Merge pull request #113 from pantheon-systems/111-persist-redirect-to

Persist `redirect_to` value in a more accurate manner
pantheon-systems · Feb 13, 2018 · 5013989 · 5013989
2 parents ebaa7a5 + 1e3862b
commit 5013989
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 **Tags:** authentication, SAML  
 **Requires at least:** 4.4  
 **Tested up to:** 4.9  
-**Stable tag:** 0.3.6  
+**Stable tag:** 0.3.7  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -253,6 +253,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati
 
 ## Changelog ##
 
+### 0.3.7 (February 13, 2018) ###
+* Persists `redirect_to` value in a more accurate manner, as a follow up to the change in v0.3.6 [[#113](https://github.com/pantheon-systems/wp-saml-auth/pull/113)].
+
 ### 0.3.6 (February 7, 2018) ###
 * Prevents WordPress from dropping authentication cookie when user is redirected to login from `/wp-admin/` URLs [[#112](https://github.com/pantheon-systems/wp-saml-auth/pull/112)].
 

diff --git a/inc/class-wp-saml-auth.php b/inc/class-wp-saml-auth.php
@@ -241,11 +241,19 @@ public function do_saml_authentication() {
 				$this->provider->login( $redirect_to );
 			}
 		} elseif ( is_a( $this->provider, 'SimpleSAML_Auth_Simple' ) ) {
+			$redirect_to = filter_input( INPUT_GET, 'redirect_to', FILTER_SANITIZE_URL );
+			if ( $redirect_to ) {
+				$redirect_to = add_query_arg( 'redirect_to', $redirect_to, wp_login_url() );
+			} else {
+				$redirect_to = wp_login_url();
+				// Only persist redirect_to when it's not wp-login.php.
+				if ( false === stripos( $redirect_to, $_SERVER['REQUEST_URI'] ) ) {
+					$redirect_to = add_query_arg( 'redirect_to', $_SERVER['REQUEST_URI'], $redirect_to );
+				}
+			}
 			$this->provider->requireAuth(
 				array(
-					// Prevent WordPress from dropping the login cookie
-					// when REQUEST_URI is /wp-admin/.
-					'ReturnTo' => str_replace( '&reauth=1', '', $_SERVER['REQUEST_URI'] ),
+					'ReturnTo' => $redirect_to,
 				)
 			);
 			$attributes = $this->provider->getAttributes();

diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Contributors: getpantheon, danielbachhuber, Outlandish Josh
 Tags: authentication, SAML
 Requires at least: 4.4
 Tested up to: 4.9
-Stable tag: 0.3.6
+Stable tag: 0.3.7
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -253,6 +253,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati
 
 == Changelog ==
 
+= 0.3.7 (February 13, 2018) =
+* Persists `redirect_to` value in a more accurate manner, as a follow up to the change in v0.3.6 [[#113](https://github.com/pantheon-systems/wp-saml-auth/pull/113)].
+
 = 0.3.6 (February 7, 2018) =
 * Prevents WordPress from dropping authentication cookie when user is redirected to login from `/wp-admin/` URLs [[#112](https://github.com/pantheon-systems/wp-saml-auth/pull/112)].
 

diff --git a/wp-saml-auth.php b/wp-saml-auth.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * Plugin Name: WP SAML Auth
- * Version: 0.3.6
+ * Version: 0.3.7
  * Description: SAML authentication for WordPress, using SimpleSAMLphp.
  * Author: Pantheon
  * Author URI: https://pantheon.io