Squashed commit of the following:

commit 39690e1
Author: Tim Nolte <tim.nolte@ndigitals.com>
Date:   Sat Apr 10 16:41:14 2021 -0400

    Preparation for New Maintenance Release

    - Updates Version to 3.8.4.
    - Updates Changelogs.

commit 1e1b84c
Author: Tim Nolte <tnolte@forumone.com>
Date:   Sat Apr 10 12:00:40 2021 -0400

    Local Dev/Composer Scripts/Transient Redirection Fixes (#295)

    - Fixes local Docker wp-env environment setup w/ cleanup.
    - Fixes Composer scripts for linting and static analysis.
    - Fixes invalid State transient object handling for redirection.

commit 40e6047
Author: Tim Nolte <tnolte@forumone.com>
Date:   Thu Apr 8 22:10:53 2021 -0400

    Preparation for Maintenance Release (#291)

commit 8a96330
Author: Tim Nolte <tnolte@forumone.com>
Date:   Thu Apr 8 08:06:33 2021 -0400

    Fixes Broken Redirect URL Handling & Moves Away from Cookies (#289)

    * Initial Changes to Move Away from Cookies for Redirects

    * Add Redirection via State Transient Support

    - Adds adding the login redirection to the state transient.
    - Deprecates the use of cookies to handle login redirection.
    - Fixes Login button shortcode authentication URL encoding.
    - Fixes some broken wp-env local Docker environment issues.
    - Fixes make_authentication_url attributes usage.
    - Removes error_log calls used for debugging.

    * Fixes Missed WordPress Coding Standards Issues

    - Updates PHP_CodeSniffer configuration to properly support all checks.

    * Fixes Login Button Output for Proper Escaping

commit c839083
Merge: 76c824a 14dbc06
Author: Tim Nolte <tnolte@forumone.com>
Date:   Wed Mar 24 10:10:09 2021 -0400

    Merges branch 'main' into dev

commit 76c824a
Author: Tim Nolte <tnolte@forumone.com>
Date:   Wed Mar 24 09:42:51 2021 -0400

    Fixes Login Page XSS Issue (#283)

    - Adds escaping to the errot output message.
    - Adds escaping to the login button output.

commit 2c7c21d
Author: Tim Nolte <tnolte@forumone.com>
Date:   Mon Mar 22 12:53:01 2021 -0400

    Feature/travis ci to GitHub actions (#282)

    * Updates Composer/NPM Dependencies & Adds New GitHub Actions

    * Moves All CI/CI Functionality to GitHub Actions

    - Updates Composer & NPM dependencies to newer versions.
    - Updates default development environment WordPress version to 5.6.x.
    - Fixes missing updated to the language POT file.
    - Moves to using a GitHub Release for WordPress.org deployment.
    - Removes TravisCI configuration.

.wp-env.json

@@ -1,5 +1,6 @@
 {
 	"core": "./wordpress/build",
+	"phpVersion": "7.3",
 	"plugins": [
 		"."
 	],
@@ -14,18 +15,12 @@
 				"https://downloads.wordpress.org/plugin/query-monitor.zip",
 				"https://downloads.wordpress.org/plugin/debug-bar-post-meta.zip",
 				"https://downloads.wordpress.org/plugin/transients-manager.zip"
-			],
-			"mappings": {
-				"wp-config.php": "tools/local-env/wp-config.dev.php"
-			}
+			]
 		},
 		"tests": {
 			"plugins": [
 				"."
-			],
-			"mappings": {
-				"wp-config.php": "tools/local-env/wp-config.tests.php"
-			}
+			]
 		}
 	},
 	"config": {

CHANGELOG.md

@@ -1,5 +1,10 @@
 # OpenId Connect Generic Changelog
 
+3.8.4
+* Fix: @timnolte - Fixed invalid State object access for redirection handling.
+* Improvement: @timnolte - Fixed local wp-env Docker development environment.
+* Improvement: @timnolte - Fixed Composer scripts for linting and static analysis.
+
 3.8.3
 
 * Fix: @timnolte - Fixed problems with proper redirect handling.

