From e2713c92ae5a5cd3b9fd6bf43e1a3565cec29cba Mon Sep 17 00:00:00 2001 From: Daniel Bachhuber Date: Thu, 21 May 2020 05:10:45 -0700 Subject: [PATCH 1/6] Allow redirecting back to `wp-login.php` while avoiding redirect loop --- inc/class-wp-saml-auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/class-wp-saml-auth.php b/inc/class-wp-saml-auth.php index 3de8805..3411db5 100644 --- a/inc/class-wp-saml-auth.php +++ b/inc/class-wp-saml-auth.php @@ -245,7 +245,7 @@ public function do_saml_authentication() { } $attributes = $this->provider->getAttributes(); $redirect_to = filter_input( INPUT_POST, 'RelayState', FILTER_SANITIZE_URL ); - if ( $redirect_to && false === stripos( $redirect_to, parse_url( wp_login_url(), PHP_URL_PATH ) ) ) { + if ( $redirect_to && false === stripos( $redirect_to, 'action=wp-saml-auth' ) ) { add_filter( 'login_redirect', function() use ( $redirect_to ) { From c40cbd45a1aa52b41dbcd040cf0eef40aed5ab88 Mon Sep 17 00:00:00 2001 From: Daniel Bachhuber Date: Thu, 21 May 2020 05:20:29 -0700 Subject: [PATCH 2/6] Disable cleanup so we can see what's failing --- .circleci/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9235417..4d13367 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -53,4 +53,3 @@ jobs: - run: ./bin/behat-test.sh --strict - run: command: ./bin/behat-cleanup.sh - when: always From 790a075a2a7573dfac521f8000dee63fd67f12e1 Mon Sep 17 00:00:00 2001 From: Daniel Bachhuber Date: Thu, 21 May 2020 05:39:11 -0700 Subject: [PATCH 3/6] We need two separate behaviors depending on `$permit_wp_login` --- inc/class-wp-saml-auth.php | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/inc/class-wp-saml-auth.php b/inc/class-wp-saml-auth.php index 3411db5..4a117d4 100644 --- a/inc/class-wp-saml-auth.php +++ b/inc/class-wp-saml-auth.php @@ -243,16 +243,23 @@ public function do_saml_authentication() { // Translators: Includes error reason from OneLogin. return new WP_Error( 'wp_saml_auth_unauthenticated', sprintf( __( 'User is not authenticated with SAML IdP. Reason: %s', 'wp-saml-auth' ), $this->provider->getLastErrorReason() ) ); } - $attributes = $this->provider->getAttributes(); - $redirect_to = filter_input( INPUT_POST, 'RelayState', FILTER_SANITIZE_URL ); - if ( $redirect_to && false === stripos( $redirect_to, 'action=wp-saml-auth' ) ) { - add_filter( - 'login_redirect', - function() use ( $redirect_to ) { - return $redirect_to; - }, - 1 - ); + $attributes = $this->provider->getAttributes(); + $redirect_to = filter_input( INPUT_POST, 'RelayState', FILTER_SANITIZE_URL ); + $permit_wp_login = self::get_option( 'permit_wp_login' ); + if ( $redirect_to ) { + // When $permit_wp_login=true, we only care about accidentially triggering the redirect + // to the IDP. However, when $permit_wp_login=false, hitting wp-login will always + // trigger the IDP redirect. + if ( ( $permit_wp_login && false === stripos( $redirect_to, 'action=wp-saml-auth' ) ) + || ( ! $permit_wp_login && false === stripos( $redirect_to, parse_url( wp_login_url(), PHP_URL_PATH ) ) ) ) { + add_filter( + 'login_redirect', + function() use ( $redirect_to ) { + return $redirect_to; + }, + 1 + ); + } } } else { $redirect_to = filter_input( INPUT_GET, 'redirect_to', FILTER_SANITIZE_URL ); From 83d9eec5ecb86bee5bf52554784c9546f4efff33 Mon Sep 17 00:00:00 2001 From: Daniel Bachhuber Date: Thu, 21 May 2020 05:39:35 -0700 Subject: [PATCH 4/6] Revert "Disable cleanup so we can see what's failing" This reverts commit