* Adds Additional Validation & Fixes Redirect Back URL
- Adds URL request validation.
- Updates the way the redirect back URL is formed.
* Fixes Redirect URL Logic to Handle Subdirectory Installs
- Handles home page login for redirect back.
- Handles subpages login for redirect back.
- Handles non-permalink sites.
* Refactor Redirect URL Methods to Support All Uses
- Consolidates make_authentication_url & get_authentication_url.
- Fixes redirect client back support for login button and make
authentication URL.
* Initial Changes to Move Away from Cookies for Redirects
* Add Redirection via State Transient Support
- Adds adding the login redirection to the state transient.
- Deprecates the use of cookies to handle login redirection.
- Fixes Login button shortcode authentication URL encoding.
- Fixes some broken wp-env local Docker environment issues.
- Fixes make_authentication_url attributes usage.
- Removes error_log calls used for debugging.
* Fixes Missed WordPress Coding Standards Issues
- Updates PHP_CodeSniffer configuration to properly support all checks.
* Fixes Login Button Output for Proper Escaping
* Initial Coding Standards & Static Analysis Chanages.
* Adds WordPress coding standards configuration.
* Adds WordPress/PHP static analysis configuration.
* Adds Git hooks to enforce checks and ensure quality on commits.
* Adds initial local Docker development environment setup.
* Current state of coding standards and analysis fixes.
* Near Completion Update of PHP Code Sniffer Compliance Changes.
* Fixes all PHP Code Sniffer WordPress Coding Standards Issues.
* Updates Code Base to Pass Level 5 Baseline
* Ensures PHP Code Sniffs continue to pass.
* Fixes all code base issues to pass a level 5 PHP static analysis.
* Updates PHPStan configurations to use a level 5 baseline.
* Fixes Travis CI Configuration for Static Analysis
* Fixes Plugin Pass i18n Checks
* Adds i18n check to Travis CI builds.
* Adds additional i18n run scripts to package.json.
* Internationalization Checking & Fixes
* Fixes missing i18n translation in main plugin file.
* Adds update POT file.
* Enforces i18n checks on commit with GrumPHP.
* Adds i18n check step to Travis CI builds.
* Gitattributes for export exclusions
* Fixes missing loaded settings property assignment.
* Adds Support for IDP Settings as Defined Constants
- Reads from defined constants on plugin bootstrap.
- Disabled plugin settings fields when defined constants are used.
- Prevents savings plugin settings that are using defined constants.
* Adds Node/NPM Environment Requirements
* Fixes GrumPHP Bin Directory Configuration
* Updates GrumPHP for Required Features
- Bumps Composer package PHP version to 7.3.
- Updates GrumPHP configuration to new format.
* Plugin Settings Page Updates Using Constants
- Ensures that any available defined constants are loaded in place of any database stored settings as an override.
* Composer Dependency Updates & Travis CI Caching Fix
* Travis CI Build Composer Update Change
* NPM Updates & NVM Version Lock
* Fixes NPM Package Lock File for Node v12
* Updates NPM Package Dependencies
* Updates Changelog & README Files With Relevant Changes
* Fixes Localizaion on Error Output
* Changes GrumPHP Configuration to Provide a Full PHPCS Report
* Fixes Local Dev Setup to Activate Plugin by Default
* Adds Contribution Guide and Issue & PR Templates (#222)
* Fixes Support GitHub Issue Template (#223)
* Fixes space/typo with Wiki link (#224)
* Fixes invalid wp-env plugin configuration (#225)
* Improve Local Dev Setup by Reducing Setup Commands (#226)
* Improve Local Dev Setup by Reducing Setup Commands
* Adds Code Owners Configuration for Pull Requests
* Fixes Development Dependencies and Setup Scripts (#227)
* Dev release/3.8 (#229)
* Adds dev Branch to Travis CI Builds
* Release Preparation Enhancements & Release Changes
Co-authored-by: Jonathan Daggerhart <jonathan@daggerhart.com>
* Adds support for setting the redirect cookie when shortcodes are used.
* Adds support for overriding some attributes for authentication URLs
and login buttons when using the shortcodes.
* Fixes code formatting.
Before: a missing state error could be returned for 3 reasons: a token was not provided, the token provided was invalid, or the token provided had expired.
There was no way of knowing which of these was the cause of any single missing state error.
Now: if no token is provided, a missing state error is returned, and the "openid-connect-generic-no-state-provided" action is called.
If the token provided is invalid, an "Invalid state" error is thrown and the "openid-connect-generic-state-not-found" action is called.
If the token provided has expired, an "Invalid state" error is returned and the "openid-connect-generic-state-expired" action is called.
This should allow for more granular error logging around state token errors.
Some OpenID Connect providers offer additional functionality by adding
query params to the authentication URL
For example with Azure Active Directory if you pass in
`&domain_hint=REALM` you can customise the way the login screen looks
with your corporate logo etc
- refresh_token + access_token expiry is sent via encrypted cookie to the browser.
- If cookie is missing or invalid, user is logged out.
- If last access token expired, use refresh token to fetch a new one and send a new cookie.
- If token refresh fails, user is logged out.
- Cookie encryption is with per-user random key stored in user meta.
- Encryption and key generation done using https://github.com/defuse/php-encryption
- Updated autoloader function to support loading namespaced classes.
Tim Nolte
Jonathan Daggerhart
Rob Skilling
James Collier
Simon Costea
SYLVAIN PAILLASSE
Gassan Gousseinov
Shane Mulligan
Matt Varblow
Antti Leppä
Robbie Paul
Adam Hatherly
Raif Atef
wgengarelly
Jonathan Daggerhart