Skip to content

Commit 5c91e8d

Browse files
techjeweltechjewel
committed
2.0.2 Released
1 parent 85a96f0 commit 5c91e8d

File tree

15 files changed

+392
-261
lines changed

15 files changed

+392
-261
lines changed

app/Helpers/Helper.php

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -486,7 +486,7 @@ public static function formatAuthCustomizerSettings($settingFields)
486486

487487
$formattedFields = [];
488488
foreach ($settingFields as $section => $settings) {
489-
if(is_string($settings)) {
489+
if (is_string($settings)) {
490490
$formattedFields[$section] = sanitize_text_field($settings);
491491
continue;
492492
}
@@ -503,4 +503,15 @@ public static function formatAuthCustomizerSettings($settingFields)
503503

504504
return $formattedFields;
505505
}
506+
507+
public static function getValidatedRedirectUrl($location, $fallback = '')
508+
{
509+
$validated = wp_validate_redirect($location, $fallback);
510+
511+
if($validated !== $location) {
512+
return apply_filters('fluent_auth/validated_redirect', $validated, $location, $fallback);
513+
}
514+
515+
return $validated;
516+
}
506517
}

app/Hooks/Handlers/BasicTasksHandler.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -127,7 +127,7 @@ public function maybeInterceptRestUserQuery($query)
127127
public function maybeInterceptRestUserResponse($response, $user, $request)
128128
{
129129
if (!empty($request['id']) && Helper::getSetting('disable_users_rest') === 'yes' && !current_user_can('edit_others_posts')) {
130-
return new \WP_Error('permission_error', 'You do not have access to list users. Restriction added from fluent auth plugin');
130+
return new \WP_Error('permission_error', __('You do not have access to list users. Restriction added from fluent auth plugin', 'fluent-security'));
131131
}
132132
return $response;
133133
}

app/Hooks/Handlers/CustomAuthHandler.php

Lines changed: 53 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,18 @@ public function alterLoginRedirectUrl($redirect_to, $intentRedirectTo, $user)
3737
return $redirect_to;
3838
}
3939

40+
// check if we have value from cookie _fls_redirect_to
41+
if (isset($_COOKIE['_fls_redirect_to']) && filter_var($_COOKIE['_fls_redirect_to'], FILTER_VALIDATE_URL)) {
42+
$redirect_to = sanitize_url($_COOKIE['_fls_redirect_to']);
43+
$validatedRedirectUrl = Helper::getValidatedRedirectUrl($redirect_to, admin_url());
44+
unset($_COOKIE['_fls_redirect_to']);
45+
setcookie('_fls_redirect_to', '', time() - 3600, COOKIEPATH, COOKIE_DOMAIN);
46+
if ($validatedRedirectUrl == $redirect_to) {
47+
return $redirect_to;
48+
}
49+
50+
}
51+
4052
if (apply_filters('fluent_auth/respect_front_login_url', true) && strpos($redirect_to, '/wp-admin') === false) {
4153
// it's a frontend redirect url
4254
} else if ($url = $this->getDefaultLoginRedirectUrl($user)) {
@@ -74,6 +86,11 @@ public function loginForm($attributes, $headerContent = '')
7486
$message = apply_filters('fluent_auth/already_logged_in_message',
7587
sprintf(__('You are already logged in. <a href="%s">Go to Home Page</a>', 'fluent-security'), site_url())
7688
);
89+
90+
if (!$message) {
91+
return '';
92+
}
93+
7794
return '<p>' . $message . '</p>';
7895
}
7996

@@ -88,9 +105,11 @@ public function loginForm($attributes, $headerContent = '')
88105
}
89106

90107
$redirect = '';
108+
$requestedRedirectTo = '';
91109

92110
if (!empty($attributes['redirect_to']) && filter_var($attributes['redirect_to'], FILTER_VALIDATE_URL)) {
93111
$redirect = $attributes['redirect_to'];
112+
$requestedRedirectTo = $redirect;
94113
add_filter('fluent_auth/social_redirect_to', function ($url) use ($redirect) {
95114
return $redirect;
96115
});
@@ -104,11 +123,12 @@ public function loginForm($attributes, $headerContent = '')
104123
* @param array $loginArgs
105124
*/
106125
$loginArgs = apply_filters('fluent_auth/login_form_args', [
107-
'echo' => false,
108-
'redirect' => $redirect,
109-
'remember' => true,
110-
'value_remember' => true,
111-
'action_url' => site_url('/')
126+
'echo' => false,
127+
'redirect' => $redirect,
128+
'force_redirect_to' => $requestedRedirectTo,
129+
'remember' => true,
130+
'value_remember' => true,
131+
'action_url' => site_url('/')
112132
]);
113133