c40cbd45a1aa52b41dbcd040cf0eef40aed5ab88. --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4d13367..9235417 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -53,3 +53,4 @@ jobs: - run: ./bin/behat-test.sh --strict - run: command: ./bin/behat-cleanup.sh + when: always From 9c1f7a7d8b4fd38dd4001a5ad80f09c63f324a03 Mon Sep 17 00:00:00 2001 From: Daniel Bachhuber Date: Tue, 26 May 2020 05:03:33 -0700 Subject: [PATCH 5/6] Update README for v1.0.1 --- README.md | 3 +++ languages/wp-saml-auth.pot | 12 ++++++------ readme.txt | 3 +++ wp-saml-auth.php | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 525b0ca..04c6bca 100644 --- a/README.md +++ b/README.md @@ -277,6 +277,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati ## Changelog ## +### 1.0.1 (May 26, 2020) ### +* Allows redirecting back to `wp-login.php` while avoiding redirect loop [[#192](https://github.com/pantheon-systems/wp-saml-auth/pull/192)]. + ### 1.0.0 (March 2, 2020) ### * Plugin is stable. diff --git a/languages/wp-saml-auth.pot b/languages/wp-saml-auth.pot index 3ebd640..be3ace6 100644 --- a/languages/wp-saml-auth.pot +++ b/languages/wp-saml-auth.pot @@ -2,14 +2,14 @@ # This file is distributed under the same license as the WP SAML Auth plugin. msgid "" msgstr "" -"Project-Id-Version: WP SAML Auth 0.8.3\n" +"Project-Id-Version: WP SAML Auth 1.0.1\n" "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-saml-auth\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"POT-Creation-Date: 2020-02-03T23:02:50+00:00\n" +"POT-Creation-Date: 2020-05-26T12:03:20+00:00\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "X-Generator: WP-CLI 2.4.0\n" "X-Domain: wp-saml-auth\n" @@ -209,19 +209,19 @@ msgstr "" msgid "User is not authenticated with SAML IdP. Reason: %s" msgstr "" -#: inc/class-wp-saml-auth.php:290 +#: inc/class-wp-saml-auth.php:297 msgid "Invalid provider specified for SAML authentication" msgstr "" -#: inc/class-wp-saml-auth.php:315 +#: inc/class-wp-saml-auth.php:322 msgid "No attributes were present in SAML response. Attributes are used to create and fetch users. Please contact your administrator" msgstr "" #. Translators: Communicates how the user is fetched based on the SAML response. -#: inc/class-wp-saml-auth.php:322 +#: inc/class-wp-saml-auth.php:329 msgid "\"%1$s\" attribute is expected, but missing, in SAML response. Attribute is used to fetch existing user by \"%2$s\". Please contact your administrator." msgstr "" -#: inc/class-wp-saml-auth.php:337 +#: inc/class-wp-saml-auth.php:344 msgid "No WordPress user exists for your account. Please contact your administrator." msgstr "" diff --git a/readme.txt b/readme.txt index 5831d59..36fa954 100644 --- a/readme.txt +++ b/readme.txt @@ -277,6 +277,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati == Changelog == += 1.0.1 (May 26, 2020) = +* Allows redirecting back to `wp-login.php` while avoiding redirect loop [[#192](https://github.com/pantheon-systems/wp-saml-auth/pull/192)]. + = 1.0.0 (March 2, 2020) = * Plugin is stable. diff --git a/wp-saml-auth.php b/wp-saml-auth.php index 0f0db8c..e207df5 100644 --- a/wp-saml-auth.php +++ b/wp-saml-auth.php @@ -1,7 +1,7 @@ Date: Tue, 26 May 2020 05:04:49 -0700 Subject: [PATCH 6/6] Update Composer dependencies ``` Loading composer repositories with package information Updating dependencies (including require-dev) Package operations: 0 installs, 7 updates, 0 removals - Updating wp-coding-standards/wpcs (2.2.1 => 2.3.0): Loading from cache - Updating symfony/polyfill-ctype (v1.16.0 => v1.17.0): Loading from cache - Updating symfony/polyfill-php73 (v1.16.0 => v1.17.0): Loading from cache - Updating symfony/polyfill-php72 (v1.16.0 => v1.17.0): Loading from cache - Updating symfony/polyfill-mbstring (v1.16.0 => v1.17.0): Loading from cache - Updating symfony/polyfill-intl-idn (v1.16.0 => v1.17.0): Loading from cache - Updating guzzlehttp/guzzle (6.5.3 => 6.5.4): Downloading (100%) Package container-interop/container-interop is abandoned, you should avoid using it. Use psr/container instead. Writing lock file Generating autoload files 15 packages you are using are looking for funding. Use the `composer fund` command to find out more! PHP CodeSniffer Config installed_paths set to ../../phpcompatibility/php-compatibility,../../wp-coding-standards/wpcs ``` --- composer.lock | 83 ++++++++++++++++++++++++++------------------------- 1 file changed, 42 insertions(+), 41 deletions(-) diff --git a/composer.lock b/composer.lock index 54ccaa2..4f0a9c5 100644 --- a/composer.lock +++ b/composer.lock @@ -723,16 +723,16 @@ }, { "name": "guzzlehttp/guzzle", - "version": "6.5.3", + "version": "6.5.4", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "aab4ebd862aa7d04f01a4b51849d657db56d882e" + "reference": "a4a1b6930528a8f7ee03518e6442ec7a44155d9d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/aab4ebd862aa7d04f01a4b51849d657db56d882e", - "reference": "aab4ebd862aa7d04f01a4b51849d657db56d882e", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/a4a1b6930528a8f7ee03518e6442ec7a44155d9d", + "reference": "a4a1b6930528a8f7ee03518e6442ec7a44155d9d", "shasum": "" }, "require": { @@ -740,7 +740,7 @@ "guzzlehttp/promises": "^1.0", "guzzlehttp/psr7": "^1.6.1", "php": ">=5.5", - "symfony/polyfill-intl-idn": "^1.11" + "symfony/polyfill-intl-idn": "1.17.0" }, "require-dev": { "ext-curl": "*", @@ -786,7 +786,7 @@ "rest", "web service" ], - "time": "2020-04-18T10:38:46+00:00" + "time": "2020-05-25T19:35:05+00:00" }, { "name": "guzzlehttp/promises", @@ -3179,16 +3179,16 @@ }, { "name": "symfony/polyfill-ctype", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "1aab00e39cebaef4d8652497f46c15c1b7e45294" + "reference": "e94c8b1bbe2bc77507a1056cdb06451c75b427f9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/1aab00e39cebaef4d8652497f46c15c1b7e45294", - "reference": "1aab00e39cebaef4d8652497f46c15c1b7e45294", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/e94c8b1bbe2bc77507a1056cdb06451c75b427f9", + "reference": "e94c8b1bbe2bc77507a1056cdb06451c75b427f9", "shasum": "" }, "require": { @@ -3200,7 +3200,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3247,20 +3247,20 @@ "type": "tidelift" } ], - "time": "2020-05-08T16:50:20+00:00" + "time": "2020-05-12T16:14:59+00:00" }, { "name": "symfony/polyfill-intl-idn", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-idn.git", - "reference": "ab0af41deab94ec8dceb3d1fb408bdd038eba4dc" + "reference": "3bff59ea7047e925be6b7f2059d60af31bb46d6a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/ab0af41deab94ec8dceb3d1fb408bdd038eba4dc", - "reference": "ab0af41deab94ec8dceb3d1fb408bdd038eba4dc", + "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/3bff59ea7047e925be6b7f2059d60af31bb46d6a", + "reference": "3bff59ea7047e925be6b7f2059d60af31bb46d6a", "shasum": "" }, "require": { @@ -3274,7 +3274,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3323,20 +3323,20 @@ "type": "tidelift" } ], - "time": "2020-05-08T16:50:20+00:00" + "time": "2020-05-12T16:47:27+00:00" }, { "name": "symfony/polyfill-mbstring", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "a54881ec0ab3b2005c406aed0023c062879031e7" + "reference": "fa79b11539418b02fc5e1897267673ba2c19419c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/a54881ec0ab3b2005c406aed0023c062879031e7", - "reference": "a54881ec0ab3b2005c406aed0023c062879031e7", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fa79b11539418b02fc5e1897267673ba2c19419c", + "reference": "fa79b11539418b02fc5e1897267673ba2c19419c", "shasum": "" }, "require": { @@ -3348,7 +3348,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3396,20 +3396,20 @@ "type": "tidelift" } ], - "time": "2020-05-08T16:50:20+00:00" + "time": "2020-05-12T16:47:27+00:00" }, { "name": "symfony/polyfill-php72", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php72.git", - "reference": "42fda6d7380e5c940d7f68341ccae89d5ab9963b" + "reference": "f048e612a3905f34931127360bdd2def19a5e582" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/42fda6d7380e5c940d7f68341ccae89d5ab9963b", - "reference": "42fda6d7380e5c940d7f68341ccae89d5ab9963b", + "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/f048e612a3905f34931127360bdd2def19a5e582", + "reference": "f048e612a3905f34931127360bdd2def19a5e582", "shasum": "" }, "require": { @@ -3418,7 +3418,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3465,20 +3465,20 @@ "type": "tidelift" } ], - "time": "2020-05-08T17:28:34+00:00" + "time": "2020-05-12T16:47:27+00:00" }, { "name": "symfony/polyfill-php73", - "version": "v1.16.0", + "version": "v1.17.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php73.git", - "reference": "7e95fe59d12169fcf4041487e4bf34fca37ee0ed" + "reference": "a760d8964ff79ab9bf057613a5808284ec852ccc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/7e95fe59d12169fcf4041487e4bf34fca37ee0ed", - "reference": "7e95fe59d12169fcf4041487e4bf34fca37ee0ed", + "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/a760d8964ff79ab9bf057613a5808284ec852ccc", + "reference": "a760d8964ff79ab9bf057613a5808284ec852ccc", "shasum": "" }, "require": { @@ -3487,7 +3487,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.16-dev" + "dev-master": "1.17-dev" } }, "autoload": { @@ -3537,7 +3537,7 @@ "type": "tidelift" } ], - "time": "2020-05-02T14:56:09+00:00" + "time": "2020-05-12T16:47:27+00:00" }, { "name": "symfony/service-contracts", @@ -3907,16 +3907,16 @@ }, { "name": "wp-coding-standards/wpcs", - "version": "2.2.1", + "version": "2.3.0", "source": { "type": "git", "url": "https://github.com/WordPress/WordPress-Coding-Standards.git", - "reference": "b5a453203114cc2284b1a614c4953456fbe4f546" + "reference": "7da1894633f168fe244afc6de00d141f27517b62" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/WordPress/WordPress-Coding-Standards/zipball/b5a453203114cc2284b1a614c4953456fbe4f546", - "reference": "b5a453203114cc2284b1a614c4953456fbe4f546", + "url": "https://api.github.com/repos/WordPress/WordPress-Coding-Standards/zipball/7da1894633f168fe244afc6de00d141f27517b62", + "reference": "7da1894633f168fe244afc6de00d141f27517b62", "shasum": "" }, "require": { @@ -3926,6 +3926,7 @@ "require-dev": { "dealerdirect/phpcodesniffer-composer-installer": "^0.5 || ^0.6", "phpcompatibility/php-compatibility": "^9.0", + "phpcsstandards/phpcsdevtools": "^1.0", "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0" }, "suggest": { @@ -3948,7 +3949,7 @@ "standards", "wordpress" ], - "time": "2020-02-04T02:52:06+00:00" + "time": "2020-05-13T23:57:56+00:00" } ], "aliases": [],