Changeset 3454892

Timestamp:

02/05/2026 07:14:15 PM (7 weeks ago)

Author:

daggerhart

Message:

Update to version 3.10.3 from GitHub

Location:

daggerhart-openid-connect-generic

Files:

• tags/3.10.3 (copied) (copied from daggerhart-openid-connect-generic/trunk)
• tags/3.10.3/docker-compose.yml (modified) (1 diff)
• tags/3.10.3/includes/openid-connect-generic-client-wrapper.php (modified) (9 diffs)
• tags/3.10.3/includes/openid-connect-generic-client.php (modified) (1 diff)
• tags/3.10.3/includes/openid-connect-generic-login-form.php (modified) (4 diffs)
• tags/3.10.3/includes/openid-connect-generic-option-logger.php (modified) (1 diff)
• tags/3.10.3/languages/openid-connect-generic.pot (modified) (2 diffs)
• tags/3.10.3/openid-connect-generic.php (modified) (3 diffs)
• tags/3.10.3/readme.txt (modified) (3 diffs)
• trunk/docker-compose.yml (modified) (1 diff)
• trunk/includes/openid-connect-generic-client-wrapper.php (modified) (9 diffs)
• trunk/includes/openid-connect-generic-client.php (modified) (1 diff)
• trunk/includes/openid-connect-generic-login-form.php (modified) (4 diffs)
• trunk/includes/openid-connect-generic-option-logger.php (modified) (1 diff)
• trunk/languages/openid-connect-generic.pot (modified) (2 diffs)
• trunk/openid-connect-generic.php (modified) (3 diffs)
• trunk/readme.txt (modified) (3 diffs)

daggerhart-openid-connect-generic/tags/3.10.3/docker-compose.yml

@@ -6 +6 @@
 services:
   app:
-    image: ghcr.io/ndigitals/wp-dev-container:php-8.0-node-16
+    image: ghcr.io/ndigitals/wp-dev-container:php-8.1-node-20
     restart: always
     depends_on:

daggerhart-openid-connect-generic/tags/3.10.3/includes/openid-connect-generic-client-wrapper.php

@@ -99 +99 @@
         // Alter the requests according to settings.
         add_filter( 'openid-connect-generic-alter-request', array( $client_wrapper, 'alter_request' ), 10, 2 );
+
+        // Ensure tokens are refreshed before they expire.
+        if ( $settings->token_refresh_enable ) {
+            add_action( 'init', array( $client_wrapper, 'ensure_tokens_still_fresh' ) );
+        }
 
         if ( is_admin() ) {
@@ -253 +258 @@
 
         $user_id = wp_get_current_user()->ID;
-        $last_token_response = get_user_meta( $user_id, 'openid-connect-generic-last-token-response', true );
+        $last_token_response = get_user_option( 'openid-connect-generic-last-token-response', $user_id );
+
+        if ( false === $last_token_response ) {
+            $last_token_response = get_user_meta(
+                $user_id,
+                'openid-connect-generic-last-token-response',
+                true
+            );
+        }
 
         if ( ! empty( $last_token_response['expires_in'] ) && ! empty( $last_token_response['time'] ) ) {
@@ -299 +312 @@
         $token_response[] = time();
 
-        update_user_meta( $user_id, 'openid-connect-generic-last-token-response', $token_response );
+        update_user_option( $user_id, 'openid-connect-generic-last-token-response', $token_response );
         $this->save_refresh_token( $manager, $token, $token_response );
     }
@@ -369 +382 @@
         }
 
-        $token_response = $user->get( 'openid-connect-generic-last-token-response' );
+        $token_response = get_user_option( 'openid-connect-generic-last-token-response', $user->ID );
         if ( ! $token_response ) {
             // Happens if non-openid login was used.
@@ -378 +391 @@
         }
 
-        $claim = $user->get( 'openid-connect-generic-last-id-token-claim' );
+        $claim = get_user_option( 'openid-connect-generic-last-id-token-claim', $user->ID );
 
         if ( isset( $claim['iss'] ) && 'https://accounts.google.com' == $claim['iss'] ) {
@@ -641 +654 @@
 
