Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update auth params method to add filters #716

Merged
merged 1 commit into from
Aug 21, 2019
Merged

Update auth params method to add filters #716

merged 1 commit into from
Aug 21, 2019

Conversation

joshcanhelp
Copy link
Contributor

Changes

  • Move filter auth0_authorize_url_params before state is generated and decoded
  • Add filter auth0_authorize_state to modify state contents before decoding

Testing

  • This change adds unit test coverage
  • This change has been tested on WP 5.2.2

Checklist

  • All existing and new tests complete without errors
  • All code quality tools/guidelines in the Contribution guide have been run/followed
  • All active GitHub CI checks have passed

@joshcanhelp joshcanhelp added this to the 4.0.0 milestone Aug 13, 2019
@joshcanhelp joshcanhelp requested a review from a team August 13, 2019 17:11
joshcanhelp
joshcanhelp commented Aug 13, 2019
View reviewed changes
tests/testLoginManager.php
@@ -46,49 +46,6 @@ function( $default_scope, $context ) {
$this->assertEquals( 'openid email profile auth0', $scope );
}

/**
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Split out into different tests in the class added below 👇

joshcanhelp
joshcanhelp commented Aug 13, 2019
View reviewed changes
lib/WP_Auth0_LoginManager.php
]
)
);
if ( empty( $filtered_params['state'] ) ) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This allows backwards-compat with anyone generating their own state.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nonce can be customized?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

State-level unique value can be (default generated state would always be the same value if not). Use case here is for adding values, though.

lbalmaceda
lbalmaceda reviewed Aug 15, 2019
View reviewed changes
lib/WP_Auth0_LoginManager.php

if ( $is_implicit ) {
$params['nonce'] = $nonce;
$params['response_mode'] = 'form_post';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No longer an option? 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved up to be more explicit

lib/WP_Auth0_LoginManager.php
]
)
);
if ( empty( $filtered_params['state'] ) ) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nonce can be customized?

@joshcanhelp
Copy link
Contributor Author

@lbalmaceda - Not urgent but ping for you here :)

@joshcanhelp joshcanhelp merged commit d1df54d into master Aug 21, 2019
@joshcanhelp joshcanhelp deleted the update-auth-params-method branch August 21, 2019 20:02
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lbalmaceda lbalmaceda lbalmaceda approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@joshcanhelp @lbalmaceda