diff --git a/README.md b/README.md index 525b0ca..04c6bca 100644 --- a/README.md +++ b/README.md @@ -277,6 +277,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati ## Changelog ## +### 1.0.1 (May 26, 2020) ### +* Allows redirecting back to `wp-login.php` while avoiding redirect loop [[#192](https://github.com/pantheon-systems/wp-saml-auth/pull/192)]. + ### 1.0.0 (March 2, 2020) ### * Plugin is stable. diff --git a/composer.lock b/composer.lock index 54ccaa2..4f0a9c5 100644 --- a/composer.lock +++ b/composer.lock @@ -723,16 +723,16 @@ }, { "name": "guzzlehttp/guzzle", - "version": "6.5.3", + "version": "6.5.4", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "aab4ebd862aa7d04f01a4b51849d657db56d882e" + "reference": "a4a1b6930528a8f7ee03518e6442ec7a44155d9d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/aab4ebd862aa7d04f01a4b51849d657db56d882e", - "reference": "aab4ebd862aa7d04f01a4b51849d657db56d882e", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/a4a1b6930528a8f7ee03518e6442ec7a44155d9d", + "reference": "a4a1b6930528a8f7ee03518e6442ec7a44155d9d", "shasum": "" }, "require": { @@ -740,7 +740,7 @@ "guzzlehttp/promises": "^1.0", "guzzlehttp/psr7": "^1.6.1", "php": ">=5.5", - "symfony/polyfill-intl-idn": "^1.11" + "symfony/polyfill-intl-idn": "1.17.0" }, "require-dev": { "ext-curl": "*", @@ -786,7 +786,7 @@ "rest", "web service" ], - "time": "2020-04-18T10:38:46+00:00" + "time": "2020-05-25T19:35:05+00:00" }, { "name": "guzzlehttp/promises", @@ -3179,16 +3179,16 @@ }, { "name": "symfony/polyfill-ctype", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "1aab00e39cebaef4d8652497f46c15c1b7e45294" + "reference": "e94c8b1bbe2bc77507a1056cdb06451c75b427f9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/1aab00e39cebaef4d8652497f46c15c1b7e45294", - "reference": "1aab00e39cebaef4d8652497f46c15c1b7e45294", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/e94c8b1bbe2bc77507a1056cdb06451c75b427f9", + "reference": "e94c8b1bbe2bc77507a1056cdb06451c75b427f9", "shasum": "" }, "require": { @@ -3200,7 +3200,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3247,20 +3247,20 @@ "type": "tidelift" } ], - "time": "2020-05-08T16:50:20+00:00" + "time": "2020-05-12T16:14:59+00:00" }, { "name": "symfony/polyfill-intl-idn", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-idn.git", - "reference": "ab0af41deab94ec8dceb3d1fb408bdd038eba4dc" + "reference": "3bff59ea7047e925be6b7f2059d60af31bb46d6a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/ab0af41deab94ec8dceb3d1fb408bdd038eba4dc", - "reference": "ab0af41deab94ec8dceb3d1fb408bdd038eba4dc", + "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/3bff59ea7047e925be6b7f2059d60af31bb46d6a", + "reference": "3bff59ea7047e925be6b7f2059d60af31bb46d6a", "shasum": "" }, "require": { @@ -3274,7 +3274,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3323,20 +3323,20 @@ "type": "tidelift" } ], - "time": "2020-05-08T16:50:20+00:00" + "time": "2020-05-12T16:47:27+00:00" }, { "name": "symfony/polyfill-mbstring", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "a54881ec0ab3b2005c406aed0023c062879031e7" + "reference": "fa79b11539418b02fc5e1897267673ba2c19419c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/a54881ec0ab3b2005c406aed0023c062879031e7", - "reference": "a54881ec0ab3b2005c406aed0023c062879031e7", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fa79b11539418b02fc5e1897267673ba2c19419c", + "reference": "fa79b11539418b02fc5e1897267673ba2c19419c", "shasum": "" }, "require": { @@ -3348,7 +3348,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3396,20 +3396,20 @@ "type": "tidelift" } ], - "time": "2020-05-08T16:50:20+00:00" + "time": "2020-05-12T16:47:27+00:00" }, { "name": "symfony/polyfill-php72", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php72.git", - "reference": "42fda6d7380e5c940d7f68341ccae89d5ab9963b" + "reference": "f048e612a3905f34931127360bdd2def19a5e582" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/42fda6d7380e5c940d7f68341ccae89d5ab9963b", - "reference": "42fda6d7380e5c940d7f68341ccae89d5ab9963b", + "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/f048e612a3905f34931127360bdd2def19a5e582", + "reference": "f048e612a3905f34931127360bdd2def19a5e582", "shasum": "" }, "require": { @@ -3418,7 +3418,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3465,20 +3465,20 @@ "type": "tidelift" } ], - "time": "2020-05-08T17:28:34+00:00" + "time": "2020-05-12T16:47:27+00:00" }, { "name": "symfony/polyfill-php73", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php73.git", - "reference": "7e95fe59d12169fcf4041487e4bf34fca37ee0ed" + "reference": "a760d8964ff79ab9bf057613a5808284ec852ccc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/7e95fe59d12169fcf4041487e4bf34fca37ee0ed", - "reference": "7e95fe59d12169fcf4041487e4bf34fca37ee0ed", + "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/a760d8964ff79ab9bf057613a5808284ec852ccc", + "reference": "a760d8964ff79ab9bf057613a5808284ec852ccc", "shasum": "" }, "require": { @@ -3487,7 +3487,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3537,7 +3537,7 @@ "type": "tidelift" } ], - "time": "2020-05-02T14:56:09+00:00" + "time": "2020-05-12T16:47:27+00:00" }, { "name": "symfony/service-contracts", @@ -3907,16 +3907,16 @@ }, { "name": "wp-coding-standards/wpcs", - "version": "2.2.1", + "version": "2.3.0", "source": { "type": "git", "url": "https://github.com/WordPress/WordPress-Coding-Standards.git", - "reference": "b5a453203114cc2284b1a614c4953456fbe4f546" + "reference": "7da1894633f168fe244afc6de00d141f27517b62" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/WordPress/WordPress-Coding-Standards/zipball/b5a453203114cc2284b1a614c4953456fbe4f546", - "reference": "b5a453203114cc2284b1a614c4953456fbe4f546", + "url": "https://api.github.com/repos/WordPress/WordPress-Coding-Standards/zipball/7da1894633f168fe244afc6de00d141f27517b62", + "reference": "7da1894633f168fe244afc6de00d141f27517b62", "shasum": "" }, "require": { @@ -3926,6 +3926,7 @@ "require-dev": { "dealerdirect/phpcodesniffer-composer-installer": "^0.5 || ^0.6", "phpcompatibility/php-compatibility": "^9.0", + "phpcsstandards/phpcsdevtools": "^1.0", "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0" }, "suggest": { @@ -3948,7 +3949,7 @@ "standards", "wordpress" ], - "time": "2020-02-04T02:52:06+00:00" + "time": "2020-05-13T23:57:56+00:00" } ], "aliases": [], diff --git a/inc/class-wp-saml-auth.php b/inc/class-wp-saml-auth.php index 3de8805..4a117d4 100644 --- a/inc/class-wp-saml-auth.php +++ b/inc/class-wp-saml-auth.php @@ -243,16 +243,23 @@ public function do_saml_authentication() { // Translators: Includes error reason from OneLogin. return new WP_Error( 'wp_saml_auth_unauthenticated', sprintf( __( 'User is not authenticated with SAML IdP. Reason: %s', 