Merges branch 'dev' into main

oidc-wp · Jan 20, 2021 · 3a300e9 · 3a300e9
2 parents b3c7b70 + 0c42ef0
commit 3a300e9
Show file tree

Hide file tree

Showing 10 changed files with 48 additions and 24 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -21,6 +21,8 @@
 /.editorconfig export-ignore
 /.gitattributes export-ignore
 /.gitignore export-ignore
+/.npmrc export-ignore
+/.nvmrc export-ignore
 /.travis.yml export-ignore
 /.wp-env.json export-ignore
 /composer.json export-ignore

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -6,6 +6,7 @@ on:
 jobs:
   tag:
     name: New tag
+    if: github.repository == 'oidc-wp/openid-connect-generic'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@main

diff --git a/.travis.yml b/.travis.yml
@@ -40,28 +40,32 @@ matrix:
   include:
     - name: Internationalization
       php: 7.3
-      env: WP_MODE=single WP_VERSION=5.4.* I18N=1
+      env: WP_MODE=single WP_VERSION=5.6.* I18N=1
     - name: Coding Standards
       php: 7.3
-      env: WP_MODE=single WP_VERSION=5.4.* PHP_LINT=1 COVERAGE=1
+      env: WP_MODE=single WP_VERSION=5.6.* PHP_LINT=1 COVERAGE=1
     - name: Static Code Analysis
       php: 7.3
-      env: WP_MODE=single WP_VERSION=5.4.* PHP_ANALYZE=1
+      env: WP_MODE=single WP_VERSION=5.6.* PHP_ANALYZE=1
     - name: Latest Stable
       php: 7.3
-      env: WP_MODE=single WP_VERSION=5.4.* PHP_UNIT=1
+      env: WP_MODE=single WP_VERSION=5.6.* PHP_UNIT=1
     - name: Preferred Minimum requirements
+      if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
       php: 7.2
-      env: WP_MODE=single WP_VERSION=5.3.* PHP_UNIT=1
+      env: WP_MODE=single WP_VERSION=5.4.* PHP_UNIT=1
     - name: Minimum requirements
+      if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
       php: 7.1
-      env: WP_MODE=single WP_VERSION=5.2.* PHP_UNIT=1
+      env: WP_MODE=single WP_VERSION=5.3.* PHP_UNIT=1
     - name: Bleeding Edge
+      if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
       php: 7.4
       env: WP_MODE=single WP_VERSION=dev-master PHP_UNIT=1
     - name: Multisite Compatibility
+      if: (branch IN (dev, main) OR branch =~ /^dev\-release\/.*$/) AND NOT type = pull_request
       php: 7.3
-      env: WP_MODE=multi WP_VERSION=5.4.* PHP_UNIT=1
+      env: WP_MODE=multi WP_VERSION=5.6.* PHP_UNIT=1
   allow_failures:
     - name: Bleeding Edge
 
@@ -70,13 +74,16 @@ addons:
     packages:
       - nodejs
 
+# We need to make sure we stick with Composer 1.x for compatibility.
 before_install:
   - npm install -g npm@6.14
   - npm install -g grunt-cli
+  - composer self-update --1
   - composer require "wordpress/wordpress:${WP_VERSION}" --dev --prefer-source --no-update
 
 install:
-  - composer update --prefer-source --no-interaction --optimize-autoloader
+  - composer update "wordpress/wordpress" --prefer-source --no-interaction --optimize-autoloader
+  - composer install
   - npm install
 
 before_script:

diff --git a/changelog.md b/changelog.md
@@ -1,5 +1,11 @@
 # OpenId Connect Generic Changelog
 
+3.8.1
+
+* Fix: @timnolte - Prevent SSO redirect on password protected posts.
+* Fix: @timnolte - CI/CD build issues.
+* Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.
+
 3.8.0
 
 * Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.

diff --git a/includes/openid-connect-generic-client-wrapper.php b/includes/openid-connect-generic-client-wrapper.php
@@ -278,8 +278,9 @@ function get_end_session_logout_redirect_url( $redirect_url, $requested_redirect
 		$url .= $query ? '&' : '?';
 
 		// Prevent redirect back to the IDP when logging out in auto mode.
-		if ( 'auto' === $this->settings->login_type && 'wp-login.php?loggedout=true' === $redirect_url ) {
-			$redirect_url = '';
+		if ( 'auto' === $this->settings->login_type && strpos( $redirect_url, 'wp-login.php?loggedout=true' ) ) {
+			// By default redirect back to the site home.
+			$redirect_url = home_url();
 		}
 
 		$token_response = $user->get( 'openid-connect-generic-last-token-response' );

diff --git a/includes/openid-connect-generic-login-form.php b/includes/openid-connect-generic-login-form.php
@@ -76,7 +76,8 @@ function handle_redirect_login_type_auto() {
 
 		if ( 'wp-login.php' == $GLOBALS['pagenow']
 			&& ( 'auto' == $this->settings->login_type || ! empty( $_GET['force_redirect'] ) )
-			&& ( ! isset( $_GET['action'] ) || 'logout' !== $_GET['action'] )
+			// Don't send users to the IDP on logout or post password protected authentication.
+			&& ( ! isset( $_GET['action'] ) || ! in_array( $_GET['action'], array( 'logout', 'postpass' ) ) )
 			&& ! isset( $_POST['wp-submit'] ) ) {
 			if ( ! isset( $_GET['login-error'] ) ) {
 				$this->handle_redirect_cookie();

diff --git a/openid-connect-generic.php b/openid-connect-generic.php
@@ -16,7 +16,7 @@
  * Plugin Name:       OpenID Connect Generic
  * Plugin URI:        https://github.com/daggerhart/openid-connect-generic
  * Description:       Connect to an OpenID Connect generic client using Authorization Code Flow.
- * Version:           3.8.0
+ * Version:           3.8.1
  * Author:            daggerhart
  * Author URI:        http://www.daggerhart.com
  * Text Domain:       daggerhart-openid-connect-generic
@@ -80,7 +80,7 @@ class OpenID_Connect_Generic {
 	 *
 	 * @var
 	 */
-	const VERSION = '3.8.0';
+	const VERSION = '3.8.1';
 
 	/**
 	 * Plugin settings.

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "openid-connect-generic",
-	"version": "3.8.0",
+	"version": "3.8.1",
 	"description": "OpenID Connect generic WordPress plugin.",
 	"main": "Gruntfile.js",
 	"repository": {

diff --git a/readme.txt b/readme.txt
@@ -3,9 +3,9 @@ Contributors: daggerhart, tnolte
 Donate link: http://www.daggerhart.com/
 Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso
 Requires at least: 4.9
-Tested up to: 5.4.2
-Stable tag: 3.8.0
-Requires PHP: 5.6
+Tested up to: 5.6
+Stable tag: 3.8.1
+Requires PHP: 7.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -51,6 +51,12 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 
 == Changelog ==
 
+= 3.8.1 =
+
+* Fix: @timnolte - Prevent SSO redirect on password protected posts.
+* Fix: @timnolte - CI/CD build issues.
+* Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.
+
 = 3.8.0 =
 
 * Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.