From aa37d7d5c8d5eec9a98b64f777c39bfc59873b56 Mon Sep 17 00:00:00 2001 From: Michael McNeill Date: Wed, 16 May 2018 16:13:23 -0400 Subject: [PATCH 1/7] Adding in @jrchamp's change --- shibboleth.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/shibboleth.php b/shibboleth.php index bb9a05d..1b2c4bf 100644 --- a/shibboleth.php +++ b/shibboleth.php @@ -796,12 +796,14 @@ function shibboleth_disable_login() { $bypass = defined( 'SHIBBOLETH_ALLOW_LOCAL_AUTH' ) && SHIBBOLETH_ALLOW_LOCAL_AUTH; - if ( $disable && ! $bypass && isset( $_GET['action'] ) && $_GET['action'] === 'lostpassword' ) { - // Disable the ability to reset passwords from wp-login.php - add_filter( 'allow_password_reset', '__return_false' ); - } elseif ( $disable && ! $bypass && ( isset( $_POST['log'] ) || isset( $_POST['user_login'] ) ) ) { - // Disable the ability to login using local authentication - wp_die( __( 'Shibboleth authentication is required.', 'shibboleth' ) ); + if ( $disable && ! $bypass ) { + if ( isset( $_GET['action'] ) && $_GET['action'] === 'lostpassword' ) { + // Disable the ability to reset passwords from wp-login.php + add_filter( 'allow_password_reset', '__return_false' ); + } elseif ( isset( $_POST['log'] ) || isset( $_POST['user_login'] ) ) { + // Disable the ability to login using local authentication + wp_die( __( 'Shibboleth authentication is required.', 'shibboleth' ) ); + } } } add_action( 'login_init', 'shibboleth_disable_login' ); From 5fba6609a39b214a4f7e735f147f72ee606a1b95 Mon Sep 17 00:00:00 2001 From: Michael McNeill Date: Wed, 16 May 2018 16:15:42 -0400 Subject: [PATCH 2/7] Bumping version to 2.1.1-alpha and adding in changelog update --- readme.txt | 5 ++++- shibboleth.php | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/readme.txt b/readme.txt index f9fa015..32b7695 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: michaelryanmcneill, willnorris, mitchoyoshitaka, jrchamp, dericcra Tags: shibboleth, authentication, login, saml Requires at least: 3.3 Tested up to: 4.9.2 -Stable tag: 2.1 +Stable tag: 2.1.1-alpha Allows WordPress to externalize user authentication and account creation to a Shibboleth Service Provider. @@ -186,6 +186,9 @@ This update brings with it a major change to the way Shibboleth attributes are a This update brings with it a major change to the way Shibboleth attributes are accessed. For most users, no additional configuration will be necessary. If you are using a specialized server configuration, such as a Shibboleth Service Provider on a reverse proxy or a server configuration that results in environment variables being sent with the prefix REDIRECT_, you should see the changelog for additional details: https://wordpress.org/plugins/shibboleth/#developers == Changelog == += version 2.1.1 (XXX-XX-XX) = + - Minor code cleanup for disabling authentication and passsword resets; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/commit/06c28bec6d42e92a9338961e2f7ed4a7ae8a0f71#commitcomment-29005081). + = version 2.1 (2018-05-16) = - Resolved an issue where in multisite users could inadvertently be sent to an unrelated subsite after logging in; [thanks to @themantimeforgot for reporting](https://github.com/michaelryanmcneill/shibboleth/issues/33) and [props to @jrchamp for the fix](https://github.com/michaelryanmcneill/shibboleth/pull/35). - Resolved an regression that prevented users from authenticating if shibboleth_default_role is blank and shibboleth_create_accounts is enabled; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/pull/37). diff --git a/shibboleth.php b/shibboleth.php index 