Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

3.8.2 Security Release (#284)

Browse Source 
* Feature/travis ci to GitHub actions (#282)

* Updates Composer/NPM Dependencies & Adds New GitHub Actions

* Moves All CI/CI Functionality to GitHub Actions

- Updates Composer & NPM dependencies to newer versions.
- Updates default development environment WordPress version to 5.6.x.
- Fixes missing updated to the language POT file.
- Moves to using a GitHub Release for WordPress.org deployment.
- Removes TravisCI configuration.

* Fixes Login Page XSS Issue (#283)

- Adds escaping to the errot output message.
- Adds escaping to the login button output.

* Patch Version Bump & Changelog Updates for Release
isekai
Tim Nolte 4 years ago committed by GitHub
parent 3a300e92bb
commit 14dbc06203
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 4054 additions and 3423 deletions
Show Stats Download Patch File Download Diff File

49
.github/workflows/i18n.yml vendored
Unescape Escape View File

@ -0,0 +1,49 @@
name: Internationalization
on:
pull_request:
push:
branches:
- dev
- main
- 'release/**'
- 'feature/**'
- 'fix/**'
env:
WP_MULTISITE: 0
jobs:
check:
name: Setup & Check
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Setup Node Environment
uses: actions/setup-node@v1
# https://github.com/marketplace/actions/setup-node-js-environment
with:
node-version: 12.x
- name: Cache node modules
uses: actions/cache@v2
env:
npm-cache-name: cache-node-modules
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.os }}-build-${{ env.npm-cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-${{ env.npm-cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: NPM Install
run: npm install
- name: Check i18n Compliance
run: npm run i18n:check

50
.github/workflows/linting.yml vendored
Unescape Escape View File

@ -0,0 +1,50 @@
name: Coding Standards
on:
pull_request:
push:
branches:
- dev
- main
- 'release/**'
- 'feature/**'
- 'fix/**'
env:
PHP_VERSION: 7.3
WP_MULTISITE: 0
jobs:
check:
name: Setup & Check
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Setup PHP Environment
uses: shivammathur/setup-php@v2
# https://github.com/marketplace/actions/setup-php-action
with:
php-version: ${{ env.PHP_VERSION }}
tools: composer:v1
- name: Cache Composer dependencies
uses: actions/cache@v2
env:
composer-cache-name: cache-vendor
with:
path: ~/vendor
key: ${{ runner.os }}-build-${{ env.composer-cache-name }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.composer-cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Install Composer Dependencies
run: composer install
- name: Check WordPress Coding Standards
run: composer run-script lint

29
.github/workflows/main.yml vendored
Unescape Escape View File

@ -1,29 +0,0 @@
name: Deploy to WordPress.org
on:
push:
tags:
- "*"
jobs:
tag:
name: New tag
if: github.repository == 'oidc-wp/openid-connect-generic'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@main
# - name: Validate composer.json and composer.lock
# run: composer validate
# - name: Install dependencies
# run: composer install --prefer-dist --no-progress --no-suggest --no-dev
# - name: Build
# run: |
# npm install
# npm run build
- name: WordPress Plugin Deploy
uses: 10up/action-wordpress-plugin-deploy@1.4.0
env:
SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }}
SVN_USERNAME: ${{ secrets.SVN_USERNAME }}
SLUG: daggerhart-openid-connect-generic

76
.github/workflows/pr-unit-testing.yml vendored
Unescape Escape View File

@ -0,0 +1,76 @@
name: PR Unit Testing
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Triggers the workflow on pull request events
pull_request:
env:
PHP_PREF_MIN_VERSION: '7.3'
WP_STABLE_VERSION: '5.6.*'
WP_MULTISITE: 0
jobs:
test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- job-name: 'Latest Stable Requirements'
bleeding-edge: false
php-version: '7.3'
wordpress-version: '5.6.*'
wp-multisite-mode: 0
name: '${{ matrix.job-name }} (PHP:${{ matrix.php-version }}/WP:${{ matrix.wordpress-version }})'
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Setup PHP Environment
uses: shivammathur/setup-php@v2
# https://github.com/marketplace/actions/setup-php-action
with:
php-version: ${{ matrix.php-version }}
tools: composer:v1
- name: Setup Node Environment
uses: actions/setup-node@v1
# https://github.com/marketplace/actions/setup-node-js-environment
with:
node-version: 12.x
- name: Cache Composer dependencies
uses: actions/cache@v2
env:
composer-cache-name: cache-vendor
with:
path: ~/vendor
key: ${{ runner.os }}-build-${{ env.composer-cache-name }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.composer-cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Require Specified WordPress Version
run: composer require wordpress/wordpress:${{ matrix.wordpress-version }} --dev --prefer-source --update-with-all-dependencies
- name: Update Composer Lockfile for Specified WordPress Version
run: composer update wordpress/wordpress:${{ matrix.wordpress-version }} --lock --prefer-source
- name: PHPUnit PHP 7.4 Support
if: matrix.php-version == '7.4'
run: |
composer global require phpunit/php-code-coverage=dev-master
composer global require sebastian/global-state:dev-master
composer global require phpunit/phpunit=dev-master
- name: NPM Setup
run: npm install
- name: Unit Tests
run: npm run test

