From a3c8cd0ad29812633c0af12b334cba8a0d2ab0b2 Mon Sep 17 00:00:00 2001 From: Daniel Bachhuber Date: Wed, 7 Feb 2018 16:43:41 -0800 Subject: [PATCH 1/2] Prevent WordPress from dropping auth cookies in auth flow --- README.md | 5 ++++- inc/class-wp-saml-auth.php | 4 +++- readme.txt | 5 ++++- wp-saml-auth.php | 2 +- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 54bd3e3..3ec3f88 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **Tags:** authentication, SAML **Requires at least:** 4.4 **Tested up to:** 4.9 -**Stable tag:** 0.3.5 +**Stable tag:** 0.3.6 **License:** GPLv2 or later **License URI:** http://www.gnu.org/licenses/gpl-2.0.html @@ -253,6 +253,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati ## Changelog ## +### 0.3.6 (February 7, 2018) ### +* Prevents WordPress from dropping authentication cookie when user is redirected to login from `/wp-admin/` URLs [[#112](https://github.com/pantheon-systems/wp-saml-auth/pull/112)]. + ### 0.3.5 (January 19, 2018) ### * Substitutes `wp-login.php` string with `parse_url( wp_login_url(), PHP_URL_PATH )` for compatibility with plugins and functions that alter the standard login url [[#109](https://github.com/pantheon-systems/wp-saml-auth/pull/109)]. diff --git a/inc/class-wp-saml-auth.php b/inc/class-wp-saml-auth.php index 1a47854..4ed121f 100644 --- a/inc/class-wp-saml-auth.php +++ b/inc/class-wp-saml-auth.php @@ -243,7 +243,9 @@ public function do_saml_authentication() { } elseif ( is_a( $this->provider, 'SimpleSAML_Auth_Simple' ) ) { $this->provider->requireAuth( array( - 'ReturnTo' => $_SERVER['REQUEST_URI'], + // Prevent WordPress from dropping the login cookie + // when REQUEST_URI is /wp-admin/ + 'ReturnTo' => str_replace( '&reauth=1', '', $_SERVER['REQUEST_URI'] ), ) ); $attributes = $this->provider->getAttributes(); diff --git a/readme.txt b/readme.txt index 5d1e6b7..741b7e3 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: getpantheon, danielbachhuber, Outlandish Josh Tags: authentication, SAML Requires at least: 4.4 Tested up to: 4.9 -Stable tag: 0.3.5 +Stable tag: 0.3.6 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -253,6 +253,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati == Changelog == += 0.3.6 (February 7, 2018) = +* Prevents WordPress from dropping authentication cookie when user is redirected to login from `/wp-admin/` URLs [[#112](https://github.com/pantheon-systems/wp-saml-auth/pull/112)]. + = 0.3.5 (January 19, 2018) = * Substitutes `wp-login.php` string with `parse_url( wp_login_url(), PHP_URL_PATH )` for compatibility with plugins and functions that alter the standard login url [[#109](https://github.com/pantheon-systems/wp-saml-auth/pull/109)]. diff --git a/wp-saml-auth.php b/wp-saml-auth.php index 3a4b646..c36c09e 100644 --- a/wp-saml-auth.php +++ b/wp-saml-auth.php @@ -1,7 +1,7 @@ Date: Wed, 7 Feb 2018 16:53:44 -0800 Subject: [PATCH 2/2] Fix PHPCS issue --- inc/class-wp-saml-auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/class-wp-saml-auth.php b/inc/class-wp-saml-auth.php index 4ed121f..f63f919 100644 --- a/inc/class-wp-saml-auth.php +++ b/inc/class-wp-saml-auth.php @@ -244,7 +244,7 @@ public function do_saml_authentication() { $this->provider->requireAuth( array( // Prevent WordPress from dropping the login cookie - // when REQUEST_URI is /wp-admin/ + // when REQUEST_URI is /wp-admin/. 'ReturnTo' => str_replace( '&reauth=1', '', $_SERVER['REQUEST_URI'] ), ) );