diff --git a/CHANGELOG.md b/CHANGELOG.md index 57f42df..7d13f39 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # OpenId Connect Generic Changelog +3.8.3 + +* Fix: @timnolte - Fixed problems with proper redirect handling. +* Improvement: @timnolte - Changes redirect handling to use State instead of cookies. +* Improvement: @timnolte - Refactored additional code to meet coding standards. + 3.8.2 * Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen. diff --git a/README.md b/README.md index 5263396..d9bfb04 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ **Tags:** security, login, oauth2, openidconnect, apps, authentication, autologin, sso **Requires at least:** 4.9 **Tested up to:** 5.6 -**Stable tag:** 3.8.2 +**Stable tag:** 3.8.3 **Requires PHP:** 7.1 **License:** GPLv2 or later **License URI:** http://www.gnu.org/licenses/gpl-2.0.html @@ -51,6 +51,12 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene ## Changelog ## +### 3.8.3 ### + +* Fix: @timnolte - Fixed problems with proper redirect handling. +* Improvement: @timnolte - Changes redirect handling to use State instead of cookies. +* Improvement: @timnolte - Refactored additional code to meet coding standards. + ### 3.8.2 ### * Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen. diff --git a/languages/openid-connect-generic.pot b/languages/openid-connect-generic.pot index ed55852..7a85e76 100644 --- a/languages/openid-connect-generic.pot +++ b/languages/openid-connect-generic.pot @@ -2,10 +2,10 @@ # This file is distributed under the GPL-2.0+. msgid "" msgstr "" -"Project-Id-Version: OpenID Connect Generic 3.8.2\n" +"Project-Id-Version: OpenID Connect Generic 3.8.3\n" "Report-Msgid-Bugs-To: " "https://github.com/daggerhart/openid-connect-generic/issues\n" -"POT-Creation-Date: 2021-03-24 13:50:19+00:00\n" +"POT-Creation-Date: 2021-04-08 12:27:16+00:00\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -25,139 +25,147 @@ msgstr "" "X-Textdomain-Support: yes\n" "X-Generator: grunt-wp-i18n 1.0.3\n" -#: includes/openid-connect-generic-client-wrapper.php:197 +#: includes/openid-connect-generic-client-wrapper.php:194 msgid "Session expired. Please login again." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:433 +#: includes/openid-connect-generic-client-wrapper.php:437 msgid "User identity is not linked to an existing WordPress user." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:479 +#: includes/openid-connect-generic-client-wrapper.php:493 msgid "Invalid user." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:598 +#: includes/openid-connect-generic-client-wrapper.php:612 msgid "No appropriate username found." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:605 +#: includes/openid-connect-generic-client-wrapper.php:620 +#. translators: $1$s is a username from the IDP. msgid "Username %1$s could not be transliterated." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:609 +#: includes/openid-connect-generic-client-wrapper.php:625 +#. translators: %1$s is the ASCII version of the username from the IDP. msgid "Username %1$s could not be normalized." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:642 +#: includes/openid-connect-generic-client-wrapper.php:659 +#. translators: %1$s is the configured User Claim nickname key. msgid "No nickname found in user claim using key: %1$s." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:669 +#: includes/openid-connect-generic-client-wrapper.php:686 msgid "User claim incomplete." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:771 +#: includes/openid-connect-generic-client-wrapper.php:788 msgid "Bad user claim result." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:826 +#: includes/openid-connect-generic-client-wrapper.php:843 msgid "Can not authorize." msgstr "" -#: includes/openid-connect-generic-client-wrapper.php:845 +#: includes/openid-connect-generic-client-wrapper.php:862 msgid "Failed user creation." msgstr "" -#: includes/openid-connect-generic-client.php:179 +#: includes/openid-connect-generic-client.php:191 msgid "Missing state." msgstr "" -#: includes/openid-connect-generic-client.php:183 +#: includes/openid-connect-generic-client.php:195 msgid "Invalid state." msgstr "" -#: includes/openid-connect-generic-client.php:198 +#: includes/openid-connect-generic-client.php:210 msgid "Missing authentication code." msgstr "" -#: includes/openid-connect-generic-client.php:237 +#: includes/openid-connect-generic-client.php:249 msgid "Request for authentication token failed." msgstr "" -#: includes/openid-connect-generic-client.php:268 +#: includes/openid-connect-generic-client.php:280 msgid "Refresh token failed." msgstr "" -#: includes/openid-connect-generic-client.php:283 +#: includes/openid-connect-generic-client.php:295 msgid "Missing token body." msgstr "" -#: includes/openid-connect-generic-client.php:291 +#: includes/openid-connect-generic-client.php:303 msgid "Invalid token." msgstr "" -#: includes/openid-connect-generic-client.php:342 +#: includes/openid-connect-generic-client.php:354 msgid "Request for userinfo failed." msgstr "" -#: includes/openid-connect-generic-client.php:417 +#: includes/openid-connect-generic-client.php:414 +msgid "Missing authentication state." +msgstr "" + +#: includes/openid-connect-generic-client.php:451 msgid "No identity token." msgstr "" -#: includes/openid-connect-generic-client.php:424 +#: includes/openid-connect-generic-client.php:458 msgid "Missing identity token." msgstr "" -#: includes/openid-connect-generic-client.php:451 +#: includes/openid-connect-generic-client.php:485 msgid "Bad ID token claim." msgstr "" -#: includes/openid-connect-generic-client.php:456 +#: includes/openid-connect-generic-client.php:490 msgid "No subject identity." msgstr "" -#: includes/openid-connect-generic-client.php:475 +#: includes/openid-connect-generic-client.php:509 msgid "Bad user claim." msgstr "" -#: includes/openid-connect-generic-client.php:495 +#: includes/openid-connect-generic-client.php:529 msgid "Invalid user claim." msgstr "" -#: includes/openid-connect-generic-client.php:500 +#: includes/openid-connect-generic-client.php:534 msgid "Error from the IDP." msgstr "" -#: includes/openid-connect-generic-client.php:509 +#: includes/openid-connect-generic-client.php:543 msgid "Incorrect user claim." msgstr "" -#: includes/openid-connect-generic-client.php:516 +#: includes/openid-connect-generic-client.php:550 msgid "Unauthorized access." msgstr "" -#: includes/openid-connect-generic-login-form.php:158 +#: includes/openid-connect-generic-login-form.php:169 +#. translators: %1$s is the error code from the IDP. msgid "ERROR (%1$s)" msgstr "" -#: includes/openid-connect-generic-login-form.php:174 +#: includes/openid-connect-generic-login-form.php:188 msgid "Login with OpenID Connect" msgstr "" -#: includes/openid-connect-generic-option-logger.php:265 +#: includes/openid-connect-generic-option-logger.php:262 msgid "Type" msgstr "" -#: includes/openid-connect-generic-option-logger.php:269 +#: includes/openid-connect-generic-option-logger.php:266 msgid "Date" msgstr "" -#: includes/openid-connect-generic-option-logger.php:273 +#: includes/openid-connect-generic-option-logger.php:270 msgid "User" msgstr "" -#: includes/openid-connect-generic-option-logger.php:277 +#: includes/openid-connect-generic-option-logger.php:274 msgid "URI " msgstr "" @@ -276,7 +284,9 @@ msgstr "" msgid "Disable SSL Verify" msgstr "" -#: includes/openid-connect-generic-settings-page.php:284 +#: includes/openid-connect-generic-settings-page.php:285 +#. translators: %1$s HTML tags for layout/styles, %2$s closing HTML tag for +#. styles. msgid "" "Do not require SSL verification during authorization. The OAuth extension " "uses curl to make the request. By default CURL will generally verify the " @@ -285,27 +295,27 @@ msgid "" "sites.%2$s" msgstr "" -#: includes/openid-connect-generic-settings-page.php:289 +#: includes/openid-connect-generic-settings-page.php:290 msgid "HTTP Request Timeout" msgstr "" -#: includes/openid-connect-generic-settings-page.php:290 +#: includes/openid-connect-generic-settings-page.php:291 msgid "Set the timeout for requests made to the IDP. Default value is 5." msgstr "" -#: includes/openid-connect-generic-settings-page.php:296 +#: includes/openid-connect-generic-settings-page.php:297 msgid "Enforce Privacy" msgstr "" -#: includes/openid-connect-generic-settings-page.php:297 +#: includes/openid-connect-generic-settings-page.php:298 msgid "Require users be logged in to see the site." msgstr "" -#: includes/openid-connect-generic-settings-page.php:302 +#: includes/openid-connect-generic-settings-page.php:303 msgid "Alternate Redirect URI" msgstr "" -#: includes/openid-connect-generic-settings-page.php:303 +#: includes/openid-connect-generic-settings-page.php:304 