54
.github/workflows/release.yml vendored
Unescape Escape View File

@ -0,0 +1,54 @@
name: Prepare & Deploy a Release
on:
release:
types: [published]
env:
WP_MULTISITE: 0
jobs:
release:
name: New Release
if: github.repository == 'oidc-wp/openid-connect-generic'
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Setup Node Environment
uses: actions/setup-node@v1
# https://github.com/marketplace/actions/setup-node-js-environment
with:
node-version: 12.x
- name: Cache Node Modules
uses: actions/cache@v2
env:
npm-cache-name: cache-node-modules
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.os }}-build-${{ env.npm-cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-${{ env.npm-cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: NPM Install
run: npm install
- name: Prepare a WordPress.org Release
run: npm run release
- name: WordPress.org Plugin Deploy
uses: nk-o/action-wordpress-plugin-deploy@master
# https://github.com/marketplace/actions/wordpress-plugin-deploy
env:
SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }}
SVN_USERNAME: ${{ secrets.SVN_USERNAME }}
SOURCE_DIR: dist/
SLUG: daggerhart-openid-connect-generic

55
.github/workflows/static-analysis.yml vendored
Unescape Escape View File

@ -0,0 +1,55 @@
name: Static Code Analysis
on:
pull_request:
push:
branches:
- dev
- main
- 'release/**'
- 'feature/**'
- 'fix/**'
env:
PHP_VERSION: 7.3
WP_MODE: 'single'
WP_MULTISITE: 0
WP_VERSION: '5.6.*'
jobs:
check:
name: Setup & Check
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Setup PHP Environment
uses: shivammathur/setup-php@v2
# https://github.com/marketplace/actions/setup-php-action
with:
php-version: ${{ env.PHP_VERSION }}
tools: composer:v1
- name: Cache Composer dependencies
uses: actions/cache@v2
env:
composer-cache-name: cache-vendor
with:
path: ~/vendor
key: ${{ runner.os }}-build-${{ env.composer-cache-name }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.composer-cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Require Specified WordPress Version
run: composer require wordpress/wordpress:${{ env.WP_VERSION }} --dev --prefer-source --update-with-all-dependencies
- name: Install Composer Dependencies
run: composer install
- name: Perform Static Analysis
run: composer run-script analyze

108
.github/workflows/unit-testing.yml vendored
Unescape Escape View File

@ -0,0 +1,108 @@
name: Unit Testing
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Triggers the workflow on push events only for the matching branches
push:
branches:
- dev
- main
- 'release/**'
- 'feature/**'
- 'fix/**'
env:
PHP_MIN_VERSION: '7.1'
PHP_PREF_MIN_VERSION: '7.2'
PHP_STABLE_VERSION: '7.4'
WP_MIN_VERSION: '5.3.*'
WP_PREF_MIN_VERSION: '5.4.*'
WP_STABLE_VERSION: '5.6.*'
jobs:
test:
runs-on: ubuntu-latest
continue-on-error: ${{ matrix.bleeding-edge }}
strategy:
fail-fast: false
matrix:
include:
- job-name: 'Latest Stable Requirements'
bleeding-edge: false
php-version: '7.3'
wordpress-version: '5.6.*'
wp-multisite-mode: 0
- job-name: 'Preferred Minimum Requirements'
bleeding-edge: false
php-version: '7.2'
wordpress-version: '5.4.*'
wp-multisite-mode: 0
- job-name: 'Minimum Requirements'
bleeding-edge: false
php-version: '7.1'
wordpress-version: '5.3.*'
wp-multisite-mode: 0
- job-name: 'Bleeding Edge Requirements'
bleeding-edge: true
php-version: '7.4'
wordpress-version: 'dev-master'
wp-multisite-mode: 0
- job-name: 'Multisite Compatibility Requirements'
bleeding-edge: false
php-version: '7.3'
wordpress-version: '5.6.*'
wp-multisite-mode: 1
name: '${{ matrix.job-name }} (PHP:${{ matrix.php-version }}/WP:${{ matrix.wordpress-version }})'
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Setup PHP Environment
uses: shivammathur/setup-php@v2
# https://github.com/marketplace/actions/setup-php-action
with:
php-version: ${{ matrix.php-version }}
tools: composer:v1
- name: Setup Node Environment
uses: actions/setup-node@v1
# https://github.com/marketplace/actions/setup-node-js-environment
with:
node-version: 12.x
- name: Cache Composer dependencies
uses: actions/cache@v2
env:
composer-cache-name: cache-vendor
with:
path: ~/vendor
key: ${{ runner.os }}-build-${{ env.composer-cache-name }}-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-build-${{ env.composer-cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Require Specified WordPress Version
run: composer require wordpress/wordpress:${{ matrix.wordpress-version }} --dev --prefer-source --update-with-all-dependencies
- name: Update Composer Lockfile for Specified WordPress Version
run: composer update wordpress/wordpress:${{ matrix.wordpress-version }} --lock --prefer-source
- name: PHPUnit PHP 7.4 Support
if: matrix.php-version == '7.4'
run: |
composer global require phpunit/php-code-coverage=dev-master
composer global require sebastian/global-state:dev-master
composer global require phpunit/phpunit=dev-master
- name: NPM Setup
run: npm install
- name: Unit Tests
env:
WP_MULTISITE: ${{ matrix.wp-multisite-mode }}
run: npm run test