114134
$return .= $this->nativeLoginForm($loginArgs);
@@ -672,6 +692,11 @@ public function handleLoginAjax()
672692
}
673693

674694
$data = $_REQUEST;
695+
if (empty($_REQUEST['_is_fls_form'])) {
696+
wp_send_json([
697+
'message' => __('Invalid request', 'fluent-security')
698+
], 422);
699+
}
675700

676701
if (empty($data['pwd']) || empty($data['log'])) {
677702
wp_send_json([
@@ -682,13 +707,20 @@ public function handleLoginAjax()
682707
$redirectUrl = admin_url();
683708
if (isset($data['redirect_to']) && filter_var($data['redirect_to'], FILTER_VALIDATE_URL)) {
684709
$userRedirect = sanitize_url($data['redirect_to']);
685-
$redirectUrl = wp_validate_redirect($userRedirect, $redirectUrl);
710+
$redirectUrl = Helper::getValidatedRedirectUrl($userRedirect, $redirectUrl);
711+
}
712+
713+
$isForced = false;
714+
if (!empty($data['force_redirect_to']) && filter_var($data['force_redirect_to'], FILTER_VALIDATE_URL)) {
715+
$redirectUrl = Helper::getValidatedRedirectUrl(sanitize_url($data['force_redirect_to']), $redirectUrl);
716+
$isForced = true;
686717
}
687718

688719
if ($currentUserId = get_current_user_id()) { // user already logged in
689720
$user = get_user_by('ID', $currentUserId);
690-
$redirectUrl = apply_filters('login_redirect', $redirectUrl, false, $user);
691-
721+
if (!$isForced) {
722+
$redirectUrl = apply_filters('login_redirect', $redirectUrl, false, $user);
723+
}
692724
wp_send_json([
693725
'redirect' => $redirectUrl
694726
], 200);
@@ -712,15 +744,21 @@ public function handleLoginAjax()
712744
], 422);
713745
}
714746

747+
715748
$user = wp_signon();
749+
716750
if (is_wp_error($user)) {
717751
wp_send_json([
718752
'message' => $user->get_error_message()
719753
], 422);
720754
}
721755

722-
$filteredRedirectUrl = apply_filters('login_redirect', $redirectUrl, false, $user);
723-
$filteredRedirectUrl = apply_filters('fluent_auth/login_redirect_url', $filteredRedirectUrl, $user, $_REQUEST);
756+
if (!$isForced) {
757+
$filteredRedirectUrl = apply_filters('login_redirect', $redirectUrl, false, $user);
758+
$filteredRedirectUrl = apply_filters('fluent_auth/login_redirect_url', $filteredRedirectUrl, $user, $_REQUEST);
759+
} else {
760+
$filteredRedirectUrl = $redirectUrl;
761+
}
724762

725763
wp_send_json([
726764
'redirect' => $filteredRedirectUrl
@@ -851,7 +889,7 @@ public function handleSignupAjax()
851889
if ($isAutoLogin) {
852890
$this->login($userId);
853891
$redirectUrl = Arr::get($formData, 'redirect_to', admin_url());
854-
$redirectUrl = wp_validate_redirect($redirectUrl, admin_url());
892+
$redirectUrl = Helper::getValidatedRedirectUrl($redirectUrl, admin_url());
855893
$redirectUrl = apply_filters('login_redirect', $redirectUrl, false, $user);
856894
$redirectUrl = apply_filters('fluent_auth/login_redirect_url', $redirectUrl, $user, $formData);
857895
$message = __('Successfully registered to the site.', 'fluent-security');
@@ -1092,6 +1130,10 @@ protected function nativeLoginForm($args = array())
10921130
$actionUrl = esc_url($args['action_url']);
10931131
}
10941132