msgid "" "Provide an alternative redirect route. Useful if your server is causing " "issues with the default admin-ajax method. You must flush rewrite rules " @@ -313,78 +323,78 @@ msgid "" "settings page." msgstr "" -#: includes/openid-connect-generic-settings-page.php:308 +#: includes/openid-connect-generic-settings-page.php:309 msgid "Nickname Key" msgstr "" -#: includes/openid-connect-generic-settings-page.php:309 +#: includes/openid-connect-generic-settings-page.php:310 msgid "" "Where in the user claim array to find the user's nickname. Possible " "standard values: preferred_username, name, or sub." msgstr "" -#: includes/openid-connect-generic-settings-page.php:315 +#: includes/openid-connect-generic-settings-page.php:316 msgid "Email Formatting" msgstr "" -#: includes/openid-connect-generic-settings-page.php:316 +#: includes/openid-connect-generic-settings-page.php:317 msgid "" "String from which the user's email address is built. Specify \"{email}\" as " "long as the user claim contains an email claim." msgstr "" -#: includes/openid-connect-generic-settings-page.php:322 +#: includes/openid-connect-generic-settings-page.php:323 msgid "Display Name Formatting" msgstr "" -#: includes/openid-connect-generic-settings-page.php:323 +#: includes/openid-connect-generic-settings-page.php:324 msgid "String from which the user's display name is built." msgstr "" -#: includes/openid-connect-generic-settings-page.php:329 +#: includes/openid-connect-generic-settings-page.php:330 msgid "Identify with User Name" msgstr "" -#: includes/openid-connect-generic-settings-page.php:330 +#: includes/openid-connect-generic-settings-page.php:331 msgid "" "If checked, the user's identity will be determined by the user name instead " "of the email address." msgstr "" -#: includes/openid-connect-generic-settings-page.php:335 +#: includes/openid-connect-generic-settings-page.php:336 msgid "State time limit" msgstr "" -#: includes/openid-connect-generic-settings-page.php:336 +#: includes/openid-connect-generic-settings-page.php:337 msgid "State valid time in seconds. Defaults to 180" msgstr "" -#: includes/openid-connect-generic-settings-page.php:341 +#: includes/openid-connect-generic-settings-page.php:342 msgid "Enable Refresh Token" msgstr "" -#: includes/openid-connect-generic-settings-page.php:342 +#: includes/openid-connect-generic-settings-page.php:343 msgid "" "If checked, support refresh tokens used to obtain access tokens from " "supported IDPs." msgstr "" -#: includes/openid-connect-generic-settings-page.php:347 +#: includes/openid-connect-generic-settings-page.php:348 msgid "Link Existing Users" msgstr "" -#: includes/openid-connect-generic-settings-page.php:348 +#: includes/openid-connect-generic-settings-page.php:349 msgid "" "If a WordPress account already exists with the same identity as a " "newly-authenticated user over OpenID Connect, login as that user instead of " "generating an error." msgstr "" -#: includes/openid-connect-generic-settings-page.php:353 +#: includes/openid-connect-generic-settings-page.php:354 msgid "Create user if does not exist" msgstr "" -#: includes/openid-connect-generic-settings-page.php:354 +#: includes/openid-connect-generic-settings-page.php:355 msgid "" "If the user identity is not link to an existing Wordpress user, it is " "created. If this setting is not enabled and if the user authenticates with " @@ -392,11 +402,11 @@ msgid "" "authentication failed" msgstr "" -#: includes/openid-connect-generic-settings-page.php:359 +#: includes/openid-connect-generic-settings-page.php:360 msgid "Redirect Back to Origin Page" msgstr "" -#: includes/openid-connect-generic-settings-page.php:360 +#: includes/openid-connect-generic-settings-page.php:361 msgid "" "After a successful OpenID Connect authentication, this will redirect the " "user back to the page on which they clicked the OpenID Connect login " @@ -407,75 +417,75 @@ msgid "" "account page." msgstr "" -#: includes/openid-connect-generic-settings-page.php:365 +#: includes/openid-connect-generic-settings-page.php:366 msgid "Redirect to the login screen when session is expired" msgstr "" -#: includes/openid-connect-generic-settings-page.php:366 +#: includes/openid-connect-generic-settings-page.php:367 msgid "" "When enabled, this will automatically redirect the user back to the " "WordPress login page if their access token has expired." msgstr "" -#: includes/openid-connect-generic-settings-page.php:371 +#: includes/openid-connect-generic-settings-page.php:372 msgid "Enable Logging" msgstr "" -#: includes/openid-connect-generic-settings-page.php:372 +#: includes/openid-connect-generic-settings-page.php:373 msgid "Very simple log messages for debugging purposes." msgstr "" -#: includes/openid-connect-generic-settings-page.php:377 +#: includes/openid-connect-generic-settings-page.php:378 msgid "Log Limit" msgstr "" -#: includes/openid-connect-generic-settings-page.php:378 +#: includes/openid-connect-generic-settings-page.php:379 msgid "" "Number of items to keep in the log. These logs are stored as an option in " "the database, so space is limited." msgstr "" -#: includes/openid-connect-generic-settings-page.php:438 +#: includes/openid-connect-generic-settings-page.php:439 msgid "Notes" msgstr "" -#: includes/openid-connect-generic-settings-page.php:441 +#: includes/openid-connect-generic-settings-page.php:442 msgid "Redirect URI" msgstr "" -#: includes/openid-connect-generic-settings-page.php:445 +#: includes/openid-connect-generic-settings-page.php:446 msgid "Login Button Shortcode" msgstr "" -#: includes/openid-connect-generic-settings-page.php:449 +#: includes/openid-connect-generic-settings-page.php:450 msgid "Authentication URL Shortcode" msgstr "" -#: includes/openid-connect-generic-settings-page.php:454 +#: includes/openid-connect-generic-settings-page.php:455 msgid "Logs" msgstr "" -#: includes/openid-connect-generic-settings-page.php:534 +#: includes/openid-connect-generic-settings-page.php:535 msgid "Example" msgstr "" -#: includes/openid-connect-generic-settings-page.php:547 +#: includes/openid-connect-generic-settings-page.php:548 msgid "Enter your OpenID Connect identity provider settings." msgstr "" -#: includes/openid-connect-generic-settings-page.php:556 +#: includes/openid-connect-generic-settings-page.php:557 msgid "Modify the interaction between OpenID Connect and WordPress users." msgstr "" -#: includes/openid-connect-generic-settings-page.php:565 +#: includes/openid-connect-generic-settings-page.php:566 msgid "Control the authorization mechanics of the site." msgstr "" -#: includes/openid-connect-generic-settings-page.php:574 +#: includes/openid-connect-generic-settings-page.php:575 msgid "Log information about login attempts through OpenID Connect Generic." msgstr "" -#: openid-connect-generic.php:200 +#: openid-connect-generic.php:202 msgid "Private site" msgstr "" diff --git a/openid-connect-generic.php b/openid-connect-generic.php index c4f855a..5b152fd 100644 --- a/openid-connect-generic.php +++ b/openid-connect-generic.php @@ -16,7 +16,7 @@ * Plugin Name: OpenID Connect Generic * Plugin URI: https://github.com/daggerhart/openid-connect-generic * Description: Connect to an OpenID Connect generic client using Authorization Code Flow. - * Version: 3.8.2 + * Version: 3.8.3 * Author: daggerhart * Author URI: http://www.daggerhart.com * Text Domain: daggerhart-openid-connect-generic @@ -80,7 +80,7 @@ class OpenID_Connect_Generic { * * @var */ - const VERSION = '3.8.2'; + const VERSION = '3.8.3'; /** * Plugin settings. diff --git a/package-lock.json b/package-lock.json index 1782382..cc533db 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "openid-connect-generic", - "version": "3.8.2", + "version": "3.8.3", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index e2456eb..2813115 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-connect-generic", - "version": "3.8.2", + "version": "3.8.3", "description": "OpenID Connect generic WordPress plugin.", "main": "Gruntfile.js", "repository": { diff --git a/readme.txt b/readme.txt index 0a7586a..57183c8 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Donate link: http://www.daggerhart.com/ Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso Requires at least: 4.9 Tested up to: 5.6 -Stable tag: 3.8.2 +Stable tag: 3.8.3 Requires PHP: 7.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -51,6 +51,12 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene == Changelog == += 3.8.3 = + +* Fix: @timnolte - Fixed problems with proper redirect handling. +* Improvement: @timnolte - Changes redirect handling to use State instead of cookies. +* Improvement: @timnolte - Refactored additional code to meet coding standards. + = 3.8.2 = * Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.