132
.travis.yml
Unescape Escape View File

@ -1,132 +0,0 @@
# Travis CI Configuration File
# Tell Travis CI which distro to use
dist: trusty
sudo: false
# Tell Travis CI we're using PHP
language: php
# Tell Travis CI which notifications to send
notifications:
email:
on_success: never
on_failure: change
# whitelist branches for the "push" build check
branches:
only:
- dev
- main
- /^dev\-release\/.*$/
- /^feature\/.*$/
- /^fix\/.*$/
# Git clone depth
# By default Travis CI clones repositories to a depth of 50 commits
git:
depth: 1
cache:
directories:
- $HOME/.composer/cache
# Define a matrix of additional build configurations
# The versions listed above will automatically create our first configuration,
# so it doesn't need to be re-defined below.
matrix:
fast_finish: true
include:
- name: Internationalization
php: 7.3
env: WP_MODE=single WP_VERSION=5.6.* I18N=1
- name: Coding Standards
php: 7.3
env: WP_MODE=single WP_VERSION=5.6.* PHP_LINT=1 COVERAGE=1
- name: Static Code Analysis
php: 7.3
env: WP_MODE=single WP_VERSION=5.6.* PHP_ANALYZE=1
- name: Latest Stable
php: 7.3
env: WP_MODE=single WP_VERSION=5.6.* PHP_UNIT=1
- name: Preferred Minimum requirements
if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
php: 7.2
env: WP_MODE=single WP_VERSION=5.4.* PHP_UNIT=1
- name: Minimum requirements
if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
php: 7.1
env: WP_MODE=single WP_VERSION=5.3.* PHP_UNIT=1
- name: Bleeding Edge
if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
php: 7.4
env: WP_MODE=single WP_VERSION=dev-master PHP_UNIT=1
- name: Multisite Compatibility
if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
php: 7.3
env: WP_MODE=multi WP_VERSION=5.6.* PHP_UNIT=1
allow_failures:
- name: Bleeding Edge
addons:
apt:
packages:
- nodejs
# We need to make sure we stick with Composer 1.x for compatibility.
before_install:
- npm install -g npm@6.14
- npm install -g grunt-cli
- composer self-update --1
- composer require "wordpress/wordpress:${WP_VERSION}" --dev --prefer-source --no-update
install:
- composer update "wordpress/wordpress" --prefer-source --no-interaction --optimize-autoloader
- composer install
- npm install
before_script:
- export PATH="$HOME/.composer/vendor/bin:$PATH"
# Setup WordPress coding standards
- |
if [[ "$PHP_LINT" == "1" ]]; then
composer global require wp-coding-standards/wpcs
fi
# Setup unit testing environment
- |
if [[ "$PHP_UNIT" == "1" ]]; then
# bash scripts/install-wp-tests.sh wordpress_test root '' localhost $WP_VERSION
if [[ $TRAVIS_PHP_VERSION == "7.4" ]]; then
composer global require "phpunit/php-code-coverage=dev-master"
composer global require "sebastian/global-state:dev-master"
composer global require "phpunit/phpunit=dev-master"
else
composer global require "phpunit/phpunit=7.*"
fi
fi
script:
- |
if [[ "$I18N" == "1" ]]; then
if [[ "$WP_MODE" == "single" ]]; then WP_MULTISITE=0 npm run i18n:check; fi
fi
- |
if [[ "$PHP_LINT" == "1" ]]; then
if [[ "$WP_MODE" == "single" ]]; then WP_MULTISITE=0 npm run lint; fi
fi
- |
if [[ "$PHP_ANALYZE" == "1" ]]; then
if [[ "$WP_MODE" == "single" ]]; then WP_MULTISITE=0 npm run analyze; fi
fi
- |
if [[ "$PHP_UNIT" == "1" ]]; then
if [[ "$WP_MODE" == "multi" ]]; then WP_MULTISITE=1 npm run test; fi
if [[ "$WP_MODE" == "single" ]]; then WP_MULTISITE=0 npm run test; fi
fi
after_success:
- |
if [[ "$COVERAGE" == "1" ]]; then
bash <(curl -s https://codecov.io/bash)
fi

4
changelog.md → CHANGELOG.md
Unescape Escape View File

@ -1,5 +1,9 @@
# OpenId Connect Generic Changelog
3.8.2
* Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.
3.8.1
* Fix: @timnolte - Prevent SSO redirect on password protected posts.

