From 7e94bd21fffb3009d0a7f9e6ee447bdd664b4cf9 Mon Sep 17 00:00:00 2001 From: "Spencer Fasulo (Work)" Date: Mon, 30 Oct 2023 14:55:47 -0400 Subject: [PATCH 1/5] Initial commit; add session id header override --- options-admin.php | 12 ++++++++++++ readme.txt | 4 ++++ shibboleth.php | 4 +++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/options-admin.php b/options-admin.php index 39e727a..13fd8ee 100644 --- a/options-admin.php +++ b/options-admin.php @@ -124,6 +124,9 @@ function shibboleth_options_general() { if ( ! defined( 'SHIBBOLETH_PASSWORD_RESET_URL' ) && isset( $_POST['password_reset_url'] ) ) { update_site_option( 'shibboleth_password_reset_url', esc_url_raw( wp_unslash( $_POST['password_reset_url'] ) ) ); } + if ( ! defined( 'SHIBBOLETH_SESSION_ID_HEADER' ) && isset( $_POST['session_id_header'] ) ) { + update_site_option( 'shibboleth_session_id_header', sanitize_text_field( wp_unslash( $_POST['session_id_header'] ) ) ); + } if ( ! defined( 'SHIBBOLETH_DEFAULT_TO_SHIB_LOGIN' ) ) { update_site_option( 'shibboleth_default_to_shib_login', ! empty( $_POST['default_login'] ) ); } @@ -149,6 +152,8 @@ function shibboleth_options_general() { $constant = $constant || $from_constant; list( $password_reset_url, $from_constant ) = shibboleth_getoption( 'shibboleth_password_reset_url', false, false, true ); $constant = $constant || $from_constant; + list($session_id_header, $from_constant) = shibboleth_getoption('shibboleth_session_id_header', false, false, true); + $constant = $constant || $from_constant; list( $attribute_access, $from_constant ) = shibboleth_getoption( 'shibboleth_attribute_access_method', false, false, true ); $constant = $constant || $from_constant; list( $attribute_access_fallback, $from_constant ) = shibboleth_getoption( 'shibboleth_attribute_access_method_fallback', false, false, true ); @@ -224,6 +229,13 @@ function shibboleth_options_general() { ALL users here to reset their password.', 'shibboleth' ) ); ?> + + + + />
+ + + diff --git a/readme.txt b/readme.txt index ea5a8b4..b9dfe9d 100644 --- a/readme.txt +++ b/readme.txt @@ -111,6 +111,10 @@ Yes, the plugin allows for all settings to be controlled via constants in `wp-co - Format: string - Available options: none - Example: `define('SHIBBOLETH_PASSWORD_RESET_URL', 'https://sso.example.com/account/reset');` + - `SHIBBOLETH_SESSION_ID_HEADER` + - Format: string + - Available options: none + - Example: `define('SHIBBOLETH_SESSION_ID_HEADER', 'REDIRECT_MYShib_Shib_Session_ID');` - `SHIBBOLETH_SPOOF_KEY` - Format: string - Available options: none diff --git a/shibboleth.php b/shibboleth.php index c41e553..2fc6444 100644 --- a/shibboleth.php +++ b/shibboleth.php @@ -206,6 +206,7 @@ function shibboleth_activate_plugin() { add_site_option( 'shibboleth_auto_combine_accounts', 'disallow' ); add_site_option( 'shibboleth_manually_combine_accounts', 'disallow' ); add_site_option( 'shibboleth_disable_local_auth', false ); + add_site_option( 'shibboleth_session_id_header', '' ); $headers = array( 'username' => array( @@ -376,7 +377,8 @@ function shibboleth_admin_hooks() { function shibboleth_session_active( $auto_login = false ) { $active = false; $method = shibboleth_getoption( 'shibboleth_attribute_access_method' ); - $session = shibboleth_getenv( 'Shib-Session-ID' ); + $session_id_header = shibboleth_getoption('shibboleth_session_id_header') ? shibboleth_getoption('shibboleth_session_id_header') : 'Shib-Session-ID'; + $session = shibboleth_getenv( $session_id_header ); if ( $session && 'http' !== $method ) { $active = true; From 487ba3b02066bab7088ae7923d00da2c0fb3bdee Mon Sep 17 00:00:00 2001 From: "Spencer Fasulo (Work)" Date: Tue, 31 Oct 2023 09:10:06 -0400 Subject: [PATCH 2/5] Replace session-id with check for username --- options-admin.php | 12 ------------ shibboleth.php | 5 ++--- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/options-admin.php b/options-admin.php index 13fd8ee..39e727a 100644 --- a/options-admin.php +++ b/options-admin.php @@ -124,9 +124,6 @@ function shibboleth_options_general() { if ( ! defined( 'SHIBBOLETH_PASSWORD_RESET_URL' ) && isset( $_POST['password_reset_url'] ) ) { update_site_option( 'shibboleth_password_reset_url', esc_url_raw( wp_unslash( $_POST['password_reset_url'] ) ) ); } - if ( ! defined( 'SHIBBOLETH_SESSION_ID_HEADER' ) && isset( $_POST['session_id_header'] ) ) { - update_site_option( 'shibboleth_session_id_header', sanitize_text_field( wp_unslash( $_POST['session_id_header'] ) ) ); - } if ( ! defined( 'SHIBBOLETH_DEFAULT_TO_SHIB_LOGIN' ) ) { update_site_option( 