1133+
if (!empty($args['force_redirect_to'])) {
1134+
$login_form_top .= '<input type="hidden" name="force_redirect_to" value="' . esc_url($args['force_redirect_to']) . '" />';
1135+
}
1136+
10951137
$form = \sprintf(
10961138
'<form name="%1$s" id="%1$s" action="%2$s" method="post">',
10971139
esc_attr($args['form_id']),

app/Hooks/Handlers/MagicLoginHandler.php

Lines changed: 29 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,18 @@ public function register()
1919
$hash = sanitize_text_field($_GET['fls_al']);
2020
$this->makeLogin($hash);
2121
}
22+
23+
if (isset($_GET['redirect_to']) && !wp_doing_ajax()) {
24+
if (get_current_user_id()) {
25+
return;
26+
}
27+
28+
$redirectTo = esc_url_raw($_REQUEST['redirect_to']);
29+
if (filter_var($redirectTo, FILTER_VALIDATE_URL)) {
30+
// set cookie to redirect after login
31+
setcookie('_fls_redirect_to', $redirectTo, time() + 600, COOKIEPATH, COOKIE_DOMAIN, is_ssl(), true);
32+
}
33+
}
2234
}, 1);
2335

2436
add_filter('login_form_bottom', [$this, 'maybeMagicFormOnLoginFunc']);
@@ -68,9 +80,12 @@ public function maybePushMagicForm()
6880
?>
6981
<div style="display: none;" id="fls_magic_login">
7082
<div class="fls_magic_initial">
71-
<div class="fls_magic-or">
72-
<span><?php _e('Or', 'fluent-security') ?></span>
83+
<div class="fls_or_wrap">
84+
<div class="fls_magic-or">
85+
<span><?php _e('Or', 'fluent-security') ?></span>
86+
</div>
7387
</div>
88+
7489
<div class="fls_magic_login_btn">
7590
<button class="fls_magic_show_btn magic_btn_secondary button button-primary button-large">
7691
<?php _e('Login Via Magic URL', 'fluent-security'); ?>
@@ -84,17 +99,21 @@ public function maybePushMagicForm()
8499
<label for="fls_magic_logon">
85100
<?php _e('Your Email/Username', 'fluent-security'); ?>
86101
</label>
87-
<input placeholder="<?php _e('Your Email/Username', 'fluent-security'); ?>" id="fls_magic_logon" class="fls_magic_input" type="text" name="fls_magic_logon_email"/>
88-
<input id="fls_magic_logon_nonce" type="hidden" name="fls_magic_logon_nonce" value="<?php echo wp_create_nonce('fls_magic_logon_nonce'); ?>"/>
102+
<input placeholder="<?php _e('Your Email/Username', 'fluent-security'); ?>" id="fls_magic_logon"
103+
class="fls_magic_input" type="text" name="fls_magic_logon_email"/>
104+
<input id="fls_magic_logon_nonce" type="hidden" name="fls_magic_logon_nonce"
105+
value="<?php echo wp_create_nonce('fls_magic_logon_nonce'); ?>"/>
89106
<div class="fls_magic_submit_wrapper">
90107
<button class="button button-primary button-large" id="fls_magic_submit">
91108
<?php _e('Continue', 'fluent-security'); ?>
92109
</button>
93110
</div>
94111

95112
<div class="magic_back_regular">
96-
<div class="fls_magic-or">
97-
<span><?php _e('Or', 'fluent-security'); ?></span>
113+
<div class="fls_or_wrap">
114+
<div class="fls_magic-or">
115+
<span><?php _e('Or', 'fluent-security') ?></span>
116+
</div>
98117
</div>
99118
<div class="fls_magic_login_back">
100119
<button class="fls_magic_show_regular magic_btn_secondary">
@@ -133,7 +152,7 @@ public function pushAssets()
133152
'success_icon' => FLUENT_AUTH_PLUGIN_URL . 'dist/images/success.png',
134153
'empty_text' => __('Please provide username / email to get magic login link', 'fluent-security'),
135154
'wait_text' => __('Please Wait...', 'fluent-security'),
136-
'is_primary' => Helper::getSetting('magic_link_primary') === 'yes'
155+
'is_primary' => Helper::getSetting('magic_link_primary') === 'yes'
137156
]);
138157

