Merges branch 'dev' into main

.gitattributes

@@ -21,6 +21,8 @@
 /.editorconfig export-ignore
 /.gitattributes export-ignore
 /.gitignore export-ignore
+/.npmrc export-ignore
+/.nvmrc export-ignore
 /.travis.yml export-ignore
 /.wp-env.json export-ignore
 /composer.json export-ignore

.github/workflows/main.yml

@@ -6,6 +6,7 @@ on:
 jobs:
   tag:
     name: New tag
+    if: github.repository == 'oidc-wp/openid-connect-generic'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@main

.travis.yml

@@ -40,28 +40,32 @@ matrix:
   include:
     - name: Internationalization
       php: 7.3
-      env: WP_MODE=single WP_VERSION=5.4.* I18N=1
+      env: WP_MODE=single WP_VERSION=5.6.* I18N=1
     - name: Coding Standards
       php: 7.3
-      env: WP_MODE=single WP_VERSION=5.4.* PHP_LINT=1 COVERAGE=1
+      env: WP_MODE=single WP_VERSION=5.6.* PHP_LINT=1 COVERAGE=1
     - name: Static Code Analysis
       php: 7.3
-      env: WP_MODE=single WP_VERSION=5.4.* PHP_ANALYZE=1
+      env: WP_MODE=single WP_VERSION=5.6.* PHP_ANALYZE=1
     - name: Latest Stable
       php: 7.3
-      env: WP_MODE=single WP_VERSION=5.4.* PHP_UNIT=1
+      env: WP_MODE=single WP_VERSION=5.6.* PHP_UNIT=1
     - name: Preferred Minimum requirements
+      if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
       php: 7.2
-      env: WP_MODE=single WP_VERSION=5.3.* PHP_UNIT=1
+      env: WP_MODE=single WP_VERSION=5.4.* PHP_UNIT=1
     - name: Minimum requirements
+      if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
       php: 7.1
-      env: WP_MODE=single WP_VERSION=5.2.* PHP_UNIT=1
+      env: WP_MODE=single WP_VERSION=5.3.* PHP_UNIT=1
     - name: Bleeding Edge
+      if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
       php: 7.4
       env: WP_MODE=single WP_VERSION=dev-master PHP_UNIT=1
     - name: Multisite Compatibility
+      if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
       php: 7.3
-      env: WP_MODE=multi WP_VERSION=5.4.* PHP_UNIT=1
+      env: WP_MODE=multi WP_VERSION=5.6.* PHP_UNIT=1
   allow_failures:
     - name: Bleeding Edge
 
@@ -70,13 +74,16 @@ addons:
     packages:
       - nodejs
 
+# We need to make sure we stick with Composer 1.x for compatibility.
 before_install:
   - npm install -g npm@6.14
   - npm install -g grunt-cli
+  - composer self-update --1
   - composer require "wordpress/wordpress:${WP_VERSION}" --dev --prefer-source --no-update
 
 install:
-  - composer update --prefer-source --no-interaction --optimize-autoloader
+  - composer update "wordpress/wordpress" --prefer-source --no-interaction --optimize-autoloader
+  - composer install
   - npm install
 
 before_script:

changelog.md

@@ -1,5 +1,11 @@
 # OpenId Connect Generic Changelog
 
+3.8.1
+
+* Fix: @timnolte - Prevent SSO redirect on password protected posts.
+* Fix: @timnolte - CI/CD build issues.
+* Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.
+
 3.8.0
 
 * Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.

includes/openid-connect-generic-client-wrapper.php

@@ -278,8 +278,9 @@ class OpenID_Connect_Generic_Client_Wrapper {
 		$url .= $query ? '&' : '?';
 
 		// Prevent redirect back to the IDP when logging out in auto mode.
-		if ( 'auto' === $this->settings->login_type && 'wp-login.php?loggedout=true' === $redirect_url ) {
-			$redirect_url = '';
+		if ( 'auto' === $this->settings->login_type && strpos( $redirect_url, 'wp-login.php?loggedout=true' ) ) {
+			// By default redirect back to the site home.
+			$redirect_url = home_url();
 		}
 
