
||
'authentik-login',
|
||
'authentik_settings_page'
|
||
);
|
||
}
|
||
|
||
add_action( 'admin_init', 'authentik_register_settings' );
|
||
function authentik_register_settings() {
|
||
register_setting( 'authentik_settings_group', 'authentik_settings', 'authentik_sanitize_settings' );
|
||
}
|
||
|
||
function authentik_sanitize_settings( $input ) {
|
||
$clean = [];
|
||
$fields = [
|
||
'client_id', 'client_secret', 'discovery_url',
|
||
'redirect_uri', 'default_role', 'admin_group',
|
||
'timeout'
|
||
];
|
||
foreach ( $fields as $f ) {
|
||
$clean[ $f ] = isset( $input[ $f ] ) ? sanitize_text_field( $input[ $f ] ) : '';
|
||
}
|
||
$clean['create_users'] = ! empty( $input['create_users'] ) ? 1 : 0;
|
||
$clean['link_existing'] = ! empty( $input['link_existing'] ) ? 1 : 0;
|
||
$clean['sync_roles'] = ! empty( $input['sync_roles'] ) ? 1 : 0;
|
||
return $clean;
|
||
}
|
||
|
||
function authentik_get_settings() {
|
||
$defaults = [
|
||
'client_id' => '',
|
||
'client_secret' => '',
|
||
'discovery_url' => '',
|
||
'redirect_uri' => admin_url( 'admin-ajax.php?action=authentik_callback' ),
|
||
'default_role' => 'subscriber',
|
||
'admin_group' => 'wordpress_admin',
|
||
'timeout' => 30,
|
||
'create_users' => 1,
|
||
'link_existing' => 1,
|
||
'sync_roles' => 1,
|
||
];
|
||
$saved = get_option( 'authentik_settings', [] );
|
||
return wp_parse_args( $saved, $defaults );
|
||
}
|
||
|
||
function authentik_settings_page() {
|
||
$s = authentik_get_settings();
|
||
?>
|
||
<div class="wrap">
|
||
<h1>Authentik Login – Einstellungen</h1>
|
||
|
||
<?php
|
||
// Discovery import
|
||
if ( isset( $_POST['authentik_import_discovery'] ) && check_admin_referer( 'authentik_import' ) ) {
|
||
$url = esc_url_raw( $_POST['discovery_url_import'] ?? '' );
|
||
$res = wp_remote_get( $url, [ 'timeout' => 15 ] );
|
||
if ( ! is_wp_error( $res ) ) {
|
||
$data = json_decode( wp_remote_retrieve_body( $res ), true );
|
||
if ( $data ) {
|
||
$map = [
|
||
'authorization_endpoint' => 'authorize_url',
|
||
'token_endpoint' => 'token_url',
|
||
'userinfo_endpoint' => 'userinfo_url',
|
||
'jwks_uri' => 'jwks_url',
|
||
'issuer' => 'issuer',
|
||
'end_session_endpoint' => 'logout_url',
|
||
];
|
||
foreach ( $map as $key => $opt ) {
|
||
if ( isset( $data[ $key ] ) ) {
|
||
update_option( 'authentik_oidc_' . $opt, $data[ $key ] );
|
||
}
|
||
}
|
||
echo '<div class="notice notice-success"><p>Discovery-Dokument erfolgreich importiert!</p></div>';
|
||
}
|
||
} else {
|
||
echo '<div class="notice notice-error"><p>Fehler: ' . esc_html( $res->get_error_message() ) . '</p></div>';
|
||
}
|
||
}
|
||
?>
|
||
|
||
<form method="post" action="">
|
||
<?php wp_nonce_field( 'authentik_import' ); ?>
|
||
<h2>Discovery-Dokument importieren</h2>
|
||
<table class="form-table">
|
||
<tr>
|
||
<th>Discovery URL</th>
|
||
<td>
|
||
<input type="url" name="discovery_url_import" class="regular-text"
|
||
placeholder="https://auth.example.com/application/o/app/.well-known/openid-configuration"
|
||
value="<?php echo esc_attr( $s['discovery_url'] ); ?>">
|
||
<input type="submit" name="authentik_import_discovery" class="button button-secondary" value="Importieren">
|
||
<p class="description">Trägt alle Endpunkt-URLs automatisch ein.</p>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</form>
|
||
|
||
<form method="post" action="options.php">
|
||
<?php settings_fields( 'authentik_settings_group' ); ?>
|
||
|
||
<h2>Client-Einstellungen</h2>
|
||
<table class="form-table">
|
||
<tr>
|
||
<th>Client ID</th>
|
||
<td><input type="text" name="authentik_settings[client_id]" class="regular-text" value="<?php echo esc_attr( $s['client_id'] ); ?>"></td>
|
||
</tr>
|
||
<tr>
