From b64fab27be1a66d065a060703173a540c4b4b845 Mon Sep 17 00:00:00 2001 From: Jonathan Daggerhart Date: Thu, 20 Apr 2017 15:58:37 -0400 Subject: [PATCH] breaking out changelog into its own file, providing attribution to users that have helped with issues and prs --- changelog.md | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++ readme.md | 68 ------------------------------------------------ readme.txt | 67 +---------------------------------------------- 3 files changed, 74 insertions(+), 134 deletions(-) create mode 100644 changelog.md diff --git a/changelog.md b/changelog.md new file mode 100644 index 0000000..709a7b8 --- /dev/null +++ b/changelog.md @@ -0,0 +1,73 @@ + +# OpenId Connect Generic Changelog + +**3.2.0** + +* Feature: @robbiepaul - trigger core action `wp_login` when user is logged in through this plugin +* Feature: @moriyoshi - Determine the WP_User display name with replacement tokens on the settings page. Tokens can be any property of the user_claim. +* Bug fix: Provide port to the request header when requesting the user_claim + +**3.1.0** + +* Feature: @rwasef1830 - Refresh tokens +* Feature: @rwasef1830 - Integrated logout support with end_session endpoint +* Feature: May use an alternate redirect_uri that doesn't rely on admin-ajax +* Feature: @ahatherly - Support for IDP behind reverse proxy +* Bug fix: @robertstaddon - case insensitive check for Bearer token +* Bug fix: @rwasef1830 - "redirect to origin when auto-sso" cookie issue +* Bug fix: @rwasef1830 - PHP Warnings headers already sent due to attempts to redirect and set cookies during login form message +* Bug fix: @rwasef1830 - expire session when access_token expires if no refresh token found +* UX fix: @rwasef1830 - Show login button on error redirect when using auto-sso + +**3.0.8** + +* Feature: @wgengarelly - Added `openid-connect-generic-update-user-using-current-claim` action hook allowing other plugins/themes + to take action using the fresh claims received when an existing user logs in. + +**3.0.7** + +* Bug fix: @wgengarelly - When requesting userinfo, send the access token using the Authorization header field as recommended in +section 5.3.1 of the specs. + +**3.0.6** + +* Bug fix: @robertstaddon - If "Link Existing Users" is enabled, allow users who login with OpenID Connect to also log in with WordPress credentials + +**3.0.5** + +* Feature: @robertstaddon - Added `[openid_connect_generic_login_button]` shortcode to allow the login button to be placed anywhere +* Feature: @robertstaddon - Added setting to "Redirect Back to Origin Page" after a successful login instead of redirecting to the home page. + +**3.0.4** + +* Feature: @robertstaddon - Added setting to allow linking existing WordPress user accounts with newly-authenticated OpenID Connect login + +**3.0.3** + +* Using WordPresss's is_ssl() for setcookie()'s "secure" parameter +* Bug fix: Incrementing username in case of collision. +* Bug fix: Wrong error sent when missing token body + +**3.0.2** + +* Added http_request_timeout setting + +**3.0.1** + +* Finalizing 3.0.x api + +**3.0** + +* Complete rewrite to separate concerns +* Changed settings keys for clarity (requires updating settings if upgrading from another version) +* Error logging + +**2.1** + +* Working my way closer to spec. Possible breaking change. Now checking for preferred_username as priority. +* New username determination to avoid collisions + +**2.0** + +Complete rewrite + diff --git a/readme.md b/readme.md index c1686d2..39fe473 100644 --- a/readme.md +++ b/readme.md @@ -34,71 +34,3 @@ Most OAuth2 servers should require a whitelist of redirect URIs for security pur by this client is like so: `https://example.com/wp-admin/admin-ajax.php?action=openid-connect-authorize` Replace `example.com` with your domain name and path to WordPress. - -### Changelog - -**3.2.0** -* Feature: #27 Determine the WP_User display name with replacement tokens on the settings page. Tokens can be any property of the user_claim. -* Bug fix: #30 Provide port to the request header when requesting the user_claim - -**3.1.0** -* Feature: #18 Refresh tokens -* Feature: #24 Integrated logout support with end_session endpoint -* Feature: #14 May use an alternate redirect_uri that doesn't rely on admin-ajax -* Feature: #25 Support for IDP behind reverse proxy -* Bug fix: #17 case insensitive check for Bearer token -* Bug fix: #20 "redirect to origin when auto-sso" cookie