 		$token_response = $user->get( 'openid-connect-generic-last-token-response' );

includes/openid-connect-generic-login-form.php

@@ -76,7 +76,8 @@ class OpenID_Connect_Generic_Login_Form {
 
 		if ( 'wp-login.php' == $GLOBALS['pagenow']
 			&& ( 'auto' == $this->settings->login_type || ! empty( $_GET['force_redirect'] ) )
-			&& ( ! isset( $_GET['action'] ) || 'logout' !== $_GET['action'] )
+			// Don't send users to the IDP on logout or post password protected authentication.
+			&& ( ! isset( $_GET['action'] ) || ! in_array( $_GET['action'], array( 'logout', 'postpass' ) ) )
 			&& ! isset( $_POST['wp-submit'] ) ) {
 			if ( ! isset( $_GET['login-error'] ) ) {
 				$this->handle_redirect_cookie();

openid-connect-generic.php

@@ -16,7 +16,7 @@
  * Plugin Name:       OpenID Connect Generic
  * Plugin URI:        https://github.com/daggerhart/openid-connect-generic
  * Description:       Connect to an OpenID Connect generic client using Authorization Code Flow.
- * Version:           3.8.0
+ * Version:           3.8.1
  * Author:            daggerhart
  * Author URI:        http://www.daggerhart.com
  * Text Domain:       daggerhart-openid-connect-generic
@@ -80,7 +80,7 @@ class OpenID_Connect_Generic {
 	 *
 	 * @var
 	 */
-	const VERSION = '3.8.0';
+	const VERSION = '3.8.1';
 
 	/**
 	 * Plugin settings.

package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "openid-connect-generic",
-	"version": "3.8.0",
+	"version": "3.8.1",
 	"lockfileVersion": 1,
 	"requires": true,
 	"dependencies": {
@@ -3148,12 +3148,6 @@
 					"integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
 					"dev": true
 				},
-				"prettier": {
-					"version": "npm:wp-prettier@2.0.5",
-					"resolved": "https://registry.npmjs.org/wp-prettier/-/wp-prettier-2.0.5.tgz",
-					"integrity": "sha512-5GCgdeevIXwR3cW4Qj5XWC5MO1iSCz8+IPn0mMw6awAt/PBiey8yyO7MhePRsaMqghJAhg6Q3QLYWSnUHWkG6A==",
-					"dev": true
-				},
 				"puppeteer": {
 					"version": "npm:puppeteer-core@3.0.0",
 					"resolved": "https://registry.npmjs.org/puppeteer-core/-/puppeteer-core-3.0.0.tgz",
@@ -17855,6 +17849,12 @@
 			"integrity": "sha1-1PRWKwzjaW5BrFLQ4ALlemNdxtw=",
 			"dev": true
 		},
+		"prettier": {
+			"version": "npm:wp-prettier@2.0.5",
+			"resolved": "https://registry.npmjs.org/wp-prettier/-/wp-prettier-2.0.5.tgz",
+			"integrity": "sha512-5GCgdeevIXwR3cW4Qj5XWC5MO1iSCz8+IPn0mMw6awAt/PBiey8yyO7MhePRsaMqghJAhg6Q3QLYWSnUHWkG6A==",
+			"dev": true
+		},
 		"prettier-linter-helpers": {
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/prettier-linter-helpers/-/prettier-linter-helpers-1.0.0.tgz",

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "openid-connect-generic",
-	"version": "3.8.0",
+	"version": "3.8.1",
 	"description": "OpenID Connect generic WordPress plugin.",
 	"main": "Gruntfile.js",
 	"repository": {

readme.txt

@@ -3,9 +3,9 @@ Contributors: daggerhart, tnolte
 Donate link: http://www.daggerhart.com/
 Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso
 Requires at least: 4.9
-Tested up to: 5.4.2
-Stable tag: 3.8.0
-Requires PHP: 5.6
+Tested up to: 5.6
+Stable tag: 3.8.1
+Requires PHP: 7.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -51,6 +51,12 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 
 == Changelog ==
 
+= 3.8.1 =
+
+* Fix: @timnolte - Prevent SSO redirect on password protected posts.
+* Fix: @timnolte - CI/CD build issues.
+* Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.
+
 = 3.8.0 =
 
 * Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.