1b2c4bf..c0fa4a6 100644 --- a/shibboleth.php +++ b/shibboleth.php @@ -4,13 +4,13 @@ Plugin URI: http://wordpress.org/extend/plugins/shibboleth Description: Easily externalize user authentication to a Shibboleth Service Provider Author: Michael McNeill, mitcho (Michael 芳貴 Erlewine), Will Norris - Version: 2.1 + Version: 2.1.1-alpha License: Apache 2 (http://www.apache.org/licenses/LICENSE-2.0.html) Text Domain: shibboleth */ define( 'SHIBBOLETH_MINIMUM_WP_VERSION', '3.3' ); -define( 'SHIBBOLETH_PLUGIN_VERSION', '2.1' ); +define( 'SHIBBOLETH_PLUGIN_VERSION', '2.1.1-alpha' ); /** * Determine if this is a new install or upgrade and, if so, run the From 468d8e90eae3caf90a6f30812aecb3f4ef450a75 Mon Sep 17 00:00:00 2001 From: Michael McNeill Date: Wed, 16 May 2018 16:21:13 -0400 Subject: [PATCH 3/7] Resolved a minor problem where setting the SHIBBOLETH_LOGGING constant on PHP 5.5 or below would not work in the administrative interface --- options-admin.php | 2 +- readme.txt | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/options-admin.php b/options-admin.php index 4a7025c..bf0a492 100644 --- a/options-admin.php +++ b/options-admin.php @@ -634,7 +634,7 @@ function AttributeAccessMethod()

diff --git a/readme.txt b/readme.txt index 32b7695..1762833 100644 --- a/readme.txt +++ b/readme.txt @@ -188,6 +188,7 @@ This update brings with it a major change to the way Shibboleth attributes are a == Changelog == = version 2.1.1 (XXX-XX-XX) = - Minor code cleanup for disabling authentication and passsword resets; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/commit/06c28bec6d42e92a9338961e2f7ed4a7ae8a0f71#commitcomment-29005081). + - Resolved a minor problem where setting the SHIBBOLETH_LOGGING constant on PHP 5.5 or below would not work in the administrative interface; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/pull/47#discussion_r188758184). = version 2.1 (2018-05-16) = - Resolved an issue where in multisite users could inadvertently be sent to an unrelated subsite after logging in; [thanks to @themantimeforgot for reporting](https://github.com/michaelryanmcneill/shibboleth/issues/33) and [props to @jrchamp for the fix](https://github.com/michaelryanmcneill/shibboleth/pull/35). From 9d5f006c2771bbdc639dc0eb45597db6196beb96 Mon Sep 17 00:00:00 2001 From: Michael McNeill Date: Wed, 16 May 2018 17:58:51 -0400 Subject: [PATCH 4/7] Resolves #48 --- options-admin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/options-admin.php b/options-admin.php index bf0a492..aa0f415 100644 --- a/options-admin.php +++ b/options-admin.php @@ -205,7 +205,7 @@ function shibboleth_options_page() { $constant = $constant || $from_constant; list( $spoofkey, $from_constant ) = shibboleth_getoption( 'shibboleth_spoof_key', false, false, true ); $constant = $constant || $from_constant; - list( $default_login, $from_constant ) = shibboleth_getoption( 'shibboleth_default_login', false, false, true ); + list( $default_login, $from_constant ) = shibboleth_getoption( 'shibboleth_default_to_shib_login', false, false, true ); $constant = $constant || $from_constant; list( $auto_login, $from_constant ) = shibboleth_getoption( 'shibboleth_auto_login', false, false, true ); $constant = $constant || $from_constant; From d85d63fe10c4724a2cb929b7ad46b90c3e1531c2 Mon Sep 17 00:00:00 2001 From: Michael McNeill Date: Wed, 16 May 2018 18:00:17 -0400 Subject: [PATCH 5/7] Updating changelog --- readme.