139158
$this->assetLoaded = true;
@@ -181,7 +200,7 @@ public function handleMagicLoginAjax()
181200
// Let's prepare
182201
if (strpos($username, '@')) {
183202
$user = get_user_by('email', $username);
184-
if(!$user) {
203+
if (!$user) {
185204
$user = get_user_by('login', $username);
186205
}
187206
} else {
@@ -224,7 +243,7 @@ public function handleMagicLoginAjax()
224243
__('If the button above does not work, paste this link into your web browser:', 'fluent-security'),
225244
esc_url($loginUrl),
226245
' ',
227-
__('If you did not make this request, you can safely ignore this email.','fluent-security')
246+
__('If you did not make this request, you can safely ignore this email.', 'fluent-security')
228247
];
229248

230249
$emailBody = '';
@@ -374,7 +393,7 @@ public function makeLogin($hash)
374393

375394
add_filter('authenticate', array($this, 'allowProgrammaticLogin'), 10, 3); // hook in earlier than other callbacks to short-circuit them
376395
$user = wp_signon(array(
377-
'user_login' => $user->user_login,
396+
'user_login' => $user->user_login,
378397
'user_password' => ''
379398
)
380399
);

app/Hooks/Handlers/ServerModeHandler.php

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33
namespace FluentAuth\App\Hooks\Handlers;
44

55
use FluentAuth\App\Helpers\Arr;
6-
use function Sodium\add;
76

87
class ServerModeHandler
98
{
@@ -14,13 +13,35 @@ public function register()
1413
return;
1514
}
1615

17-
1816
add_filter('fluent_security/app_vars', function ($vars) {
1917
$vars['has_server_mode'] = 'yes';
2018
return $vars;
2119
});
2220

21+
add_filter('fluent_auth/validated_redirect', function ($validated, $location) {
22+
// check if the location is a child site
23+
$authSites = get_option('__fls_child_sites', []);
24+
if (empty($authSites)) {
25+
return $validated;
26+
}
27+
28+
$locationSiteDomain = parse_url($location, PHP_URL_HOST);
2329

30+
foreach ($authSites as $authSite) {
31+
$childSiteUrl = $authSite['site_url'];
32+
if (!$childSiteUrl) {
33+
continue;
34+
}
35+
36+
// child site domain
37+
$childSiteDomain = parse_url($childSiteUrl, PHP_URL_HOST);
38+
if ($locationSiteDomain === $childSiteDomain) {
39+
return $location;
40+
}
41+
}
42+
43+
return $validated;
44+
}, 99, 2);
2445

2546
add_action('init', [$this, 'maybeRemoteLoginInit'], 1);
2647

@@ -68,7 +89,6 @@ public function maybeRemoteLoginRedirect($redirect_to, $intentRedirectTo, $user)
6889
{
6990
// check cookie
7091
if (isset($_COOKIE['__fls_auth_client_id'])) {
71-
7292
$clientId = sanitize_text_field($_COOKIE['__fls_auth_client_id']);
7393
$authSites = get_option('__fls_child_sites', []);
7494
if (!isset($authSites[$clientId])) {

