Merge pull request #112 from pantheon-systems/111-auth-redirect

Prevent WordPress from dropping auth cookies in auth flow
pantheon-systems · Feb 8, 2018 · ebaa7a5 · ebaa7a5
2 parents 1bfcc22 + d1bf307
commit ebaa7a5
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 **Tags:** authentication, SAML  
 **Requires at least:** 4.4  
 **Tested up to:** 4.9  
-**Stable tag:** 0.3.5  
+**Stable tag:** 0.3.6  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -253,6 +253,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati
 
 ## Changelog ##
 
+### 0.3.6 (February 7, 2018) ###
+* Prevents WordPress from dropping authentication cookie when user is redirected to login from `/wp-admin/` URLs [[#112](https://github.com/pantheon-systems/wp-saml-auth/pull/112)].
+
 ### 0.3.5 (January 19, 2018) ###
 * Substitutes `wp-login.php` string with `parse_url( wp_login_url(), PHP_URL_PATH )` for compatibility with plugins and functions that alter the standard login url [[#109](https://github.com/pantheon-systems/wp-saml-auth/pull/109)].
 

diff --git a/inc/class-wp-saml-auth.php b/inc/class-wp-saml-auth.php
@@ -243,7 +243,9 @@ public function do_saml_authentication() {
 		} elseif ( is_a( $this->provider, 'SimpleSAML_Auth_Simple' ) ) {
 			$this->provider->requireAuth(
 				array(
-					'ReturnTo' => $_SERVER['REQUEST_URI'],
+					// Prevent WordPress from dropping the login cookie
+					// when REQUEST_URI is /wp-admin/.
+					'ReturnTo' => str_replace( '&reauth=1', '', $_SERVER['REQUEST_URI'] ),
 				)
 			);
 			$attributes = $this->provider->getAttributes();

diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Contributors: getpantheon, danielbachhuber, Outlandish Josh
 Tags: authentication, SAML
 Requires at least: 4.4
 Tested up to: 4.9
-Stable tag: 0.3.5
+Stable tag: 0.3.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -253,6 +253,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati
 
 == Changelog ==
 
+= 0.3.6 (February 7, 2018) =
+* Prevents WordPress from dropping authentication cookie when user is redirected to login from `/wp-admin/` URLs [[#112](https://github.com/pantheon-systems/wp-saml-auth/pull/112)].
+
 = 0.3.5 (January 19, 2018) =
 * Substitutes `wp-login.php` string with `parse_url( wp_login_url(), PHP_URL_PATH )` for compatibility with plugins and functions that alter the standard login url [[#109](https://github.com/pantheon-systems/wp-saml-auth/pull/109)].
 

diff --git a/wp-saml-auth.php b/wp-saml-auth.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * Plugin Name: WP SAML Auth
- * Version: 0.3.5
+ * Version: 0.3.6
  * Description: SAML authentication for WordPress, using SimpleSAMLphp.
  * Author: Pantheon
  * Author URI: https://pantheon.io