* Initial Changes to Move Away from Cookies for Redirects
* Add Redirection via State Transient Support
- Adds adding the login redirection to the state transient.
- Deprecates the use of cookies to handle login redirection.
- Fixes Login button shortcode authentication URL encoding.
- Fixes some broken wp-env local Docker environment issues.
- Fixes make_authentication_url attributes usage.
- Removes error_log calls used for debugging.
* Fixes Missed WordPress Coding Standards Issues
- Updates PHP_CodeSniffer configuration to properly support all checks.
* Fixes Login Button Output for Proper Escaping
* Feature/travis ci to GitHub actions (#282)
* Updates Composer/NPM Dependencies & Adds New GitHub Actions
* Moves All CI/CI Functionality to GitHub Actions
- Updates Composer & NPM dependencies to newer versions.
- Updates default development environment WordPress version to 5.6.x.
- Fixes missing updated to the language POT file.
- Moves to using a GitHub Release for WordPress.org deployment.
- Removes TravisCI configuration.
* Fixes Login Page XSS Issue (#283)
- Adds escaping to the errot output message.
- Adds escaping to the login button output.
* Patch Version Bump & Changelog Updates for Release
- Fixes an issue with post password submission results in SSO
authentication when "auto" mode is enabled.
- Fixes issues with TravisCI builds failing due to Composer updates
occurring incorrectly during builds.
- Fixes to allow for WP version changes according to build matrix.
- Updates TravisCI build matrix.
- Reads from defined constants on plugin bootstrap.
- Disabled plugin settings fields when defined constants are used.
_ Prevents savings plugin settings that are using defined constants.
* Fixes missing i18n translation in main plugin file.
* Adds update POT file.
* Enforces i18n checks on commit with GrumPHP.
* Adds i18n check step to Travis CI builds.
* Ensures PHP Code Sniffs continue to pass.
* Fixes all code base issues to pass a level 5 PHP static analysis.
* Updates PHPStan configurations to use a level 5 baseline.
* allow developers to use the plain auth url by shortcode
* prevent to set the redirect cookie on every page request by moving the function call to the formular rendering.
When using wp-cli (eg: rewrite/cache flush), init() will run setcookie() which would trigger "headers already sent by". Just disable module when wp-cli is being used.
Some OpenID Connect providers offer additional functionality by adding
query params to the authentication URL
For example with Azure Active Directory if you pass in
`&domain_hint=REALM` you can customise the way the login screen looks
with your corporate logo etc
Tim Nolte
Tim Nolte
Jonathan Daggerhart
Simon Costea
SYLVAIN PAILLASSE
benoit
Sarah Lewis
Raphaël Droz
cswebservice
Antti Leppä
PJ Eby
Robbie Paul
Moriyoshi Koizumi