         // Store the tokens for future reference.
-        update_user_meta( $user->ID, 'openid-connect-generic-last-token-response', $token_response );
-        update_user_meta( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
-        update_user_meta( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
+        update_user_option( $user->ID, 'openid-connect-generic-last-token-response', $token_response );
+        update_user_option( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
+        update_user_option( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
 
         return $user_claim;
@@ -661 +674 @@
     public function login_user( $user, $token_response, $id_token_claim, $user_claim, $subject_identity ): void {
         // Store the tokens for future reference.
-        update_user_meta( $user->ID, 'openid-connect-generic-last-token-response', $token_response );
-        update_user_meta( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
-        update_user_meta( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
+        update_user_option( $user->ID, 'openid-connect-generic-last-token-response', $token_response );
+        update_user_option( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
+        update_user_option( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
         // Allow plugins / themes to take action using current claims on existing user (e.g. update role).
         do_action( 'openid-connect-generic-update-user-using-current-claim', $user, $user_claim );
@@ -1099 +1112 @@
 
         // Save some meta data about this new user for the future.
-        add_user_meta( $user->ID, 'openid-connect-generic-subject-identity', (string) $subject_identity, true );
+        update_user_option( $user->ID, 'openid-connect-generic-subject-identity', (string) $subject_identity, true );
 
         // Log the results.
@@ -1121 +1134 @@
     public function update_existing_user( $uid, $subject_identity ) {
         // Add the OpenID Connect meta data.
-        update_user_meta( $uid, 'openid-connect-generic-subject-identity', strval( $subject_identity ) );
+        update_user_option( $uid, 'openid-connect-generic-subject-identity', strval( $subject_identity ), true );
 
         // Allow plugins / themes to take action on user update.

daggerhart-openid-connect-generic/tags/3.10.3/includes/openid-connect-generic-client.php

@@ -343 +343 @@
         $start_time = microtime( true );
         $response   = wp_remote_get( $this->endpoint_userinfo, $request );
-        $end_time   = microtime( true );
+
+        // This endpoint can support GET or POST requests according to spec, but some IDPs only allow one.
+        // If the GET request failed to produce valid json, attempt a POST request.
+        // Spec: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest.
+        if ( ! is_wp_error( $response ) && json_decode( $response['body'] ) === null ) {
+            $response = wp_remote_post( $this->endpoint_userinfo, $request );
+        }
+
+        $end_time = microtime( true );
         $this->logger->log( $this->endpoint_userinfo, 'request_userinfo', $end_time - $start_time );
 

daggerhart-openid-connect-generic/tags/3.10.3/includes/openid-connect-generic-login-form.php

@@ -35 +35 @@
 
     /**
+     * The client object instance.
+     *
+     * @var OpenID_Connect_Generic_Client
+     */
+    private $client;
+
+    /**
      * The class constructor.
      *
      * @param OpenID_Connect_Generic_Option_Settings $settings       A plugin settings object instance.
      * @param OpenID_Connect_Generic_Client_Wrapper  $client_wrapper A plugin client wrapper object instance.
-     */
-    public function __construct( $settings, $client_wrapper ) {
+     * @param OpenID_Connect_Generic_Client          $client         A plugin client object instance.
+     */
+    public function __construct( $settings, $client_wrapper, $client ) {
         $this->settings = $settings;
         $this->client_wrapper = $client_wrapper;
+        $this->client = $client;
     }
 
@@ -50 +59 @@
      * @param OpenID_Connect_Generic_Option_Settings $settings       A plugin settings object instance.
      * @param OpenID_Connect_Generic_Client_Wrapper  $client_wrapper A plugin client wrapper object instance.
+     * @param OpenID_Connect_Generic_Client          $client         A plugin client object instance.
      *
      * @return void
      */
-    public static function register( $settings, $client_wrapper ) {
-        $login_form = new self( $settings, $client_wrapper );
+    public static function register( $settings, $client_wrapper, $client ) {
+        $login_form = new self( $settings, $client_wrapper, $client );
 
         // Alter the login form as dictated by settings.
@@ -140 +150 @@
             array(
                 'button_text' => __( 'Login with OpenID Connect', 'daggerhart-openid-connect-generic' ),
+                'endpoint_login' => $this->settings->endpoint_login,
+                'scope' => $this->settings->scope,
+                'client_id' => $this->settings->client_id,
+                'redirect_uri' => $this->client->get_redirect_uri(),
+                'redirect_to' => $this->client_wrapper->get_redirect_to(),
+                'acr_values' => $this->settings->acr_values,
             ),
             $atts,
@@ -148 +164 @@
         $text = esc_html( $text );
 
