Merge pull request #63 from michaelryanmcneill/2.2-alpha

Version 2.2
michaelryanmcneill · Jun 17, 2020 · 37fb390 · 37fb390
2 parents a7ccb3e + 519c34a
commit 37fb390
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 10 deletions.
diff --git a/options-admin.php b/options-admin.php
@@ -587,7 +587,8 @@ function AttributeAccessMethod()
 					<th scope="row"><?php _e('Default Role', 'shibboleth') ?></th>
 					<td>
 						<select id="default_role" name="default_role" <?php if ( defined( 'SHIBBOLETH_DEFAULT_ROLE' ) ) { disabled( $default_role, SHIBBOLETH_DEFAULT_ROLE ); } ?>>
-							<option value=""><?php _e('(none)', 'shibboleth') ?></option>
+							<option value=""><?php _e('(no role)', 'shibboleth') ?></option>
+							<option value="_no_account" <?php selected( $default_role, "_no_account" ); ?>><?php _e('(skip \'no role\' account creation)', 'shibboleth') ?></option>
 <?php
 			foreach ($wp_roles->role_names as $key => $name) {
 				echo '
@@ -598,7 +599,9 @@ function AttributeAccessMethod()
 
 						<p><?php _e('If a user does not map into any of the roles above, they will'
 							. ' be placed into the default role.  If there is no default role, the'
-							. ' user will not be able to log in with Shibboleth.', 'shibboleth'); ?></p>
+							. ' user will not be assigned a role when creating an account with'
+							. ' Shibboleth.  If "(skip \'no role\' account creation)" is selected, the user'
+							. ' will not be able to create an account with Shibboleth.', 'shibboleth'); ?></p>
 					</td>
 				</tr>
 

diff --git a/readme.txt b/readme.txt
@@ -1,9 +1,9 @@
 === Shibboleth ===
-Contributors: michaelryanmcneill, willnorris, mitchoyoshitaka, jrchamp, dericcrago, bshelton229
+Contributors: michaelryanmcneill, willnorris, mitchoyoshitaka, jrchamp, dericcrago, bshelton229, Alhrath, dandalpiaz
 Tags: shibboleth, authentication, login, saml
 Requires at least: 3.3
-Tested up to: 4.9.6
-Stable tag: 2.1.1
+Tested up to: 5.4.2
+Stable tag: 2.2
 
 Allows WordPress to externalize user authentication and account creation to a Shibboleth Service Provider.
 
@@ -186,6 +186,11 @@ This update brings with it a major change to the way Shibboleth attributes are a
 This update brings with it a major change to the way Shibboleth attributes are accessed. For most users, no additional configuration will be necessary. If you are using a specialized server configuration, such as a Shibboleth Service Provider on a reverse proxy or a server configuration that results in environment variables being sent with the prefix REDIRECT_, you should see the changelog for additional details: https://wordpress.org/plugins/shibboleth/#developers
 
 == Changelog ==
+= version 2.2 (2020-06-17) =
+ - Implementing <IfModule> conditional for .htaccess to protect against the Shibboleth Apache module not being installed; [thanks to @jrchamp for reporting](https://github.com/michaelryanmcneill/shibboleth/issues/60).
+ - Added an option to disable account creation if no mapped roles or default roles exist; props [@dandalpiaz](https://github.com/michaelryanmcneill/shibboleth/pull/59).
+ - Improve the Shibboleth login link so that when it shows up on a normal request it will correctly still be a login link and will redirect back to the page that showed the login link; props [@Alhrath](https://github.com/michaelryanmcneill/shibboleth/pull/53).
+
 = version 2.1.1 (2018-05-16) =
  - Minor code cleanup for disabling authentication and passsword resets; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/commit/06c28bec6d42e92a9338961e2f7ed4a7ae8a0f71#commitcomment-29005081).
  - Resolved a minor problem where setting the SHIBBOLETH_LOGGING constant on PHP 5.5 or below would not work in the administrative interface; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/pull/47#discussion_r188758184).

diff --git a/shibboleth.php b/shibboleth.php
@@ -4,13 +4,13 @@
  Plugin URI: http://wordpress.org/extend/plugins/shibboleth
  Description: Easily externalize user authentication to a <a href="http://shibboleth.internet2.edu">Shibboleth</a> Service Provider
  Author: Michael McNeill, mitcho (Michael 芳貴 Erlewine), Will Norris
- Version: 2.1.1
+ Version: 2.2
  License: Apache 2 (http://www.apache.org/licenses/LICENSE-2.0.html)
  Text Domain: shibboleth
  */
 
 define( 'SHIBBOLETH_MINIMUM_WP_VERSION', '3.3' );
-define( 'SHIBBOLETH_PLUGIN_VERSION', '2.1.1' );
+define( 'SHIBBOLETH_PLUGIN_VERSION', '2.2' );
 
 /**
  * Determine if this is a new install or upgrade and, if so, run the
@@ -614,9 +614,10 @@ function shibboleth_authenticate_user() {
 function shibboleth_create_new_user( $user_login, $user_email ) {
 	$create_accounts = shibboleth_getoption( 'shibboleth_create_accounts' );
 	$shib_logging = shibboleth_getoption( 'shibboleth_logging', array(), true );
+	$user_role = shibboleth_get_user_role();
 
 	if ( $create_accounts != false ) {
-		if ( empty( $user_login ) || empty( $user_email ) ) {
+		if ( empty( $user_login ) || empty( $user_email ) || $user_role === "_no_account" ) {
 			return null;
 		}
 
@@ -633,7 +634,6 @@ function shibboleth_create_new_user( $user_login, $user_email ) {
 
 			// always update user data and role on account creation
 			shibboleth_update_user_data( $user->ID, true );
-			$user_role = shibboleth_get_user_role();
 			$user->set_role( $user_role );
 			do_action( 'shibboleth_set_user_roles', $user );
 			if ( in_array( 'account_create', $shib_logging ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
@@ -901,7 +901,7 @@ function shibboleth_insert_htaccess() {
 
 	if ( got_mod_rewrite() && ! $disabled ) {
 		$htaccess = get_home_path() . '.htaccess';
-		$rules = array( 'AuthType shibboleth', 'Require shibboleth' );
+		$rules = array( '<IfModule mod_shib>','AuthType shibboleth', 'Require shibboleth','</IfModule>' );
 		insert_with_markers( $htaccess, 'Shibboleth', $rules );
 	}
 }