|
||
<th>Client Secret</th>
|
||
<td><input type="password" name="authentik_settings[client_secret]" class="regular-text" value="<?php echo esc_attr( $s['client_secret'] ); ?>"></td>
|
||
</tr>
|
||
<tr>
|
||
<th>Discovery URL</th>
|
||
<td>
|
||
<input type="url" name="authentik_settings[discovery_url]" class="regular-text" value="<?php echo esc_attr( $s['discovery_url'] ); ?>">
|
||
<p class="description">Wird gespeichert aber nicht direkt verwendet – nutze den Import-Button oben.</p>
|
||
</td>
|
||
</tr>
|
||
<tr>
|
||
<th>Redirect URI</th>
|
||
<td>
|
||
<input type="url" name="authentik_settings[redirect_uri]" class="regular-text" value="<?php echo esc_attr( $s['redirect_uri'] ); ?>">
|
||
<p class="description">Diese URI muss exakt in Authentik eingetragen sein.</p>
|
||
</td>
|
||
</tr>
|
||
<tr>
|
||
<th>HTTP-Timeout (Sekunden)</th>
|
||
<td><input type="number" name="authentik_settings[timeout]" value="<?php echo esc_attr( $s['timeout'] ); ?>" min="5" max="60"></td>
|
||
</tr>
|
||
</table>
|
||
|
||
<h2>Benutzer-Einstellungen</h2>
|
||
<table class="form-table">
|
||
<tr>
|
||
<th>Neue Benutzer erstellen</th>
|
||
<td><input type="checkbox" name="authentik_settings[create_users]" value="1" <?php checked( $s['create_users'], 1 ); ?>>
|
||
<p class="description">Erstellt automatisch einen WordPress-Account wenn kein passender User gefunden wird.</p>
|
||
</td>
|
||
</tr>
|
||
<tr>
|
||
<th>Bestehende User verknüpfen</th>
|
||
<td><input type="checkbox" name="authentik_settings[link_existing]" value="1" <?php checked( $s['link_existing'], 1 ); ?>>
|
||
<p class="description">Verknüpft Authentik-Login mit bestehendem WordPress-Account (per E-Mail oder Benutzername).</p>
|
||
</td>
|
||
</tr>
|
||
<tr>
|
||
<th>Rollen synchronisieren</th>
|
||
<td><input type="checkbox" name="authentik_settings[sync_roles]" value="1" <?php checked( $s['sync_roles'], 1 ); ?>>
|
||
<p class="description">Überträgt Authentik-Gruppen als WordPress-Rollen.</p>
|
||
</td>
|
||
</tr>
|
||
<tr>
|
||
<th>Standard-Rolle</th>
|
||
<td>
|
||
<?php wp_dropdown_roles( $s['default_role'] ); ?>
|
||
<input type="hidden" name="authentik_settings[default_role]" value="">
|
||
<select name="authentik_settings[default_role]">
|
||
<?php
|
||
foreach ( wp_roles()->roles as $role => $data ) {
|
||
echo '<option value="' . esc_attr( $role ) . '" ' . selected( $s['default_role'], $role, false ) . '>' . esc_html( $data['name'] ) . '</option>';
|
||
}
|
||
?>
|
||
</select>
|
||
<p class="description">Rolle für neue Benutzer ohne passende Authentik-Gruppe.</p>
|
||
</td>
|
||
</tr>
|
||
<tr>
|
||
<th>Admin-Gruppe in Authentik</th>
|
||
<td>
|
||
<input type="text" name="authentik_settings[admin_group]" class="regular-text" value="<?php echo esc_attr( $s['admin_group'] ); ?>">
|
||
<p class="description">Authentik-Gruppenname der WordPress-Administratoren werden soll (z.B. <code>wordpress_admin</code>).</p>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
|
||
<h2>Erkannte Endpunkte</h2>
|
||
<table class="form-table">
|
||
<?php
|
||
$endpoints = [
|
||
'authentik_oidc_authorize_url' => 'Authorize URL',
|
||
'authentik_oidc_token_url' => 'Token URL',
|
||
'authentik_oidc_userinfo_url' => 'Userinfo URL',
|
||
'authentik_oidc_jwks_url' => 'JWKS URL',
|
||
'authentik_oidc_issuer' => 'Issuer',
|
||
'authentik_oidc_logout_url' => 'Logout URL',
|
||
];
|
||
foreach ( $endpoints as $opt => $label ) {
|
||
$val = get_option( $opt, '–' );
|
||
echo '<tr><th>' . esc_html( $label ) . '</th><td><code>' . esc_html( $val ) . '</code></td></tr>';
|
||
}
|
||
?>
|
||
</table>
|
||
|
||
<?php submit_button( 'Einstellungen speichern' ); ?>
|
||
</form>
|
||
</div>
|
||
<?php
|
||
}
|