-        $href = $this->client_wrapper->get_authentication_url( $atts );
+        $href = $this->client_wrapper->get_authentication_url(
+            array(
+                'endpoint_login' => $atts['endpoint_login'],
+                'scope' => $atts['scope'],
+                'client_id' => $atts['client_id'],
+                'redirect_uri' => $atts['redirect_uri'],
+                'redirect_to' => $atts['redirect_to'],
+                'acr_values' => $atts['acr_values'],
+            )
+        );
         $href = esc_url_raw( $href );
 

daggerhart-openid-connect-generic/tags/3.10.3/includes/openid-connect-generic-option-logger.php

@@ -175 +175 @@
      */
     private function upkeep_logs( $logs ) {
-        $items_to_remove = count( $logs ) - $this->log_limit;
+        $items_to_remove = is_array( $logs ) ?
+            count( $logs ) - $this->log_limit :
+            0;
 
         if ( $items_to_remove > 0 ) {

daggerhart-openid-connect-generic/tags/3.10.3/languages/openid-connect-generic.pot

@@ -5 +5 @@
 "Project-Id-Version: OpenID Connect Generic 3.10.1\n"
 "Report-Msgid-Bugs-To: "
-"https://github.com/daggerhart/openid-connect-generic/issues\n"
+"https://github.com/oidc-wp/openid-connect-generic/issues\n"
 "POT-Creation-Date: 2024-04-09 01:24:09+00:00\n"
 "MIME-Version: 1.0\n"
@@ -514 +514 @@
 
 #. Plugin URI of the plugin/theme
-msgid "https://github.com/daggerhart/openid-connect-generic"
+msgid "https://github.com/oidc-wp/openid-connect-generic"
 msgstr ""
 

daggerhart-openid-connect-generic/tags/3.10.3/openid-connect-generic.php

@@ -17 +17 @@
  * Plugin URI:        https://github.com/oidc-wp/openid-connect-generic
  * Description:       Connect to an OpenID Connect identity provider using Authorization Code Flow.
- * Version:           3.10.2
+ * Version:           3.10.3
  * Requires at least: 5.0
  * Requires PHP:      7.4
@@ -94 +94 @@
      * @var string
      */
-    const VERSION = '3.10.2';
+    const VERSION = '3.10.3';
 
     /**
@@ -168 +168 @@
         }
 
-        OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper );
+        OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper, $this->client );
 
         // Add a shortcode to get the auth URL.

daggerhart-openid-connect-generic/tags/3.10.3/readme.txt

@@ -4 +4 @@
 Requires at least: 5.0
 Tested up to: 6.9.0
-Stable tag: 3.10.2
+Stable tag: 3.10.3
 Requires PHP: 7.4
 License: GPLv2 or later
@@ -20 +20 @@
 Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.
 
-Please submit issues to the Github repo: https://github.com/daggerhart/openid-connect-generic
+Please submit issues to the Github repo: https://github.com/oidc-wp/openid-connect-generic
 
 == Installation ==
@@ -50 +50 @@
 
 == Changelog ==
+
+= 3.10.3 =
+
+* Fix issue with log corruption causing fatal error.
+* Fix: Fallback to a POST request for userinfo when GET fails.
+* Fix: Improves multisite compatibility by switching to *_user_options() functions.
+* Fix: Fix for WordPress user session length being very short when refresh tokens are enabled.
 
 = 3.10.2 =

daggerhart-openid-connect-generic/trunk/docker-compose.yml

@@ -6 +6 @@
 services:
   app:
-    image: ghcr.io/ndigitals/wp-dev-container:php-8.0-node-16
+    image: ghcr.io/ndigitals/wp-dev-container:php-8.1-node-20
     restart: always
     depends_on:

daggerhart-openid-connect-generic/trunk/includes/openid-connect-generic-client-wrapper.php

@@ -99 +99 @@
         // Alter the requests according to settings.
         add_filter( 'openid-connect-generic-alter-request', array( $client_wrapper, 'alter_request' ), 10, 2 );
+
+        // Ensure tokens are refreshed before they expire.
+        if ( $settings->token_refresh_enable ) {
+            add_action( 'init', array( $client_wrapper, 'ensure_tokens_still_fresh' ) );
+        }
 
         if ( is_admin() ) {
@@ -253 +258 @@
 
         $user_id = wp_get_current_user()->ID;
-        $last_token_response = get_user_meta( $user_id, 'openid-connect-generic-last-token-response', true );
+        $last_token_response = get_user_option( 'openid-connect-generic-last-token-response', $user_id );
+
+        if ( false === $last_token_response ) {
+            $last_token_response = get_user_meta(
+                $user_id,
+                'openid-connect-generic-last-token-response',
+                true
+            );
+        }
 
         if ( ! empty( $last_token_response['expires_in'] ) && ! empty( $last_token_response['time'] ) ) {
@@ -299 +312 @@
         $token_response[] = time();
 