app/Hooks/Handlers/SocialAuthHandler.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -384,7 +384,7 @@ public function pushLoginWithButtons()
384384
'google' => [
385385
'link_class' => 'fs_auth_btn fs_auth_google',
386386
'icon' => '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48" width="24px" height="24px"><path fill="#FFC107" d="M43.611,20.083H42V20H24v8h11.303c-1.649,4.657-6.08,8-11.303,8c-6.627,0-12-5.373-12-12c0-6.627,5.373-12,12-12c3.059,0,5.842,1.154,7.961,3.039l5.657-5.657C34.046,6.053,29.268,4,24,4C12.955,4,4,12.955,4,24c0,11.045,8.955,20,20,20c11.045,0,20-8.955,20-20C44,22.659,43.862,21.35,43.611,20.083z"/><path fill="#FF3D00" d="M6.306,14.691l6.571,4.819C14.655,15.108,18.961,12,24,12c3.059,0,5.842,1.154,7.961,3.039l5.657-5.657C34.046,6.053,29.268,4,24,4C16.318,4,9.656,8.337,6.306,14.691z"/><path fill="#4CAF50" d="M24,44c5.166,0,9.86-1.977,13.409-5.192l-6.19-5.238C29.211,35.091,26.715,36,24,36c-5.202,0-9.619-3.317-11.283-7.946l-6.522,5.025C9.505,39.556,16.227,44,24,44z"/><path fill="#1976D2" d="M43.611,20.083H42V20H24v8h11.303c-0.792,2.237-2.231,4.166-4.087,5.571c0.001-0.001,0.002-0.001,0.003-0.002l6.19,5.238C36.971,39.205,44,34,44,24C44,22.659,43.862,21.35,43.611,20.083z"/></svg>',
387-
'title' => 'Login with Google',
387+
'title' => __('Login with Google', 'fluent-security'),
388388
'url' => add_query_arg([
389389
'fs_auth' => 'google',
390390
'fs_type' => 'redirect',
@@ -394,7 +394,7 @@ public function pushLoginWithButtons()
394394
'github' => [
395395
'link_class' => 'fs_auth_btn fs_auth_github',
396396
'icon' => '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" role="img" aria-labelledby="ahu5wq2nrtsicu3szbxaract8as7mhww" aria-hidden="true" class="crayons-icon"><title id="ahu5wq2nrtsicu3szbxaract8as7mhww">github</title><path d="M12 2C6.475 2 2 6.475 2 12a9.994 9.994 0 006.838 9.488c.5.087.687-.213.687-.476 0-.237-.013-1.024-.013-1.862-2.512.463-3.162-.612-3.362-1.175-.113-.288-.6-1.175-1.025-1.413-.35-.187-.85-.65-.013-.662.788-.013 1.35.725 1.538 1.025.9 1.512 2.338 1.087 2.912.825.088-.65.35-1.087.638-1.337-2.225-.25-4.55-1.113-4.55-4.938 0-1.088.387-1.987 1.025-2.688-.1-.25-.45-1.275.1-2.65 0 0 .837-.262 2.75 1.026a9.28 9.28 0 012.5-.338c.85 0 1.7.112 2.5.337 1.912-1.3 2.75-1.024 2.75-1.024.55 1.375.2 2.4.1 2.65.637.7 1.025 1.587 1.025 2.687 0 3.838-2.337 4.688-4.562 4.938.362.312.675.912.675 1.85 0 1.337-.013 2.412-.013 2.75 0 .262.188.574.688.474A10.016 10.016 0 0022 12c0-5.525-4.475-10-10-10z"></path></svg>',
397-
'title' => 'Login with Github',
397+
'title' => __('Login with Github', 'fluent-security'),
398398
'url' => add_query_arg([
399399
'fs_auth' => 'github',
400400
'fs_type' => 'redirect',
@@ -404,7 +404,7 @@ public function pushLoginWithButtons()
404404
'facebook' => [
405405
'link_class' => 'fs_auth_btn fs_auth_facebook',
406406
'icon' => '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="#4267B2"><path d="M22.675 0h-21.35c-.732 0-1.325.593-1.325 1.325v21.351c0 .731.593 1.324 1.325 1.324h11.495v-9.294h-3.128v-3.622h3.128v-2.671c0-3.1 1.893-4.788 4.659-4.788 1.325 0 2.463.099 2.795.143v3.24l-1.918.001c-1.504 0-1.795.715-1.795 1.763v2.313h3.587l-.467 3.622h-3.12v9.293h6.116c.73 0 1.323-.593 1.323-1.325v-21.35c0-.732-.593-1.325-1.325-1.325z"/></svg>',
407-
'title' => 'Login with Facebook',
407+
'title' => __('Login with Facebook', 'fluent-security'),
408408
'url' => add_query_arg([
409409
'fs_auth' => 'facebook',
410410
'fs_type' => 'redirect',

app/Hooks/Handlers/TwoFaHandler.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ public function sendAndGet2FaConfirmFormUrl($user, $return = 'url')
9494
$hash .= $user->ID . '-' . time();
9595

9696
$redirectIntend = '';
97-
if (isset($_GET['redirect_to'])) {
97+
if (isset($_REQUEST['redirect_to'])) {
9898
$redirectIntend = esc_url($_GET['redirect_to']);
9999
}
100100

0 commit comments

Comments
 (0)