'wp-saml-auth' ), $this->provider->getLastErrorReason() ) ); } - $attributes = $this->provider->getAttributes(); - $redirect_to = filter_input( INPUT_POST, 'RelayState', FILTER_SANITIZE_URL ); - if ( $redirect_to && false === stripos( $redirect_to, parse_url( wp_login_url(), PHP_URL_PATH ) ) ) { - add_filter( - 'login_redirect', - function() use ( $redirect_to ) { - return $redirect_to; - }, - 1 - ); + $attributes = $this->provider->getAttributes(); + $redirect_to = filter_input( INPUT_POST, 'RelayState', FILTER_SANITIZE_URL ); + $permit_wp_login = self::get_option( 'permit_wp_login' ); + if ( $redirect_to ) { + // When $permit_wp_login=true, we only care about accidentially triggering the redirect + // to the IDP. However, when $permit_wp_login=false, hitting wp-login will always + // trigger the IDP redirect. + if ( ( $permit_wp_login && false === stripos( $redirect_to, 'action=wp-saml-auth' ) ) + || ( ! $permit_wp_login && false === stripos( $redirect_to, parse_url( wp_login_url(), PHP_URL_PATH ) ) ) ) { + add_filter( + 'login_redirect', + function() use ( $redirect_to ) { + return $redirect_to; + }, + 1 + ); + } } } else { $redirect_to = filter_input( INPUT_GET, 'redirect_to', FILTER_SANITIZE_URL ); diff --git a/languages/wp-saml-auth.pot b/languages/wp-saml-auth.pot index 3ebd640..be3ace6 100644 --- a/languages/wp-saml-auth.pot +++ b/languages/wp-saml-auth.pot @@ -2,14 +2,14 @@ # This file is distributed under the same license as the WP SAML Auth plugin. msgid "" msgstr "" -"Project-Id-Version: WP SAML Auth 0.8.3\n" +"Project-Id-Version: WP SAML Auth 1.0.1\n" "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-saml-auth\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"POT-Creation-Date: 2020-02-03T23:02:50+00:00\n" +"POT-Creation-Date: 2020-05-26T12:03:20+00:00\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "X-Generator: WP-CLI 2.4.0\n" "X-Domain: wp-saml-auth\n" @@ -209,19 +209,19 @@ msgstr "" msgid "User is not authenticated with SAML IdP. Reason: %s" msgstr "" -#: inc/class-wp-saml-auth.php:290 +#: inc/class-wp-saml-auth.php:297 msgid "Invalid provider specified for SAML authentication" msgstr "" -#: inc/class-wp-saml-auth.php:315 +#: inc/class-wp-saml-auth.php:322 msgid "No attributes were present in SAML response. Attributes are used to create and fetch users. Please contact your administrator" msgstr "" #. Translators: Communicates how the user is fetched based on the SAML response. -#: inc/class-wp-saml-auth.php:322 +#: inc/class-wp-saml-auth.php:329 msgid "\"%1$s\" attribute is expected, but missing, in SAML response. Attribute is used to fetch existing user by \"%2$s\". Please contact your administrator." msgstr "" -#: inc/class-wp-saml-auth.php:337 +#: inc/class-wp-saml-auth.php:344 msgid "No WordPress user exists for your account. Please contact your administrator." msgstr "" diff --git a/readme.txt b/readme.txt index 5831d59..36fa954 100644 --- a/readme.txt +++ b/readme.txt @@ -277,6 +277,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati == Changelog == += 1.0.1 (May 26, 2020) = +* Allows redirecting back to `wp-login.php` while avoiding redirect loop [[#192](https://github.com/pantheon-systems/wp-saml-auth/pull/192)]. + = 1.0.0 (March 2, 2020) = * Plugin is stable. diff --git a/wp-saml-auth.php b/wp-saml-auth.php index 0f0db8c..e207df5 100644 --- a/wp-saml-auth.php +++ b/wp-saml-auth.php @@ -1,7 +1,7 @@