From c28dfe3a7d9d2f4f698e5ea630dc338576499b9c Mon Sep 17 00:00:00 2001
From: Dan Dalpiaz
Date: Mon, 29 Jul 2019 09:49:17 -0500
Subject: [PATCH 1/8] add option to disable account creation if no mapped roles
or default role
---
options-admin.php | 5 ++++-
shibboleth.php | 4 ++--
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/options-admin.php b/options-admin.php
index aa0f415..3e5f2a3 100644
--- a/options-admin.php
+++ b/options-admin.php
@@ -594,11 +594,14 @@ function AttributeAccessMethod()
';
}
?>
+
+ . ' user will not be assigned a role when creating an account with'
+ . ' Shibboleth. If "Do NOT create an account" is selected, the user'
+ . ' will not be able to create an account with Shibboleth.', 'shibboleth'); ?>
diff --git a/shibboleth.php b/shibboleth.php
index 4c4ca3d..f4df4e7 100644
--- a/shibboleth.php
+++ b/shibboleth.php
@@ -614,9 +614,10 @@ function shibboleth_authenticate_user() {
function shibboleth_create_new_user( $user_login, $user_email ) {
$create_accounts = shibboleth_getoption( 'shibboleth_create_accounts' );
$shib_logging = shibboleth_getoption( 'shibboleth_logging', array(), true );
+ $user_role = shibboleth_get_user_role();
if ( $create_accounts != false ) {
- if ( empty( $user_login ) || empty( $user_email ) ) {
+ if ( empty( $user_login ) || empty( $user_email ) || $user_role === "noaccount" ) {
return null;
}
@@ -633,7 +634,6 @@ function shibboleth_create_new_user( $user_login, $user_email ) {
// always update user data and role on account creation
shibboleth_update_user_data( $user->ID, true );
- $user_role = shibboleth_get_user_role();
$user->set_role( $user_role );
do_action( 'shibboleth_set_user_roles', $user );
if ( in_array( 'account_create', $shib_logging ) || defined( 'WP_DEBUG' ) && WP_DEBUG ) {
From d0ef39cb2e631df57ac8a336429c28a8fa2c2dcc Mon Sep 17 00:00:00 2001
From: Dan Dalpiaz
Date: Mon, 29 Jul 2019 13:06:13 -0500
Subject: [PATCH 2/8] update role name for _no_account
---
options-admin.php | 2 +-
shibboleth.php | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/options-admin.php b/options-admin.php
index 3e5f2a3..1757ec1 100644
--- a/options-admin.php
+++ b/options-admin.php
@@ -594,7 +594,7 @@ function AttributeAccessMethod()
';
}
?>
-
+
From b4ecfbbfbf02ec715564a3ea109c6e506961a5d2 Mon Sep 17 00:00:00 2001
From: Michael McNeill
Date: Wed, 17 Jun 2020 13:58:04 -0400
Subject: [PATCH 4/8] Adding flags to prevent fatal errors on
installs without mod_shib
Resolves #60
---
shibboleth.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shibboleth.php b/shibboleth.php
index 499ee21..aa06c71 100644
--- a/shibboleth.php
+++ b/shibboleth.php
@@ -901,7 +901,7 @@ function shibboleth_insert_htaccess() {
if ( got_mod_rewrite() && ! $disabled ) {
$htaccess = get_home_path() . '.htaccess';
- $rules = array( 'AuthType shibboleth', 'Require shibboleth' );
+ $rules = array( '','AuthType shibboleth', 'Require shibboleth','' );
insert_with_markers( $htaccess, 'Shibboleth', $rules );
}
}
From 02ef5eff1aaca27e68b80f38e177de86f3594d03 Mon Sep 17 00:00:00 2001
From: Michael McNeill
Date: Wed, 17 Jun 2020 14:03:33 -0400
Subject: [PATCH 5/8] Bumping version to 2.2
---
shibboleth.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/shibboleth.php b/shibboleth.php
index aa06c71..1ae183f 100644
--- a/shibboleth.php
+++ b/shibboleth.php
@@ -4,13 +4,13 @@
Plugin URI: http://wordpress.org/extend/plugins/shibboleth
Description: Easily externalize user authentication to a Shibboleth Service Provider
Author: Michael McNeill, mitcho (Michael 芳貴 Erlewine), Will Norris
- Version: 2.1.1
+ Version: 2.2
License: Apache 2 (http://www.apache.org/licenses/LICENSE-2.0.html)
Text Domain: shibboleth
*/
define( 'SHIBBOLETH_MINIMUM_WP_VERSION', '3.3' );
-define( 'SHIBBOLETH_PLUGIN_VERSION', '2.1.1' );
+define( 'SHIBBOLETH_PLUGIN_VERSION', '2.2' );
/**
* Determine if this is a new install or upgrade and, if so, run the
From 05b3e70bb86e671c4e3633de10cedecc2baf0577 Mon Sep 17 00:00:00 2001
From: Michael McNeill
Date: Wed, 17 Jun 2020 14:09:55 -0400
Subject: [PATCH 6/8] Updating readme.txt with proper version and changelog
---
readme.txt | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/readme.txt b/readme.txt
index 05a15fa..fb8fbf8 100644
--- a/readme.txt
+++ b/readme.txt
@@ -2,8 +2,8 @@
Contributors: michaelryanmcneill, willnorris, mitchoyoshitaka, jrchamp, dericcrago, bshelton229
Tags: shibboleth, authentication, login, saml
Requires at least: 3.3
-Tested up to: 4.9.6
-Stable tag: 2.1.1
+Tested up to: 5.4.2
+Stable tag: 2.2
Allows WordPress to externalize user authentication and account creation to a Shibboleth Service Provider.