-        update_user_meta( $user_id, 'openid-connect-generic-last-token-response', $token_response );
+        update_user_option( $user_id, 'openid-connect-generic-last-token-response', $token_response );
         $this->save_refresh_token( $manager, $token, $token_response );
     }
@@ -369 +382 @@
         }
 
-        $token_response = $user->get( 'openid-connect-generic-last-token-response' );
+        $token_response = get_user_option( 'openid-connect-generic-last-token-response', $user->ID );
         if ( ! $token_response ) {
             // Happens if non-openid login was used.
@@ -378 +391 @@
         }
 
-        $claim = $user->get( 'openid-connect-generic-last-id-token-claim' );
+        $claim = get_user_option( 'openid-connect-generic-last-id-token-claim', $user->ID );
 
         if ( isset( $claim['iss'] ) && 'https://accounts.google.com' == $claim['iss'] ) {
@@ -641 +654 @@
 
         // Store the tokens for future reference.
-        update_user_meta( $user->ID, 'openid-connect-generic-last-token-response', $token_response );
-        update_user_meta( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
-        update_user_meta( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
+        update_user_option( $user->ID, 'openid-connect-generic-last-token-response', $token_response );
+        update_user_option( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
+        update_user_option( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
 
         return $user_claim;
@@ -661 +674 @@
     public function login_user( $user, $token_response, $id_token_claim, $user_claim, $subject_identity ): void {
         // Store the tokens for future reference.
-        update_user_meta( $user->ID, 'openid-connect-generic-last-token-response', $token_response );
-        update_user_meta( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
-        update_user_meta( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
+        update_user_option( $user->ID, 'openid-connect-generic-last-token-response', $token_response );
+        update_user_option( $user->ID, 'openid-connect-generic-last-id-token-claim', $id_token_claim );
+        update_user_option( $user->ID, 'openid-connect-generic-last-user-claim', $user_claim );
         // Allow plugins / themes to take action using current claims on existing user (e.g. update role).
         do_action( 'openid-connect-generic-update-user-using-current-claim', $user, $user_claim );
@@ -1099 +1112 @@
 
         // Save some meta data about this new user for the future.
-        add_user_meta( $user->ID, 'openid-connect-generic-subject-identity', (string) $subject_identity, true );
+        update_user_option( $user->ID, 'openid-connect-generic-subject-identity', (string) $subject_identity, true );
 
         // Log the results.
@@ -1121 +1134 @@
     public function update_existing_user( $uid, $subject_identity ) {
         // Add the OpenID Connect meta data.
-        update_user_meta( $uid, 'openid-connect-generic-subject-identity', strval( $subject_identity ) );
+        update_user_option( $uid, 'openid-connect-generic-subject-identity', strval( $subject_identity ), true );
 
         // Allow plugins / themes to take action on user update.

daggerhart-openid-connect-generic/trunk/includes/openid-connect-generic-client.php

@@ -343 +343 @@
         $start_time = microtime( true );
         $response   = wp_remote_get( $this->endpoint_userinfo, $request );
-        $end_time   = microtime( true );
+
+        // This endpoint can support GET or POST requests according to spec, but some IDPs only allow one.
+        // If the GET request failed to produce valid json, attempt a POST request.
+        // Spec: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest.
+        if ( ! is_wp_error( $response ) && json_decode( $response['body'] ) === null ) {
+            $response = wp_remote_post( $this->endpoint_userinfo, $request );
+        }
+
+        $end_time = microtime( true );
         $this->logger->log( $this->endpoint_userinfo, 'request_userinfo', $end_time - $start_time );
 

daggerhart-openid-connect-generic/trunk/includes/openid-connect-generic-login-form.php

@@ -35 +35 @@
 
     /**
+     * The client object instance.
+     *
+     * @var OpenID_Connect_Generic_Client
+     */
+    private $client;
+
+    /**
      * The class constructor.
      *
      * @param OpenID_Connect_Generic_Option_Settings $settings       A plugin settings object instance.
      * @param OpenID_Connect_Generic_Client_Wrapper  $client_wrapper A plugin client wrapper object instance.
-     */
-    public function __construct( $settings, $client_wrapper ) {
+     * @param OpenID_Connect_Generic_Client          $client         A plugin client object instance.
+     */
+    public function __construct( $settings, $client_wrapper, $client ) {
         $this->settings = $settings;
         $this->client_wrapper = $client_wrapper;
+        $this->client = $client;
     }
 