31
Gruntfile.js
Unescape Escape View File

@ -46,8 +46,7 @@ module.exports = function (grunt) {
},
clean: {
main: ['dist'], //Clean up build folder
i18n: ['languages/*.mo', 'languages/*.pot']
main: ['dist'] //Clean up build folder
},
copy: {
@ -57,15 +56,17 @@ module.exports = function (grunt) {
'**',
'!*.xml', '!*.log', //any config/log files
'!node_modules/**', '!Gruntfile.js', '!package.json', '!package-lock.json', //npm/Grunt
'!assets/**', //wp-org assets
'!.wordpress-org/**', //wp-org assets
'!dist/**', //build directory
'!.git/**', //version control
'!.github/**', //GitHub platform files
'!tests/**', '!scripts/**', '!phpunit.xml', '!phpunit.xml.dist', //unit testing
'!vendor/**', '!composer.lock', '!composer.phar', '!composer.json', //composer
'!wordpress/**',
'!.*', '!**/*~', //hidden files
'!CONTRIBUTING.md',
'!README.md',
'!HOWTO.md',
'!phpcs.xml', '!phpcs.xml.dist', '!phpstan.neon.dist', '!grumphp.yml.dist', // CodeSniffer Configuration.
'!docker-compose.override.yml', // Local Docker Development configuration.
'!codecov.yml', // Code coverage configuration.
@ -74,16 +75,6 @@ module.exports = function (grunt) {
dest: 'dist/',
options: {
processContentExclude: ['**/*.{png,gif,jpg,ico,mo}'],
processContent: function (content, srcpath) {
if (srcpath == 'readme.txt' || srcpath == 'openid-connect-generic.php') {
if (grunt.config.get('gitinfo').local.tag.current.name !== 'undefined') {
content = content.replace('{{version}}', grunt.config.get('gitinfo').local.tag.current.name);
} else {
content = content.replace('{{version}}', grunt.config.get('gitinfo').local.tag.current.nameLong);
}
}
return content;
},
},
}
},
@ -114,9 +105,10 @@ module.exports = function (grunt) {
domainPath: '/languages', // Where to save the POT file.
exclude: [
'node_modules/.*', //npm
'assets/.*', //wp-org assets
'.wordpress-org/.*', //wp-org assets
'dist/.*', //build directory
'.git/.*', //version control
'.github/.*', //GitHub platform
'tests/.*', 'scripts/.*', //unit testing
'vendor/.*', //composer
'wordpress/.*',
@ -145,7 +137,9 @@ module.exports = function (grunt) {
checkrepo: {
deploy: {
tagged: true, // Check that the last commit (HEAD) is tagged
clean: true // Check that working directory is clean
tag: {
eq: '<%= pkg.version %>' // Check if highest repo tag is equal to pkg.version
}
}
},
@ -214,10 +208,9 @@ module.exports = function (grunt) {
grunt.registerTask('phpunit', ['shell:phpunit']);
grunt.registerTask('i18n', ['addtextdomain', 'makepot', 'po2mo']);
grunt.registerTask('readme', ['wp_readme_to_markdown']);
grunt.registerTask('test', ['checktextdomain']);
grunt.registerTask('build', ['gitinfo', 'test', 'clean', 'i18n', 'readme', 'copy']);
//grunt.registerTask( 'deploy', [ 'checkbranch:master', 'checkrepo', 'build' ] );
grunt.registerTask('deploy', ['checkrepo', 'build']);
grunt.registerTask('test', ['checktextdomain', 'phpcs']);
grunt.registerTask('build', ['gitinfo', 'test', 'i18n', 'readme']);
grunt.registerTask('release', ['checkbranch:HEAD', 'checkrepo', 'gitinfo', 'checktextdomain', 'clean', 'copy']);
};