'shibboleth_default_to_shib_login', ! empty( $_POST['default_login'] ) ); } @@ -152,8 +149,6 @@ function shibboleth_options_general() { $constant = $constant || $from_constant; list( $password_reset_url, $from_constant ) = shibboleth_getoption( 'shibboleth_password_reset_url', false, false, true ); $constant = $constant || $from_constant; - list($session_id_header, $from_constant) = shibboleth_getoption('shibboleth_session_id_header', false, false, true); - $constant = $constant || $from_constant; list( $attribute_access, $from_constant ) = shibboleth_getoption( 'shibboleth_attribute_access_method', false, false, true ); $constant = $constant || $from_constant; list( $attribute_access_fallback, $from_constant ) = shibboleth_getoption( 'shibboleth_attribute_access_method_fallback', false, false, true ); @@ -229,13 +224,6 @@ function shibboleth_options_general() { ALL users here to reset their password.', 'shibboleth' ) ); ?> - - - - />
- - - diff --git a/shibboleth.php b/shibboleth.php index 2fc6444..a90b2e7 100644 --- a/shibboleth.php +++ b/shibboleth.php @@ -206,7 +206,6 @@ function shibboleth_activate_plugin() { add_site_option( 'shibboleth_auto_combine_accounts', 'disallow' ); add_site_option( 'shibboleth_manually_combine_accounts', 'disallow' ); add_site_option( 'shibboleth_disable_local_auth', false ); - add_site_option( 'shibboleth_session_id_header', '' ); $headers = array( 'username' => array( @@ -377,8 +376,8 @@ function shibboleth_admin_hooks() { function shibboleth_session_active( $auto_login = false ) { $active = false; $method = shibboleth_getoption( 'shibboleth_attribute_access_method' ); - $session_id_header = shibboleth_getoption('shibboleth_session_id_header') ? shibboleth_getoption('shibboleth_session_id_header') : 'Shib-Session-ID'; - $session = shibboleth_getenv( $session_id_header ); + $shib_headers = shibboleth_getoption( 'shibboleth_headers', array(), true ); + $session = shibboleth_getenv( $shib_headers['username']['name'] ); if ( $session && 'http' !== $method ) { $active = true; From 9dd23b83d00977ca4fb72ff2a794e60cd69d690f Mon Sep 17 00:00:00 2001 From: "Spencer Fasulo (Work)" Date: Tue, 31 Oct 2023 09:22:25 -0400 Subject: [PATCH 3/5] Remove Session ID header fom readme --- readme.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/readme.txt b/readme.txt index b9dfe9d..ea5a8b4 100644 --- a/readme.txt +++ b/readme.txt @@ -111,10 +111,6 @@ Yes, the plugin allows for all settings to be controlled via constants in `wp-co - Format: string - Available options: none - Example: `define('SHIBBOLETH_PASSWORD_RESET_URL', 'https://sso.example.com/account/reset');` - - `SHIBBOLETH_SESSION_ID_HEADER` - - Format: string - - Available options: none - - Example: `define('SHIBBOLETH_SESSION_ID_HEADER', 'REDIRECT_MYShib_Shib_Session_ID');` - `SHIBBOLETH_SPOOF_KEY` - Format: string - Available options: none From dd8c02aca5d514b8caf77d318af07da4e88bca6d Mon Sep 17 00:00:00 2001 From: Jonathan Champ Date: Tue, 31 Oct 2023 11:11:40 -0400 Subject: [PATCH 4/5] !fixup --- shibboleth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shibboleth.php b/shibboleth.php index a90b2e7..148a67f 100644 --- a/shibboleth.php +++ b/shibboleth.php @@ -376,7 +376,7 @@ function shibboleth_admin_hooks() { function shibboleth_session_active( $auto_login = false ) { $active = false; $method = shibboleth_getoption( 'shibboleth_attribute_access_method' ); - $shib_headers = shibboleth_getoption( 'shibboleth_headers', array(), true ); + $shib_headers = shibboleth_getoption( 'shibboleth_headers', array(), true ); $session = shibboleth_getenv( $shib_headers['username']['name'] ); if ( $session && 'http' !== $method ) { From 3b30e911c1da72b4f6a23ace8bd574f30b95716b Mon Sep 17 00:00:00 2001 From: "Spencer Fasulo (Work)" Date: Tue, 31 Oct 2023 11:13:01 -0400 Subject: [PATCH 5/5] Remove CodeSniffer whitespace issue --- shibboleth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shibboleth.php b/shibboleth.php index a90b2e7..148a67f 100644 --- a/shibboleth.php +++ b/shibboleth.php @@ -376,7 +376,7 @@ function shibboleth_admin_hooks() { function shibboleth_session_active( $auto_login = false ) { $active = false; $method = shibboleth_getoption( 'shibboleth_attribute_access_method' ); - $shib_headers = shibboleth_getoption( 'shibboleth_headers', array(), true ); + $shib_headers = shibboleth_getoption( 'shibboleth_headers', array(), true ); $session = shibboleth_getenv( $shib_headers['username']['name'] ); if ( $session && 'http' !== $method ) {