@@ -50 +59 @@
      * @param OpenID_Connect_Generic_Option_Settings $settings       A plugin settings object instance.
      * @param OpenID_Connect_Generic_Client_Wrapper  $client_wrapper A plugin client wrapper object instance.
+     * @param OpenID_Connect_Generic_Client          $client         A plugin client object instance.
      *
      * @return void
      */
-    public static function register( $settings, $client_wrapper ) {
-        $login_form = new self( $settings, $client_wrapper );
+    public static function register( $settings, $client_wrapper, $client ) {
+        $login_form = new self( $settings, $client_wrapper, $client );
 
         // Alter the login form as dictated by settings.
@@ -140 +150 @@
             array(
                 'button_text' => __( 'Login with OpenID Connect', 'daggerhart-openid-connect-generic' ),
+                'endpoint_login' => $this->settings->endpoint_login,
+                'scope' => $this->settings->scope,
+                'client_id' => $this->settings->client_id,
+                'redirect_uri' => $this->client->get_redirect_uri(),
+                'redirect_to' => $this->client_wrapper->get_redirect_to(),
+                'acr_values' => $this->settings->acr_values,
             ),
             $atts,
@@ -148 +164 @@
         $text = esc_html( $text );
 
-        $href = $this->client_wrapper->get_authentication_url( $atts );
+        $href = $this->client_wrapper->get_authentication_url(
+            array(
+                'endpoint_login' => $atts['endpoint_login'],
+                'scope' => $atts['scope'],
+                'client_id' => $atts['client_id'],
+                'redirect_uri' => $atts['redirect_uri'],
+                'redirect_to' => $atts['redirect_to'],
+                'acr_values' => $atts['acr_values'],
+            )
+        );
         $href = esc_url_raw( $href );
 

daggerhart-openid-connect-generic/trunk/includes/openid-connect-generic-option-logger.php

@@ -175 +175 @@
      */
     private function upkeep_logs( $logs ) {
-        $items_to_remove = count( $logs ) - $this->log_limit;
+        $items_to_remove = is_array( $logs ) ?
+            count( $logs ) - $this->log_limit :
+            0;
 
         if ( $items_to_remove > 0 ) {

daggerhart-openid-connect-generic/trunk/languages/openid-connect-generic.pot

@@ -5 +5 @@
 "Project-Id-Version: OpenID Connect Generic 3.10.1\n"
 "Report-Msgid-Bugs-To: "
-"https://github.com/daggerhart/openid-connect-generic/issues\n"
+"https://github.com/oidc-wp/openid-connect-generic/issues\n"
 "POT-Creation-Date: 2024-04-09 01:24:09+00:00\n"
 "MIME-Version: 1.0\n"
@@ -514 +514 @@
 
 #. Plugin URI of the plugin/theme
-msgid "https://github.com/daggerhart/openid-connect-generic"
+msgid "https://github.com/oidc-wp/openid-connect-generic"
 msgstr ""
 

daggerhart-openid-connect-generic/trunk/openid-connect-generic.php

@@ -17 +17 @@
  * Plugin URI:        https://github.com/oidc-wp/openid-connect-generic
  * Description:       Connect to an OpenID Connect identity provider using Authorization Code Flow.
- * Version:           3.10.2
+ * Version:           3.10.3
  * Requires at least: 5.0
  * Requires PHP:      7.4
@@ -94 +94 @@
      * @var string
      */
-    const VERSION = '3.10.2';
+    const VERSION = '3.10.3';
 
     /**
@@ -168 +168 @@
         }
 
-        OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper );
+        OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper, $this->client );
 
         // Add a shortcode to get the auth URL.

daggerhart-openid-connect-generic/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 5.0
 Tested up to: 6.9.0
-Stable tag: 3.10.2
+Stable tag: 3.10.3
 Requires PHP: 7.4
 License: GPLv2 or later
@@ -20 +20 @@
 Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.
 
-Please submit issues to the Github repo: https://github.com/daggerhart/openid-connect-generic
+Please submit issues to the Github repo: https://github.com/oidc-wp/openid-connect-generic
 
 == Installation ==
@@ -50 +50 @@
 
 == Changelog ==
+
+= 3.10.3 =
+
+* Fix issue with log corruption causing fatal error.
+* Fix: Fallback to a POST request for userinfo when GET fails.
+* Fix: Improves multisite compatibility by switching to *_user_options() functions.
+* Fix: Fix for WordPress user session length being very short when refresh tokens are enabled.
 
 = 3.10.2 =