0
readme.md → HOWTO.md
Unescape Escape View File

201
README.md
Unescape Escape View File

@ -0,0 +1,201 @@
# OpenID Connect Generic Client #
**Contributors:** [daggerhart](https://profiles.wordpress.org/daggerhart), [tnolte](https://profiles.wordpress.org/tnolte)
**Donate link:** http://www.daggerhart.com/
**Tags:** security, login, oauth2, openidconnect, apps, authentication, autologin, sso
**Requires at least:** 4.9
**Tested up to:** 5.6
**Stable tag:** 3.8.2
**Requires PHP:** 7.1
**License:** GPLv2 or later
**License URI:** http://www.gnu.org/licenses/gpl-2.0.html
A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.
## Description ##
This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.
Once installed, it can be configured to automatically authenticate users (SSO), or provide a "Login with OpenID Connect"
button on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while
new users are created in WordPress database.
Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.
Please submit issues to the Github repo: https://github.com/daggerhart/openid-connect-generic
## Installation ##
1. Upload to the `/wp-content/plugins/` directory
1. Activate the plugin
1. Visit Settings > OpenID Connect and configure to meet your needs
## Frequently Asked Questions ##
### What is the client's Redirect URI? ###
Most OAuth2 servers will require whitelisting a set of redirect URIs for security purposes. The Redirect URI provided
by this client is like so: https://example.com/wp-admin/admin-ajax.php?action=openid-connect-authorize
Replace `example.com` with your domain name and path to WordPress.
### Can I change the client's Redirect URI? ###
Some OAuth2 servers do not allow for a client redirect URI to contain a query string. The default URI provided by
this module leverages WordPress's `admin-ajax.php` endpoint as an easy way to provide a route that does not include
HTML, but this will naturally involve a query string. Fortunately, this plugin provides a setting that will make use of
an alternate redirect URI that does not include a query string.
On the settings page for this plugin (Dashboard > Settings > OpenID Connect Generic) there is a checkbox for
**Alternate Redirect URI**. When checked, the plugin will use the Redirect URI
`https://example.com/openid-connect-authorize`.
## Changelog ##
### 3.8.2 ###
* Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.
### 3.8.1 ###
* Fix: @timnolte - Prevent SSO redirect on password protected posts.
* Fix: @timnolte - CI/CD build issues.
* Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.
### 3.8.0 ###
* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
* Improvement: @timnolte - Plugin development & contribution updates.
* Improvement: @timnolte - Refactored to meet WordPress coding standards.
* Improvement: @timnolte - Refactored to provide localization.
### 3.7.1 ###
* Fix: Release Version Number.
### 3.7.0 ###
* Feature: @timnolte - Ability to enable/disable token refresh. Useful for IDPs that don't support token refresh.
* Feature: @timnolte - Support custom redirect URL(`redirect_to`) with the authentication URL & login button shortcodes.
- Supports additional attribute overrides including login `button_text`, `endpoint_login`, `scope`, `redirect_uri`.
### 3.6.0 ###
* Improvement: @RobjS - Improved error messages during login state failure.
* Improvement: @RobjS - New developer filter for login form button URL.
* Fix: @cs1m0n - Only increment username during new user creation if the "Link existing user" setting is enabled.
* Fix: @xRy-42 - Allow periods and spaces in usernames to match what WordPress core allows.
* Feature: @benochen - New setting named "Create user if does not exist" determines whether new users are created during login attempts.
* Improvement: @flat235 - Username transliteration and normalization.
### 3.5.1 ###
* Fix: @daggerhart - New approach to state management using transients.
### 3.5.0 ###
* Readme fix: @thijskh - Fix syntax error in example openid-connect-generic-login-button-text
* Feature: @slavicd - Allow override of the plugin by posting credentials to wp-login.php
* Feature: @gassan - New action on use login
* Fix: @daggerhart - Avoid double question marks in auth url query string
* Fix: @drzraf - wp-cli bootstrap must not inhibit custom rewrite rules
* Syntax change: @mullikine - Change PHP keywords to comply with PSR2
### 3.4.1 ###
* Minor documentation update and additional error checking.
### 3.4.0 ###
* Feature: @drzraf - New filter hook: ability to filter claim and derived user data before user creation.
* Feature: @anttileppa - State time limit can now be changed on the settings page.
* Fix: @drzraf - Fix PHP notice when using traditional login, $token_response may be empty.
* Fix: @drzraf - Fixed a notice when cookie does not contain expected redirect_url
### 3.3.1 ###
* Prefixing classes for more efficient autoloading.
* Avoid altering global wp_remote_post() parameters.
* Minor metadata updates for wp.org
### 3.3.0 ###
* Fix: @pjeby - Handle multiple user sessions better by using the `WP_Session_Tokens` object. Predecessor to fixes for multiple other issues: #49, #50, #51
### 3.2.1 ###
* Bug fix: @svenvanhal - Exit after issuing redirect. Fixes #46
### 3.2.0 ###
* Feature: @robbiepaul - trigger core action `wp_login` when user is logged in through this plugin
* Feature: @moriyoshi - Determine the WP_User display name with replacement tokens on the settings page. Tokens can be any property of the user_claim.
* Feature: New setting to set redirect URL when session expires.
* Feature: @robbiepaul - New filter for modifying authentication URL
* Fix: @cedrox - Adding id_token_hint to logout URL according to spec
* Bug fix: Provide port to the request header when requesting the user_claim
### 3.1.0 ###
* Feature: @rwasef1830 - Refresh tokens
* Feature: @rwasef1830 - Integrated logout support with end_session endpoint
* Feature: May use an alternate redirect_uri that doesn't rely on admin-ajax
* Feature: @ahatherly - Support for IDP behind reverse proxy
* Bug fix: @robertstaddon - case insensitive check for Bearer token
* Bug fix: @rwasef1830 - "redirect to origin when auto-sso" cookie issue
* Bug fix: @rwasef1830 - PHP Warnings headers already sent due to attempts to redirect and set cookies during login form message
* Bug fix: @rwasef1830 - expire session when access_token expires if no refresh token found
* UX fix: @rwasef1830 - Show login button on error redirect when using auto-sso
### 3.0.8 ###
* Feature: @wgengarelly - Added `openid-connect-generic-update-user-using-current-claim` action hook allowing other plugins/themes
to take action using the fresh claims received when an existing user logs in.
### 3.0.7 ###
* Bug fix: @wgengarelly - When requesting userinfo, send the access token using the Authorization header field as recommended in
section 5.3.1 of the specs.
### 3.0.6 ###
* Bug fix: @robertstaddon - If "Link Existing Users" is enabled, allow users who login with OpenID Connect to also log in with WordPress credentials
### 3.0.5 ###
* Feature: @robertstaddon - Added `[openid_connect_generic_login_button]` shortcode to allow the login button to be placed anywhere
* Feature: @robertstaddon - Added setting to "Redirect Back to Origin Page" after a successful login instead of redirecting to the home page.
### 3.0.4 ###
* Feature: @robertstaddon - Added setting to allow linking existing WordPress user accounts with newly-authenticated OpenID Connect login
### 3.0.3 ###
* Using WordPresss's is_ssl() for setcookie()'s "secure" parameter
* Bug fix: Incrementing username in case of collision.
* Bug fix: Wrong error sent when missing token body
### 3.0.2 ###
* Added http_request_timeout setting
### 3.0.1 ###
* Finalizing 3.0.x api
### 3.0 ###
* Complete rewrite to separate concerns
* Changed settings keys for clarity (requires updating settings if upgrading from another version)
* Error logging
### 2.1 ###
* Working my way closer to spec. Possible breaking change. Now checking for preferred_username as priority.
* New username determination to avoid collisions
### 2.0 ###
Complete rewrite

9
composer.json
Unescape Escape View File

@ -50,10 +50,10 @@
"phpstan/phpstan": "*",
"phpstan/extension-installer": "^1.0",
"szepeviktor/phpstan-wordpress": "*",
"php-stubs/wordpress-stubs": "~5.4.2",
"roave/security-advisories": "dev-master",
"mnsami/composer-custom-directory-installer": "~1.0",
"wordpress/wordpress": "~5.4.2",
"wordpress/wordpress": "~5.6.0",
"php-stubs/wordpress-stubs": "~5.6.0",
"dealerdirect/phpcodesniffer-composer-installer": "~0.6",
"brain/monkey": "^2.4",
"mockery/mockery": "^1.3",
@ -89,7 +89,10 @@
],
"phpcs": "vendor/bin/phpcs",
"phpcbf": "vendor/bin/phpcbf",
"phpstan": "\"vendor/bin/phpstan\""
"phpstan": "vendor/bin/phpstan",
"lint": "vendor/bin/phpcs --report=full .",
"lint-fix": "vendor/bin/phpcbf .",
"analyze": "vendor/bin/phpstan analyze ."
},
"extra": {
"installer-paths": {

