Skip to content

Commit c149ae2

Browse files
psignoretpsignoret
committed
Adds lockout prevention
1 parent cd4bada commit c149ae2

File tree

1 file changed

+20
-4
lines changed

1 file changed

+20
-4
lines changed

aad-sso-wordpress.php

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@
55
Plugin URI: http://github.com/psignoret/aad-sso-wordpress
66
Description: Allows you to use your organization's Azure Active Directory user accounts to log in to WordPress. If your organization is using Office 365, your user accounts are already in Azure Active Directory. This plugin uses OAuth 2.0 to authenticate users, and the Azure Active Directory Graph to get group membership and other details.
77
Author: Philippe Signoret
8-
Version: 0.6a
9-
Author URI: http://psignoret.com/
8+
Version: 0.6.1
9+
Author URI: https://www.psignoret.com/
1010
Text Domain: aad-sso-wordpress
1111
Domain Path: /languages/
1212
*/
@@ -149,10 +149,21 @@ public static function get_instance( $settings ) {
149149
*/
150150
public function save_redirect_and_maybe_bypass_login() {
151151

152-
$bypass = apply_filters(
152+
$auto_redirect = apply_filters(
153153
'aad_auto_forward_login',
154154
$this->settings->enable_auto_forward_to_aad
155155
);
156+
157+
/*
158+
* This offers a query parameter to offer an easy method to skip any sort of automatic
159+
* redirect to Azure AD, displaying the login form instead. This check is intentionally
160+
* done after the 'aad_auto_forward_login' filter is applied, to ensure it also overrides
161+
* any filters.
162+
*/
163+
if ( isset( $_GET['aadsso_no_redirect'] ) ) {
164+
AADSSO::debug_log( 'Skipping automatic redirects to Azure AD.' );
165+
$auto_redirect = FALSE;
166+
}
156167

157168
/*
158169
* If the user is attempting to log out AND the auto-forward to AAD
@@ -166,7 +177,12 @@ public function save_redirect_and_maybe_bypass_login() {
166177
$_SESSION['aadsso_redirect_to'] = $_GET['redirect_to'];
167178
}
168179

169-
if ( $bypass && ! isset( $_GET['code'] ) ) {
180+
/*
181+
* $_POST['log'] is set when the login form is submitted. It's important to check
182+
* for this condition also because we want to allow the login form to be usable
183+
* when the 'aadsso_no_redirect' anti-lockout option is used.
184+
*/
185+
if ( $auto_redirect && ! isset( $_GET['code'] ) && ! isset( $_POST['log'] ) ) {
170186
wp_redirect( $this->get_login_url() );
171187
die();
172188
}

0 commit comments

Comments
 (0)