README.md

@@ -4,7 +4,7 @@
 **Tags:** security, login, oauth2, openidconnect, apps, authentication, autologin, sso  
 **Requires at least:** 4.9  
 **Tested up to:** 5.6  
-**Stable tag:** 3.8.3  
+**Stable tag:** 3.8.4  
 **Requires PHP:** 7.1  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
@@ -51,6 +51,12 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 
 ## Changelog ##
 
+### 3.8.4 ###
+
+* Fix: @timnolte - Fixed invalid State object access for redirection handling.
+* Improvement: @timnolte - Fixed local wp-env Docker development environment.
+* Improvement: @timnolte - Fixed Composer scripts for linting and static analysis.
+
 ### 3.8.3 ###
 
 * Fix: @timnolte - Fixed problems with proper redirect handling.

composer.json

@@ -90,9 +90,9 @@
 		"phpcs": "vendor/bin/phpcs",
 		"phpcbf": "vendor/bin/phpcbf",
 		"phpstan": "vendor/bin/phpstan",
-		"lint": "vendor/bin/phpcs --report=full .",
-		"lint-fix": "vendor/bin/phpcbf .",
-		"analyze": "vendor/bin/phpstan analyze ."
+		"lint": "vendor/bin/phpcs --report=full",
+		"lint-fix": "vendor/bin/phpcbf",
+		"analyze": "vendor/bin/phpstan analyze"
 	},
 	"extra": {
 		"installer-paths": {

includes/openid-connect-generic-client-wrapper.php

@@ -461,22 +461,22 @@ public function authentication_request_callback() {
 		// Redirect user according to redirect set in state.
 		$state_object = get_transient( 'openid-connect-generic-state--' . $state );
 		// Get the redirect URL stored with the corresponding authentication request state.
-		if ( ! empty( $state_object ) ) {
-			$redirect_url = $state_object['redirect_to'];
+		if ( ! empty( $state_object ) && ! empty( $state_object[ $state ] ) && ! empty( $state_object[ $state ]['redirect_to'] ) ) {
+			$redirect_url = $state_object[ $state ]['redirect_to'];
 		}
 
 		// Provide backwards compatibility for customization using the deprecated cookie method.
 		if ( ! empty( $_COOKIE[ $this->cookie_redirect_key ] ) ) {
 			$redirect_url = esc_url_raw( wp_unslash( $_COOKIE[ $this->cookie_redirect_key ] ) );
 		}
 
-		if ( $this->settings->redirect_user_back && ! empty( $redirect_url ) ) {
+		// Only do redirect-user-back action hook when the plugin is configured for it.
+		if ( $this->settings->redirect_user_back ) {
 			do_action( 'openid-connect-generic-redirect-user-back', $redirect_url, $user );
-			wp_redirect( $redirect_url );
-		} else { // Otherwise, go home!
-			wp_redirect( home_url() );
 		}
 
+		wp_redirect( $redirect_url );
+
 		exit;
 	}
 

languages/openid-connect-generic.pot

@@ -2,10 +2,10 @@
 # This file is distributed under the GPL-2.0+.
 msgid ""
 msgstr ""
-"Project-Id-Version: OpenID Connect Generic 3.8.3\n"
+"Project-Id-Version: OpenID Connect Generic 3.8.4\n"
 "Report-Msgid-Bugs-To: "
 "https://github.com/daggerhart/openid-connect-generic/issues\n"
-"POT-Creation-Date: 2021-04-08 12:27:16+00:00\n"
+"POT-Creation-Date: 2021-04-10 20:38:53+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"

openid-connect-generic.php

@@ -16,7 +16,7 @@
  * Plugin Name:       OpenID Connect Generic
  * Plugin URI:        https://github.com/daggerhart/openid-connect-generic
  * Description:       Connect to an OpenID Connect generic client using Authorization Code Flow.
- * Version:           3.8.3
+ * Version:           3.8.4
  * Author:            daggerhart
  * Author URI:        http://www.daggerhart.com
  * Text Domain:       daggerhart-openid-connect-generic
@@ -80,7 +80,7 @@ class OpenID_Connect_Generic {
 	 *
 	 * @var
 	 */
-	const VERSION = '3.8.3';
+	const VERSION = '3.8.4';
 
 	/**
 	 * Plugin settings.