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index 1762833..fdf1d8b 100644 --- a/readme.txt +++ b/readme.txt @@ -186,9 +186,10 @@ This update brings with it a major change to the way Shibboleth attributes are a This update brings with it a major change to the way Shibboleth attributes are accessed. For most users, no additional configuration will be necessary. If you are using a specialized server configuration, such as a Shibboleth Service Provider on a reverse proxy or a server configuration that results in environment variables being sent with the prefix REDIRECT_, you should see the changelog for additional details: https://wordpress.org/plugins/shibboleth/#developers == Changelog == -= version 2.1.1 (XXX-XX-XX) = += version 2.1.1 (2018-05-16) = - Minor code cleanup for disabling authentication and passsword resets; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/commit/06c28bec6d42e92a9338961e2f7ed4a7ae8a0f71#commitcomment-29005081). - Resolved a minor problem where setting the SHIBBOLETH_LOGGING constant on PHP 5.5 or below would not work in the administrative interface; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/pull/47#discussion_r188758184). + - Resolved an issue with the default to shibboleth login option in the admin; [thanks to @trandrew for reporting](https://github.com/michaelryanmcneill/shibboleth/issues/48). = version 2.1 (2018-05-16) = - Resolved an issue where in multisite users could inadvertently be sent to an unrelated subsite after logging in; [thanks to @themantimeforgot for reporting](https://github.com/michaelryanmcneill/shibboleth/issues/33) and [props to @jrchamp for the fix](https://github.com/michaelryanmcneill/shibboleth/pull/35). From 009603465b4541f519ac9b8b9519facd17eda917 Mon Sep 17 00:00:00 2001 From: Michael McNeill Date: Wed, 16 May 2018 18:00:45 -0400 Subject: [PATCH 6/7] Bumping version to prepare for release --- readme.txt | 2 +- shibboleth.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/readme.txt b/readme.txt index fdf1d8b..fc9f45e 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: michaelryanmcneill, willnorris, mitchoyoshitaka, jrchamp, dericcra Tags: shibboleth, authentication, login, saml Requires at least: 3.3 Tested up to: 4.9.2 -Stable tag: 2.1.1-alpha +Stable tag: 2.1.1 Allows WordPress to externalize user authentication and account creation to a Shibboleth Service Provider. diff --git a/shibboleth.php b/shibboleth.php index c0fa4a6..4c4ca3d 100644 --- a/shibboleth.php +++ b/shibboleth.php @@ -4,13 +4,13 @@ Plugin URI: http://wordpress.org/extend/plugins/shibboleth Description: Easily externalize user authentication to a Shibboleth Service Provider Author: Michael McNeill, mitcho (Michael 芳貴 Erlewine), Will Norris - Version: 2.1.1-alpha + Version: 2.1.1 License: Apache 2 (http://www.apache.org/licenses/LICENSE-2.0.html) Text Domain: shibboleth */ define( 'SHIBBOLETH_MINIMUM_WP_VERSION', '3.3' ); -define( 'SHIBBOLETH_PLUGIN_VERSION', '2.1.1-alpha' ); +define( 'SHIBBOLETH_PLUGIN_VERSION', '2.1.1' ); /** * Determine if this is a new install or upgrade and, if so, run the From b13a5ba3220fcb410089b8703a05bd3aaa47ad5f Mon Sep 17 00:00:00 2001 From: Michael McNeill Date: Wed, 16 May 2018 18:04:56 -0400 Subject: [PATCH 7/7] bumping support to 4.9.6 --- readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index fc9f45e..05a15fa 100644 --- a/readme.txt +++ b/readme.txt @@ -2,7 +2,7 @@ Contributors: michaelryanmcneill, willnorris, mitchoyoshitaka, jrchamp, dericcrago, bshelton229 Tags: shibboleth, authentication, login, saml Requires at least: 3.3 -Tested up to: 4.9.2 +Tested up to: 4.9.6 Stable tag: 2.1.1 Allows WordPress to externalize user authentication and account creation to a Shibboleth Service Provider.