1072
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

1
grumphp.yml.dist
Unescape Escape View File

@ -49,4 +49,3 @@ grumphp:
- '/^assets\/(.*)/'
memory_limit: '-1'
triggered_by: [php]
securitychecker: ~

7
includes/openid-connect-generic-login-form.php
Unescape Escape View File

@ -132,7 +132,8 @@ class OpenID_Connect_Generic_Login_Form {
function handle_login_page( $message ) {
if ( isset( $_GET['login-error'] ) ) {
$message .= $this->make_error_output( $_GET['login-error'], $_GET['message'] );
$error_message = ! empty( $_GET['message'] ) ? $_GET['message'] : 'Unknown error.';
$message .= $this->make_error_output( $_GET['login-error'], $error_message );
}
// Login button is appended to existing messages in case of error.
@ -158,7 +159,7 @@ class OpenID_Connect_Generic_Login_Form {
<?php print esc_html( $error_message ); ?>
</div>
<?php
return ob_get_clean();
return wp_kses_post( ob_get_clean() );
}
/**
@ -184,7 +185,7 @@ class OpenID_Connect_Generic_Login_Form {
<a class="button button-large" href="<?php print esc_url( $href ); ?>"><?php print $text; ?></a>
</div>
<?php
return ob_get_clean();
return wp_kses_post( ob_get_clean() );
}
/**

