Feature #68 state time limit option (#69)

* Added an option for state time limit on the settings page
7 years ago · 56bd5718e6
parent 6bc53f96d4
commit 56bd5718e6
3 changed files with 16 additions and 2 deletions
--- a/includes/openid-connect-generic-client.php
+++ b/includes/openid-connect-generic-client.php
@ -25,8 +25,9 @@ class OpenID_Connect_Generic_Client {
 	 * @param $endpoint_userinfo
 	 * @param $endpoint_token
 	 * @param $redirect_uri
+	 * @param $state_time_limit time states are valid in seconds
 	 */
-	function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri ){
+	function __construct( $client_id, $client_secret, $scope, $endpoint_login, $endpoint_userinfo, $endpoint_token, $redirect_uri, $state_time_limit){
 		$this->client_id = $client_id;
 		$this->client_secret = $client_secret;
 		$this->scope = $scope;
@ -34,6 +35,7 @@ class OpenID_Connect_Generic_Client {
 		$this->endpoint_userinfo = $endpoint_userinfo;
 		$this->endpoint_token = $endpoint_token;
 		$this->redirect_uri = $redirect_uri;
+		$this->state_time_limit = $state_time_limit;
 	}

 	/**
--- a/includes/openid-connect-generic-settings-page.php
+++ b/includes/openid-connect-generic-settings-page.php
@ -155,6 +155,12 @@ class OpenID_Connect_Generic_Settings_Page {
 				'type'        => 'checkbox',
 				'section'     => 'client_settings',
 			),
+			'state_time_limit'     => array(
+				'title'       => __( 'State time limit' ),
+				'description' => __( 'State valid time in seconds. Defaults to 180' ),
+				'type'        => 'number',
+				'section'     => 'client_settings',
+			),
 			'link_existing_users'   => array(
 				'title'       => __( 'Link Existing Users' ),
 				'description' => __( 'If a WordPress account already exists with the same identity as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error.' ),
--- a/openid-connect-generic.php
+++ b/openid-connect-generic.php
@ -79,6 +79,11 @@ class OpenID_Connect_Generic {
 			$redirect_uri = site_url( '/openid-connect-authorize' );
 		}
    
+		$state_time_limit = 180;
+		if ($this->settings->state_time_limit) {
+			$state_time_limit = intval($this->settings->state_time_limit);
+		}
+
 		$this->client = new OpenID_Connect_Generic_Client( 
 			$this->settings->client_id,
 			$this->settings->client_secret,
@ -86,7 +91,8 @@ class OpenID_Connect_Generic {
 			$this->settings->endpoint_login,
 			$this->settings->endpoint_userinfo,
 			$this->settings->endpoint_token,
-			$redirect_uri
+			$redirect_uri,
+			$state_time_limit
 		);
 		
 		$this->client_wrapper = OpenID_Connect_Generic_Client_Wrapper::register( $this->client, $this->settings, $this->logger );