Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect to logout of Auth0 on callback error #666

Merged
merged 6 commits into from
Apr 9, 2019
Merged

Redirect to logout of Auth0 on callback error #666

merged 6 commits into from
Apr 9, 2019

Conversation

joshcanhelp
Copy link
Contributor

@joshcanhelp joshcanhelp commented Apr 8, 2019
edited
Loading

Changes

  • Redirect to the Auth0 logout link when attempting to re-login after a callback error occurs. This will avoid loops caused by SSO.
  • Clear the WP session when a callback error occurs.
  • Set single logout on by default (to avoid login loops when ULP is on)
  • Reorder options on the Features tab.

Testing

  • This change adds unit test coverage
  • This change has been tested on WP 5.1.1

Checklist

  • All existing and new tests complete without errors
  • All code quality tools/guidelines in the Contribution guide have been run/followed
  • All active GitHub CI checks have passed

@joshcanhelp joshcanhelp added this to the 3.10.0 milestone Apr 8, 2019
joshcanhelp
joshcanhelp commented Apr 9, 2019
View reviewed changes
lib/WP_Auth0_LoginManager.php
@@ -159,7 +159,7 @@ public function init_auth0() {

// Not an Auth0 login process or settings are not configured to allow logins.
if ( ! $this->query_vars( 'auth0' ) || ! WP_Auth0::ready() ) {
return;
return false;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The return value is not used anywhere except in tests.

joshcanhelp
joshcanhelp commented Apr 9, 2019
View reviewed changes
lib/WP_Auth0_LoginManager.php
*/
protected function die_on_login( $msg = '', $code = 0, $login_link = true ) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing the parameter here is not a breaking change.

joshcanhelp
joshcanhelp commented Apr 9, 2019
View reviewed changes
lib/admin/WP_Auth0_Admin_Features.php
@@ -32,35 +32,35 @@ public function __construct( WP_Auth0_Options_Generic $options ) {
public function init() {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No removals, just reordering the option display.

@joshcanhelp joshcanhelp marked this pull request as ready for review April 9, 2019 03:14
@joshcanhelp joshcanhelp changed the title Adding tests for missing logout link Redirect from Auth0 on callback error Apr 9, 2019
@joshcanhelp joshcanhelp merged commit a724d6e into master Apr 9, 2019
@joshcanhelp joshcanhelp deleted the force-logout-after-error branch April 9, 2019 19:42
@joshcanhelp joshcanhelp changed the title Redirect from Auth0 on callback error Redirect to logout of Auth0 on callback error Apr 11, 2019
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@damieng damieng damieng approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.10.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@joshcanhelp @damieng