@@ -186,6 +186,10 @@ This update brings with it a major change to the way Shibboleth attributes are a
This update brings with it a major change to the way Shibboleth attributes are accessed. For most users, no additional configuration will be necessary. If you are using a specialized server configuration, such as a Shibboleth Service Provider on a reverse proxy or a server configuration that results in environment variables being sent with the prefix REDIRECT_, you should see the changelog for additional details: https://wordpress.org/plugins/shibboleth/#developers
== Changelog ==
+= version 2.2 (2020-06-xx) =
+ - Implementing conditional for .htaccess to protect against the Shibboleth Apache module not being installed; [thanks to @jrchamp for reporting](https://github.com/michaelryanmcneill/shibboleth/issues/60).
+ - Added an option to disable account creation if no mapped roles or default roles exist; props [@dandalpiaz](https://github.com/michaelryanmcneill/shibboleth/pull/59).
+
= version 2.1.1 (2018-05-16) =
- Minor code cleanup for disabling authentication and passsword resets; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/commit/06c28bec6d42e92a9338961e2f7ed4a7ae8a0f71#commitcomment-29005081).
- Resolved a minor problem where setting the SHIBBOLETH_LOGGING constant on PHP 5.5 or below would not work in the administrative interface; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/pull/47#discussion_r188758184).
From 385ba902a12dc48c29d27fac3429761ee8f40973 Mon Sep 17 00:00:00 2001
From: Michael McNeill
Date: Wed, 17 Jun 2020 14:19:49 -0400
Subject: [PATCH 7/8] Adding additional changes to readme.txt
---
readme.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/readme.txt b/readme.txt
index fb8fbf8..ae3f85c 100644
--- a/readme.txt
+++ b/readme.txt
@@ -189,6 +189,7 @@ This update brings with it a major change to the way Shibboleth attributes are a
= version 2.2 (2020-06-xx) =
- Implementing conditional for .htaccess to protect against the Shibboleth Apache module not being installed; [thanks to @jrchamp for reporting](https://github.com/michaelryanmcneill/shibboleth/issues/60).
- Added an option to disable account creation if no mapped roles or default roles exist; props [@dandalpiaz](https://github.com/michaelryanmcneill/shibboleth/pull/59).
+ - Improve the Shibboleth login link so that when it shows up on a normal request it will correctly still be a login link and will redirect back to the page that showed the login link; props [@Alhrath](https://github.com/michaelryanmcneill/shibboleth/pull/53).
= version 2.1.1 (2018-05-16) =
- Minor code cleanup for disabling authentication and passsword resets; props [@jrchamp](https://github.com/michaelryanmcneill/shibboleth/commit/06c28bec6d42e92a9338961e2f7ed4a7ae8a0f71#commitcomment-29005081).
From 519c34afa0e64490e8f5639191bbd65233fb881a Mon Sep 17 00:00:00 2001
From: Michael McNeill
Date: Wed, 17 Jun 2020 14:52:39 -0400
Subject: [PATCH 8/8] Making final updates for release
---
readme.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/readme.txt b/readme.txt
index ae3f85c..3e71928 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,5 +1,5 @@
=== Shibboleth ===
-Contributors: michaelryanmcneill, willnorris, mitchoyoshitaka, jrchamp, dericcrago, bshelton229
+Contributors: michaelryanmcneill, willnorris, mitchoyoshitaka, jrchamp, dericcrago, bshelton229, Alhrath, dandalpiaz
Tags: shibboleth, authentication, login, saml
Requires at least: 3.3
Tested up to: 5.4.2
@@ -186,7 +186,7 @@ This update brings with it a major change to the way Shibboleth attributes are a
This update brings with it a major change to the way Shibboleth attributes are accessed. For most users, no additional configuration will be necessary. If you are using a specialized server configuration, such as a Shibboleth Service Provider on a reverse proxy or a server configuration that results in environment variables being sent with the prefix REDIRECT_, you should see the changelog for additional details: https://wordpress.org/plugins/shibboleth/#developers
== Changelog ==
-= version 2.2 (2020-06-xx) =
+= version 2.2 (2020-06-17) =
- Implementing conditional for .htaccess to protect against the Shibboleth Apache module not being installed; [thanks to @jrchamp for reporting](https://github.com/michaelryanmcneill/shibboleth/issues/60).
- Added an option to disable account creation if no mapped roles or default roles exist; props [@dandalpiaz](https://github.com/michaelryanmcneill/shibboleth/pull/59).
- Improve the Shibboleth login link so that when it shows up on a normal request it will correctly still be a login link and will redirect back to the page that showed the login link; props [@Alhrath](https://github.com/michaelryanmcneill/shibboleth/pull/53).