Remove migration utility; Modernize configuration for containerization; Use nonce to secure XSRF; And more! #263
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add support for mu-plugins use rename plugin class files to align with WP code style modify antiforgery_id to use wp nonces instead of a GUID/UUID lots of WordPress code style fixes rework settings class to use magic getter, and a resolution hierarchy constant, db, default, null secure all admin actions by using nonces add GUI to support mu-plugins/constants fix lots of phpdoc lots of new documentation
Make antiforgery_id security configurable by adding AADSSO_NONCE_PASSES constant - default nonce passes = 4
Add filters to add safe casting for CONSTANT setting values. i.e. string 'false' => boolean false fix many doc comments bump version to 1; huge new feature set and many breaking changes
bradkovach
changed the title
…onstructor. Was possible to get_instance without init before.
|
@psignoret hope you are well! please have a look at my PR, which includes a host of new features and security improvements. |
|
Found an issue where AADSSO_RESET_SETTINGS doesn't work unless you are logged in! |
|
@psignoret any feedback here? Would love to get this merged, and then start collaborating on wordpress plugin directory support. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@psignoret I have done a lot of work to bring the plugin into a modern devops/containerizable state so that it can be deployed widely and rapidly via unattended installs.
Please enjoy the overview of changes, and let me know if you see anything that needs addressed urgently.
I bumped the version to 1.0.0 but this may be too eager for you. If it is, 0.8.0 would be the next breaking release.
Static configuration via defined constants now supported
This was brought on by a need for some better automation for some of my WP deployments. Specifically, we wanted the automated ability to configure WordPress/Azure AD secrets with Azure KeyVault. The plugin can now be installed and configured without logging in to WordPress. All configuration values can be provided by
AADSSO_*constants. The options page displays the constant values in disabled controls, and tells the user that the setting is controlled by a constant.Use as a multi-use plugin now detected and supported.
The plugin now supports and detects when it is being used in must-use mode. By using the
wp-content/mu-plugins/installation, no initial login is needed in order to activate and configure the plugin. Plugin activation AND configuration can take place without logging in. A loader script is required. This is provided in$/load-aad-sso-wordpress.phpand can be set up with a copy or a symlink.Escape-Hatch
A new constant,
AADSSO_RESET_SETTINGS, is added to allow for a no-login reset of the database settings. Should you get locked out of your site (as I have done a few times), this should make it easier to regain access.WordPress admin actions are all now nonced to stop request forgery.
To ensure that actions are not being taken without a user's permission, all volatile admin actions are now generated as nonced actions. This should protect against a lot of potential misuse.
Anti-Forgery Token now assembled with a configurable number of nonces
Instead of using a random GUID that has to be stored in PHP $_SESSION, the plugin now utilizes a configurable number of nonces (
AADSSO_NONCE_PASSES) to generate and validate a login attempt. The default number of nonces is 3, but more or less can be added. The nonces are broken apart and verified cryptographically. Since no persistence beyond the WP session ID is needed to validate the nonces, any server in a properly-configured load-balanced scenario should be able to validate the nonces, since the session ID comes from WordPress's internals, not PHP's. If session is kept in redis/etc, these will work without needing session affinity tricks.Many uses of
$_SESSIONremain, but these are less critical.AADSSO_Settingsclass now uses a magic getterProperties are dynamically resolved in the following order:
nullAdded a one-hour cache for the
jwksresponseSaw a TODO for this, so GitHub Copilot took care of it.
Lots of formatting, phpdoc and WordPress style changes
Used PHPCodeSniffer to lint and apply a lot of WordPress conventions where they were missing. Class files have been renamed, as have classes, to align with WordPress style convention of
Upper_Snake_Caseclass names andclass-lower-kebab-case.phpfile names.JSON Settings Migration utility removed entirely.
JSON settings support and migration utility has been removed entirely. The functionality wasn't using WP_Filesystem, and is begging for a security vulnerability, so it is removed.
Miscellaneous
//translator:comments addedconfirm(...)prompt to the reset settings button.