144
languages/openid-connect-generic.pot
Unescape Escape View File

@ -1,15 +1,15 @@
# Copyright (C) 2020 daggerhart
# Copyright (C) 2021 daggerhart
# This file is distributed under the GPL-2.0+.
msgid ""
msgstr ""
"Project-Id-Version: OpenID Connect Generic 3.7.1\n"
"Project-Id-Version: OpenID Connect Generic 3.8.2\n"
"Report-Msgid-Bugs-To: "
"https://github.com/daggerhart/openid-connect-generic/issues\n"
"POT-Creation-Date: 2020-08-29 04:30:04+00:00\n"
"POT-Creation-Date: 2021-03-24 13:50:19+00:00\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2020-MO-DA HO:MI+ZONE\n"
"PO-Revision-Date: 2021-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: en\n"
@ -29,43 +29,43 @@ msgstr ""
msgid "Session expired. Please login again."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:432
#: includes/openid-connect-generic-client-wrapper.php:433
msgid "User identity is not linked to an existing WordPress user."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:478
#: includes/openid-connect-generic-client-wrapper.php:479
msgid "Invalid user."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:597
#: includes/openid-connect-generic-client-wrapper.php:598
msgid "No appropriate username found."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:604
#: includes/openid-connect-generic-client-wrapper.php:605
msgid "Username %1$s could not be transliterated."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:608
#: includes/openid-connect-generic-client-wrapper.php:609
msgid "Username %1$s could not be normalized."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:641
#: includes/openid-connect-generic-client-wrapper.php:642
msgid "No nickname found in user claim using key: %1$s."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:668
#: includes/openid-connect-generic-client-wrapper.php:669
msgid "User claim incomplete."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:770
#: includes/openid-connect-generic-client-wrapper.php:771
msgid "Bad user claim result."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:825
#: includes/openid-connect-generic-client-wrapper.php:826
msgid "Can not authorize."
msgstr ""
#: includes/openid-connect-generic-client-wrapper.php:844
#: includes/openid-connect-generic-client-wrapper.php:845
msgid "Failed user creation."
msgstr ""
@ -137,11 +137,11 @@ msgstr ""
msgid "Unauthorized access."
msgstr ""
#: includes/openid-connect-generic-login-form.php:156
#: includes/openid-connect-generic-login-form.php:158
msgid "ERROR (%1$s)"
msgstr ""
#: includes/openid-connect-generic-login-form.php:172
#: includes/openid-connect-generic-login-form.php:174
msgid "Login with OpenID Connect"
msgstr ""
@ -211,72 +211,72 @@ msgid ""
"provider server."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:229
#: includes/openid-connect-generic-settings-page.php:230
msgid "Client Secret Key"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:230
#: includes/openid-connect-generic-settings-page.php:231
msgid ""
"Arbitrary secret key the server expects from this client. Can be anything, "
"but should be very unique."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:235
#: includes/openid-connect-generic-settings-page.php:237
msgid "OpenID Scope"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:236
#: includes/openid-connect-generic-settings-page.php:238
msgid "Space separated list of scopes this client should access."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:242
#: includes/openid-connect-generic-settings-page.php:244
msgid "Login Endpoint URL"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:243
#: includes/openid-connect-generic-settings-page.php:245
msgid "Identify provider authorization endpoint."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:249
#: includes/openid-connect-generic-settings-page.php:252
msgid "Userinfo Endpoint URL"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:250
#: includes/openid-connect-generic-settings-page.php:253
msgid "Identify provider User information endpoint."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:256
#: includes/openid-connect-generic-settings-page.php:260
msgid "Token Validation Endpoint URL"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:257
#: includes/openid-connect-generic-settings-page.php:261
msgid "Identify provider token endpoint."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:263
#: includes/openid-connect-generic-settings-page.php:268
msgid "End Session Endpoint URL"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:264
#: includes/openid-connect-generic-settings-page.php:269
msgid "Identify provider logout endpoint."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:270
#: includes/openid-connect-generic-settings-page.php:276
msgid "Identity Key"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:271
#: includes/openid-connect-generic-settings-page.php:277
msgid ""
"Where in the user claim array to find the user's identification data. "
"Possible standard values: preferred_username, name, or sub. If you're "
"having trouble, use \"sub\"."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:277
#: includes/openid-connect-generic-settings-page.php:283
msgid "Disable SSL Verify"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:278
#: includes/openid-connect-generic-settings-page.php:284
msgid ""
"Do not require SSL verification during authorization. The OAuth extension "
"uses curl to make the request. By default CURL will generally verify the "
@ -285,27 +285,27 @@ msgid ""
"sites.%2$s"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:283
#: includes/openid-connect-generic-settings-page.php:289
msgid "HTTP Request Timeout"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:284
#: includes/openid-connect-generic-settings-page.php:290
msgid "Set the timeout for requests made to the IDP. Default value is 5."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:290
#: includes/openid-connect-generic-settings-page.php:296
msgid "Enforce Privacy"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:291
#: includes/openid-connect-generic-settings-page.php:297
msgid "Require users be logged in to see the site."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:296
#: includes/openid-connect-generic-settings-page.php:302
msgid "Alternate Redirect URI"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:297
#: includes/openid-connect-generic-settings-page.php:303
msgid ""
"Provide an alternative redirect route. Useful if your server is causing "
"issues with the default admin-ajax method. You must flush rewrite rules "
@ -313,78 +313,78 @@ msgid ""
"settings page."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:302
#: includes/openid-connect-generic-settings-page.php:308
msgid "Nickname Key"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:303
#: includes/openid-connect-generic-settings-page.php:309
msgid ""
"Where in the user claim array to find the user's nickname. Possible "
"standard values: preferred_username, name, or sub."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:309
#: includes/openid-connect-generic-settings-page.php:315
msgid "Email Formatting"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:310
#: includes/openid-connect-generic-settings-page.php:316
msgid ""
"String from which the user's email address is built. Specify \"{email}\" as "
"long as the user claim contains an email claim."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:316
#: includes/openid-connect-generic-settings-page.php:322
msgid "Display Name Formatting"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:317
#: includes/openid-connect-generic-settings-page.php:323
msgid "String from which the user's display name is built."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:323
#: includes/openid-connect-generic-settings-page.php:329
msgid "Identify with User Name"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:324
#: includes/openid-connect-generic-settings-page.php:330
msgid ""
"If checked, the user's identity will be determined by the user name instead "
"of the email address."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:329
#: includes/openid-connect-generic-settings-page.php:335
msgid "State time limit"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:330
#: includes/openid-connect-generic-settings-page.php:336
msgid "State valid time in seconds. Defaults to 180"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:335
#: includes/openid-connect-generic-settings-page.php:341
msgid "Enable Refresh Token"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:336
#: includes/openid-connect-generic-settings-page.php:342
msgid ""
"If checked, support refresh tokens used to obtain access tokens from "
"supported IDPs."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:341
#: includes/openid-connect-generic-settings-page.php:347
msgid "Link Existing Users"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:342
#: includes/openid-connect-generic-settings-page.php:348
msgid ""
"If a WordPress account already exists with the same identity as a "
"newly-authenticated user over OpenID Connect, login as that user instead of "
"generating an error."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:347
#: includes/openid-connect-generic-settings-page.php:353
msgid "Create user if does not exist"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:348
#: includes/openid-connect-generic-settings-page.php:354
msgid ""
"If the user identity is not link to an existing Wordpress user, it is "
"created. If this setting is not enabled and if the user authenticates with "
@ -392,11 +392,11 @@ msgid ""
"authentication failed"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:353
#: includes/openid-connect-generic-settings-page.php:359
msgid "Redirect Back to Origin Page"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:354
#: includes/openid-connect-generic-settings-page.php:360
msgid ""
"After a successful OpenID Connect authentication, this will redirect the "
"user back to the page on which they clicked the OpenID Connect login "
@ -407,71 +407,71 @@ msgid ""
"account page."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:359
#: includes/openid-connect-generic-settings-page.php:365
msgid "Redirect to the login screen when session is expired"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:360
#: includes/openid-connect-generic-settings-page.php:366
msgid ""
"When enabled, this will automatically redirect the user back to the "
"WordPress login page if their access token has expired."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:365
#: includes/openid-connect-generic-settings-page.php:371
msgid "Enable Logging"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:366
#: includes/openid-connect-generic-settings-page.php:372
msgid "Very simple log messages for debugging purposes."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:371
#: includes/openid-connect-generic-settings-page.php:377
msgid "Log Limit"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:372
#: includes/openid-connect-generic-settings-page.php:378
msgid ""
"Number of items to keep in the log. These logs are stored as an option in "
"the database, so space is limited."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:432
#: includes/openid-connect-generic-settings-page.php:438
msgid "Notes"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:435
#: includes/openid-connect-generic-settings-page.php:441
msgid "Redirect URI"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:439
#: includes/openid-connect-generic-settings-page.php:445
msgid "Login Button Shortcode"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:443
#: includes/openid-connect-generic-settings-page.php:449
msgid "Authentication URL Shortcode"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:448
#: includes/openid-connect-generic-settings-page.php:454
msgid "Logs"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:527
#: includes/openid-connect-generic-settings-page.php:534
msgid "Example"
msgstr ""
#: includes/openid-connect-generic-settings-page.php:540
#: includes/openid-connect-generic-settings-page.php:547
msgid "Enter your OpenID Connect identity provider settings."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:549
#: includes/openid-connect-generic-settings-page.php:556
msgid "Modify the interaction between OpenID Connect and WordPress users."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:558
#: includes/openid-connect-generic-settings-page.php:565
msgid "Control the authorization mechanics of the site."
msgstr ""
#: includes/openid-connect-generic-settings-page.php:567
#: includes/openid-connect-generic-settings-page.php:574
msgid "Log information about login attempts through OpenID Connect Generic."
msgstr ""

