Clean up admin notices

This commit will remove duplicate error messages when the plugin is not setup, use proper HTML format for error messages, and sanitize URL parameters that are output in messages.
auth0 · Apr 5, 2018 · 0339da7 · 0339da7
1 parent 53e20ee
commit 0339da7
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 67 deletions.
diff --git a/lib/WP_Auth0_Import_Settings.php b/lib/WP_Auth0_Import_Settings.php
@@ -18,15 +18,10 @@ public function init() {
 	}
 
 	public function show_error() {
-?>
-		<div id="message" class="error">
-			<p>
-				<strong>
-					<?php echo $_REQUEST['error']; ?>
-				</strong>
-			</p>
-		</div>
-		<?php
+		printf(
+			'<div class="notice notice-error"><p><strong>%s</strong></p></div>',
+			sanitize_text_field( $_REQUEST['error'] )
+		);
 	}
 
 	public function render_import_settings_page() {

diff --git a/lib/admin/WP_Auth0_Admin.php b/lib/admin/WP_Auth0_Admin.php
@@ -70,16 +70,10 @@ public function admin_enqueue() {
 			return;
 		}
 
-		$client_id = $this->a0_options->get( 'client_id' );
-		$secret = $this->a0_options->get( 'client_secret' );
-		$domain = $this->a0_options->get( 'domain' );
-
-		if ( empty( $client_id ) || empty( $secret ) || empty( $domain ) ) {
+		if ( ! WP_Auth0::ready() ) {
 			add_action( 'admin_notices', array( $this, 'create_account_message' ) );
 		}
 
-		$this->validate_required_api_scopes();
-
 		wp_enqueue_media();
 		wp_enqueue_script( 'wpa0_admin', WPA0_PLUGIN_URL . 'assets/js/admin.js' );
 		wp_enqueue_script( 'wpa0_async', WPA0_PLUGIN_URL . 'assets/lib/async.min.js' );
@@ -94,25 +88,9 @@ public function admin_enqueue() {
 			) );
 	}
 
-	protected function validate_required_api_scopes() {
-		$app_token = $this->a0_options->get( 'auth0_app_token' );
-		if ( ! $app_token ) {
-			add_action( 'admin_notices', array( $this, 'cant_connect_to_auth0' ) );
-		}
-	}
-
+	// TODO: Deprecate, not used
 	public function cant_connect_to_auth0() {
-?>
-		<div id="message" class="error">
-			<p>
-				<strong>
-					<?php echo __( 'The current user is not authorized to manage the Auth0 account. You must be both a WordPress site administrator and a user known to Auth0 to control Auth0 from this settings page. Please see the', 'wp-auth0' ); ?>
-					<a href="https://auth0.com/docs/cms/wordpress/troubleshoot#the-settings-page-shows-me-this-warning-the-current-user-is-not-authorized-to-manage-the-auth0-account-"><?php echo __( 'documentation', 'wp-auth0' ); ?></a>
-					<?php echo __( 'for more information.', 'wp-auth0' ); ?>
-				</strong>
-			</p>
-		</div>
-		<?php
+		// Not used
 	}
 
 	public function init_admin() {
@@ -154,18 +132,20 @@ public function input_validator( $input ) {
 		return $input;
 	}
 
+	/**
+	 * Show a message on all Auth0 admin pages when the plugin is not ready to process logins
+	 */
 	public function create_account_message() {
-?>
-		<div id="message" class="updated">
-			<p>
-				<strong>
-					<?php echo __( 'In order to use this plugin, you need to first', 'wp-auth0' ); ?>
-					<a target="_blank" href="https://manage.auth0.com/#/applications"><?php echo __( 'create an application', 'wp-auth0' ); ?></a>
-					<?php echo __( ' on Auth0 and copy the information here.', 'wp-auth0' ); ?>
-				</strong>
-			</p>
-		</div>
-		<?php
+		printf(
+			'<div class="update-nag">%s<strong><a href="%s">%s</a></strong>%s
+			<strong><a href="https://auth0.com/docs/cms/wordpress/installation#manual-setup" target="_blank">
+			%s</a></strong>.</div>',
+			__( 'Login by Auth0 is not yet configured. Please use the ', 'wp-auth0' ),
+			admin_url( 'admin.php?page=wpa0-setup' ),
+			__( 'Setup Wizard', 'wp-auth0' ),
+			__( ' or follow the ', 'wp-auth0' ),
+			__( 'Manual setup instructions', 'wp-auth0' )
+		);
 	}
 
 	protected function get_social_connection( $provider, $name, $icon ) {

diff --git a/lib/initial-setup/WP_Auth0_InitialSetup.php b/lib/initial-setup/WP_Auth0_InitialSetup.php
@@ -37,15 +37,6 @@ public function init() {
 				add_action( 'admin_notices', array( $this, 'notify_error' ) );
 			}
 		}
-		if ( ! isset( $_REQUEST['page'] ) || 'wpa0-setup' !== $_REQUEST['page'] ) {
-			$client_id = $this->a0_options->get( 'client_id' );
-			$client_secret = $this->a0_options->get( 'client_secret' );
-			$domain = $this->a0_options->get( 'domain' );
-
-			if ( ( ! $client_id ) || ( ! $client_secret ) || ( ! $domain ) ) {
-				add_action( 'admin_notices', array( $this, 'notify_setup' ) );
-			}
-		}
 
 		if ( isset( $_REQUEST['error'] ) && 'cant_create_client' == $_REQUEST['error'] ) {
 			add_action( 'admin_notices', array( $this, 'cant_create_client_message' ) );
@@ -87,20 +78,13 @@ public function admin_enqueue() {
 		wp_enqueue_style( 'media' );
 	}
 
+	// TODO: Deprecate
 	public function notify_setup() {
-?>
-  		<div class="update-nag">
-        Auth0 for WordPress is not yet configured. Click <a href="<?php echo admin_url( 'admin.php?page=wpa0-setup' ); ?>">HERE</a> to configure the Auth0 for WordPress plugin using the Quick Setup Wizard.
-  		</div>
-  		<?php
+		// Not used
 	}
 
 	public function notify_error() {
-?>
-  		<div class="error">
-        <?php echo $_REQUEST['error']; ?>
-  		</div>
-  		<?php
+		printf( '<div class="notice notice-error">%s</div>', strip_tags( $_REQUEST['error'] ) );
 	}
 
 	public function render_setup_page() {
@@ -199,7 +183,6 @@ public function cant_exchange_token_message() {
 	}
 
 	public function rejected_message() {
-		$domain = $this->a0_options->get( 'domain' );
 ?>
       <div id="message" class="error">
         <p>
@@ -210,10 +193,10 @@ public function rejected_message() {
       </div>
       <?php
 	}
+
 	public function access_denied() {
-		$domain = $this->a0_options->get( 'domain' );
 ?>
-  		<div id="message" class="error">
+  		<div class="notice notice-error">
   			<p>
   				<strong>
   					<?php echo __( 'Please create your Auth0 account first at ', 'wp-auth0' ); ?>