issue -* Bug fix: #12 PHP Warnings headers already sent due to attempts to redirect and set cookies during login form message -* Bug fix: #22 expire session when access_token expires if no refresh token found -* UX fix: #20 Show login button on error redirect when using auto-sso - -**3.0.8** -* Feature: #10 Added `openid-connect-generic-update-user-using-current-claim` action hook allowing other plugins/themes - to take action using the fresh claims received when an existing user logs in. - -**3.0.7** -* Bug fix: #9 When requesting userinfo, send the access token using the Authorization header field as recommended in -section 5.3.1 of the specs. - -**3.0.6** - -* Bug fix: #8 If "Link Existing Users" is enabled, allow users who login with OpenID Connect to also log in with WordPress credentials - -**3.0.5** - -* Feature: #6 Added [openid_connect_generic_login_button] shortcode to allow the login button to be placed anywhere -* Feature: #6 Added setting to "Redirect Back to Origin Page" after a successful login instead of redirecting to the home page. - -**3.0.4** - -* Feature: #5 Added setting to allow linking existing WordPress user accounts with newly-authenticated OpenID Connect login - -**3.0.3** - -* Using WordPresss's is_ssl() for setcookie()'s "secure" parameter -* Bug fix: Incrementing username in case of collision. -* Bug fix: Wrong error sent when missing token body - -**3.0.2** - -* Added http_request_timeout setting - -**3.0.1** - -* Finalizing 3.0.x api - -**3.0** - -* Complete rewrite to separate concerns -* Changed settings keys for clarity (requires updating settings if upgrading from another version) -* Error logging - -**2.1** - -* Working my way closer to spec. Possible breaking change. Now checking for preferred_username as priority. -* New username determination to avoid collisions - -**2.0** - -Complete rewrite - diff --git a/readme.txt b/readme.txt index e20ec19..ef6dee4 100644 --- a/readme.txt +++ b/readme.txt @@ -44,69 +44,4 @@ Replace `example.com` with your domain name and path to WordPress. == Changelog == -= 3.2.0 = -* Feature: Determine the WP_User display name with replacement tokens on the settings page. Tokens can be any property of the user_claim. @moriyoshi -* Bug fix: Provide port to the request header when requesting the user_claim - -= 3.1.0 = -* Feature: Refresh tokens -* Feature: Integrated logout support with end_session endpoint -* Feature: May use an alternate redirect_uri that doesn't rely on admin-ajax -* Feature: Support for IDP behind reverse proxy -* Bug fix: case insensitive check for Bearer token -* Bug fix: "redirect to origin when auto-sso" cookie issue -* Bug fix: PHP Warnings headers already sent due to attempts to redirect and set cookies during login form message -* Bug fix: expire session when access_token expires if no refresh token found -* UX fix: Show login button on error redirect when using auto-sso - -= 3.0.8 = -* Added [openid-connect-generic-update-user-using-current-claim] action hook allowing other plugins/themes - to take action using the fresh claims received when an existing user logs in. - -= 3.0.7 = - -* When requesting userinfo, send the access token using the Authorization header field as recommended in - section 5.3.1 of the specs. - -= 3.0.6 = - -* If "Link Existing Users" is enabled, allow users who login with OpenID Connect to also log in with WordPress credentials - -= 3.0.5 = - -* Added [openid_connect_generic_login_button] shortcode to allow the login button to be placed anywhere -* Added setting to "Redirect Back to Origin Page" after a successful login instead of redirecting to the home page. - -= 3.0.4 = - -* Added setting to allow linking existing WordPress user accounts with newly-authenticated OpenID Connect login - -= 3.0.3 = - -* Using WordPresss's is_ssl() for setcookie()'s "secure" parameter -* Bug fix: Incrementing username in case of collision. -* Bug fix: Wrong error sent when missing token body - -= 3.0.2 = - -* Added http_request_timeout setting - -= 3.0.1 = - -* Finalizing 3.0.x api - -= 3.0 = - -* Complete rewrite to separate concerns -* Changed settings keys for clarity (requires updating settings if upgrading from another version) -* Error logging - -= 2.1 = - -* Possible breaking change. Now checking for preferred_username as priority. -* New username determination to avoid collisions - -= 2.0 = - -Complete rewrite of another plugin - +See changelog.md