4
openid-connect-generic.php
Unescape Escape View File

@ -16,7 +16,7 @@
* Plugin Name: OpenID Connect Generic
* Plugin URI: https://github.com/daggerhart/openid-connect-generic
* Description: Connect to an OpenID Connect generic client using Authorization Code Flow.
* Version: 3.8.1
* Version: 3.8.2
* Author: daggerhart
* Author URI: http://www.daggerhart.com
* Text Domain: daggerhart-openid-connect-generic
@ -80,7 +80,7 @@ class OpenID_Connect_Generic {
*
* @var
*/
const VERSION = '3.8.1';
const VERSION = '3.8.2';
/**
* Plugin settings.

5207
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

30
package.json
Unescape Escape View File

@ -1,6 +1,6 @@
{
"name": "openid-connect-generic",
"version": "3.8.1",
"version": "3.8.2",
"description": "OpenID Connect generic WordPress plugin.",
"main": "Gruntfile.js",
"repository": {
@ -28,8 +28,8 @@
"@floatwork/grunt-po2mo": "^0.3.0",
"@ndigitals/grunt-checkrepo": "^0.2.0",
"@wordpress/env": "^1.6.0",
"@wordpress/scripts": "12.2.0",
"check-node-version": "^4.0.3",
"@wordpress/scripts": "12.2.1",
"check-node-version": "~4.1.0",
"grunt": "1.3.0",
"grunt-checkbranch": "^1.0.4",
"grunt-checktextdomain": "^1.0.1",
@ -38,14 +38,14 @@
"grunt-contrib-copy": "^1.0.0",
"grunt-gitinfo": "^0.1.9",
"grunt-shell": "^2.1.0",
"grunt-version": "2.0.0",
"grunt-version": "~2.0.0",
"grunt-wp-i18n": "^1.0.3",
"grunt-wp-readme-to-markdown": "^2.0.0",
"load-grunt-tasks": "^3.5",
"node": "^12.18.3",
"npm": "^6.14.8",
"node": "^12.21.0",
"npm": "^6.14.11",
"puppeteer": "^1.20.0",
"typescript": "^3.9.7"
"typescript": "~3.9.9"
},
"wp-env": {
"plugin-dir": "daggerhart-openid-connect-generic",
@ -54,26 +54,30 @@
"welcome-build-command": "npm start"
},
"scripts": {
"setup": "composer install && npm install && cd wordpress && npm install && npm run build && cd .. && composer install --optimize-autoloader",
"setup": "npm run setup:npm && npm run setup:composer && npm run build:wordpress",
"setup:npm": "npm install",
"setup:composer": "composer install",
"build": "npm run grunt build",
"build:wordpress": "cd wordpress && npm install && npm run build && cd .. && composer install --optimize-autoloader",
"release": "npm run grunt release",
"start": "wp-env start",
"stop": "wp-env stop",
"restart": "npm run wp-env stop && npm run wp-env start",
"grunt": "node_modules/.bin/grunt",
"test": "npm run grunt test",
"build": "npm run grunt build",
"version": "npm run grunt version",
"version:bump": "npm version --no-git-tag-version",
"check:engines": "wp-scripts check-engines",
"check:licenses": "wp-scripts check-licenses",
"wp-env": "wp-env",
"wp": "wp-env run cli wp",
"test": "npm run grunt test",
"i18n:check": "npm run grunt checktextdomain",
"i18n:make": "npm run grunt i18n",
"i18n:make:cli": "wp-env run cli wp i18n make-pot . languages/ --slug=daggerhart-openid-connect-generic --include=openid-connect-generic.php,includes",
"lint": "npm run lint:php",
"lint:php": "vendor/bin/phpcs --report=full .",
"lint:php:fix": "vendor/bin/phpcbf .",
"lint:php": "composer run-script lint",
"lint:php:fix": "composer run-script lint-fix",
"analyze": "npm run analyze:php",
"analyze:php": "vendor/bin/phpstan analyze ."
"analyze:php": "composer run-script analyze"
}
}

6
readme.txt
Unescape Escape View File

@ -4,7 +4,7 @@ Donate link: http://www.daggerhart.com/
Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso
Requires at least: 4.9
Tested up to: 5.6
Stable tag: 3.8.1
Stable tag: 3.8.2
Requires PHP: 7.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
@ -51,6 +51,10 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
== Changelog ==
= 3.8.2 =
* Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.
= 3.8.1 =
* Fix: @timnolte - Prevent SSO redirect on password protected posts.

Write Preview
Loading…
Cancel
Save