From aa6c7906f775f53b4216461070296ef32f4bdcf8 Mon Sep 17 00:00:00 2001 From: Jakub Czyz Date: Tue, 7 Nov 2023 09:43:19 +0100 Subject: [PATCH 1/2] refactor login redirect --- .../includes/class-bcc-login-client.php | 30 ++++--------------- .../includes/class-bcc-login-visibility.php | 2 +- 2 files changed, 7 insertions(+), 25 deletions(-) diff --git a/plugins/bcc-login/includes/class-bcc-login-client.php b/plugins/bcc-login/includes/class-bcc-login-client.php index ed84654..214b79b 100644 --- a/plugins/bcc-login/includes/class-bcc-login-client.php +++ b/plugins/bcc-login/includes/class-bcc-login-client.php @@ -271,41 +271,23 @@ private function get_full_redirect_url() { private function get_current_url() { global $wp; if(isset($_GET['redirect_to'])) { - if( $this->parse_url_origin($_GET['redirect_to']) !== $this->parse_url_origin(site_url()) ) { + if( $this->parse_url_host($_GET['redirect_to']) !== $this->parse_url_host(site_url()) ) { return "/"; } - return $_GET['redirect_to']; } - // If the Permalink Structure is set to Plain we use the old solution with $_SERVER - if( get_option('permalink_structure') != "") { - return add_query_arg( $_SERVER['QUERY_STRING'], '', home_url( $wp->request ) ); - } - else { - // We replace 'wp-login.php' to 'wp-admin' to avoid the redirect loop when logging through SSO directly to the admin dashboard - return $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . str_replace('wp-login.php', 'wp-admin', $_SERVER['REQUEST_URI']); - } + return '//' . $_SERVER['HTTP_HOST'] . str_replace('wp-login.php', '', $_SERVER['REQUEST_URI']); } - private function parse_url_origin($url) { - $origin = ""; - + private function parse_url_host($url) { $parsed = parse_url($url); - if ($parsed === false) { - return $origin; + if ($parsed === false || !isset($parsed['host'])) { + return ""; } - if(isset($parsed['scheme'])) - $origin .= $parsed['scheme'] . "://"; - - if(isset($parsed['host'])) - $origin .= $parsed['host']; - - if(isset($parsed['port'])) - $origin .= ":" . $parsed['port']; - return $origin; + return $parsed['host']; } private function get_authorization_url( Auth_State $state ) { diff --git a/plugins/bcc-login/includes/class-bcc-login-visibility.php b/plugins/bcc-login/includes/class-bcc-login-visibility.php index f9001c9..97e491b 100644 --- a/plugins/bcc-login/includes/class-bcc-login-visibility.php +++ b/plugins/bcc-login/includes/class-bcc-login-visibility.php @@ -105,7 +105,7 @@ function on_template_redirect() { return; } - $visited_url = add_query_arg( $wp->query_vars, home_url( $wp->request ) ); + $visited_url = "//".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; $session_is_valid = $this->_client->is_session_valid(); From 36d477e0fe8ae3b3b613db65a46113f3202fa84b Mon Sep 17 00:00:00 2001 From: Jakub Czyz Date: Tue, 7 Nov 2023 14:40:04 +0100 Subject: [PATCH 2/2] fix redirect url --- .../includes/class-bcc-login-client.php | 29 ++++++++++++++----- .../includes/class-bcc-login-visibility.php | 6 ++-- 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/plugins/bcc-login/includes/class-bcc-login-client.php b/plugins/bcc-login/includes/class-bcc-login-client.php index 214b79b..45b38f9 100644 --- a/plugins/bcc-login/includes/class-bcc-login-client.php +++ b/plugins/bcc-login/includes/class-bcc-login-client.php @@ -49,7 +49,7 @@ private function create_authentication_state() : Auth_State{ // New state w/ timestamp. $obj_state = new Auth_State(); $obj_state->state = md5( openssl_random_pseudo_bytes(16) . microtime( true ) ); - $obj_state->return_url = $this->get_current_url(); + $obj_state->return_url = $this->get_redirect_url(); set_transient( 'oidc_auth_state_' . $obj_state->state, $obj_state, $this->STATE_TIME_LIMIT ); return $obj_state; @@ -270,24 +270,37 @@ private function get_full_redirect_url() { private function get_current_url() { global $wp; + return add_query_arg( $_SERVER['QUERY_STRING'], '', home_url( $_SERVER['REQUEST_URI']) ); + } + + private function get_redirect_url() { if(isset($_GET['redirect_to'])) { - if( $this->parse_url_host($_GET['redirect_to']) !== $this->parse_url_host(site_url()) ) { + if( $this->parse_url_origin($_GET['redirect_to']) !== $this->parse_url_origin(site_url()) ) { return "/"; } return $_GET['redirect_to']; } - - return '//' . $_SERVER['HTTP_HOST'] . str_replace('wp-login.php', '', $_SERVER['REQUEST_URI']); + return str_replace('wp-login.php', '', $this->get_current_url()); } - private function parse_url_host($url) { + private function parse_url_origin($url) { + $origin = ""; + $parsed = parse_url($url); - if ($parsed === false || !isset($parsed['host'])) { - return ""; + if ($parsed === false) { + return $origin; } + if(isset($parsed['scheme'])) + $origin .= $parsed['scheme'] . "://"; + + if(isset($parsed['host'])) + $origin .= $parsed['host']; + + if(isset($parsed['port'])) + $origin .= ":" . $parsed['port']; - return $parsed['host']; + return $origin; } private function get_authorization_url( Auth_State $state ) { diff --git a/plugins/bcc-login/includes/class-bcc-login-visibility.php b/plugins/bcc-login/includes/class-bcc-login-visibility.php index 97e491b..bfda5cf 100644 --- a/plugins/bcc-login/includes/class-bcc-login-visibility.php +++ b/plugins/bcc-login/includes/class-bcc-login-visibility.php @@ -105,14 +105,12 @@ function on_template_redirect() { return; } - $visited_url = "//".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; - $session_is_valid = $this->_client->is_session_valid(); // Initiate new login if session has expired if ( is_user_logged_in() && !$session_is_valid ) { $this->_client->end_login(); - wp_redirect( wp_login_url($visited_url) ); + wp_redirect( wp_login_url(get_page_link()) ); return; } @@ -139,7 +137,7 @@ function on_template_redirect() { if ( is_user_logged_in() ) { return $this->not_allowed_to_view_page(); } else { - wp_redirect( wp_login_url($visited_url) ); + wp_redirect( wp_login_url(get_page_link()) ); } }