diff --git a/inc/classes/class-google-auth.php b/inc/classes/class-google-auth.php index 6292098d..a1a1576a 100644 --- a/inc/classes/class-google-auth.php +++ b/inc/classes/class-google-auth.php @@ -79,10 +79,10 @@ protected function _get_client() { return; } + /** + * See vendor/google/apiclient/src/Google/Client.php::__construct() for filter arguments. + */ $client = new \Google_Client( - /** - * See vendor/google/apiclient/src/Google/Client.php::__construct() for arguments. - */ apply_filters( 'login_with_google/client_arguments', [] ) ); $client->setApplicationName( 'WP Google Login' ); @@ -90,42 +90,26 @@ protected function _get_client() { $client->setClientId( $client_id ); $client->setClientSecret( $client_secret ); - $client->setState( $this->_get_state() ); - - $login_url = $this->_get_login_url(); - - $client->setRedirectUri( $login_url ); - - return $client; - - } - - /** - * Get the state to pass in OAuth. - * - * This state will be re-verified while authenticating the user. - * Any modifications or tampering would result in no authentication. - * - * @return string - */ - protected function _get_state(): string { $redirect_to = filter_input( INPUT_GET, 'redirect_to', FILTER_SANITIZE_URL ); $redirect_to = ( ! empty( $redirect_to ) ) ? $redirect_to : admin_url(); // If redirect_to url don't have host name then add that. $redirect_to = ( ! wp_parse_url( $redirect_to, PHP_URL_HOST ) ) ? home_url( $redirect_to ) : $redirect_to; - $state = apply_filters( - 'login_with_google/client_state', - [ - 'redirect_to' => $redirect_to, - 'blog_id' => get_current_blog_id(), - ] - ); + $state = [ + 'redirect_to' => $redirect_to, + 'blog_id' => get_current_blog_id(), + ]; + $state = urlencode_deep( implode( '|', $state ) ); - $state['provider'] = 'google'; + $client->setState( $state ); + + $login_url = $this->_get_login_url(); + + $client->setRedirectUri( $login_url ); + + return $client; - return urlencode_deep( implode( '|', $state ) ); } /** @@ -371,29 +355,17 @@ public function authenticate_user( $user = null ) { $is_mu_site = is_multisite(); $token = Helper::filter_input( INPUT_GET, 'code', FILTER_SANITIZE_STRING ); + $state = Helper::filter_input( INPUT_GET, 'state', FILTER_SANITIZE_STRING ); + $state = urldecode( $state ); + $state = explode( '|', $state ); - if ( empty( $token ) ) { - return $user; - } - - $state = Helper::filter_input( INPUT_GET, 'state', FILTER_SANITIZE_STRING ); - $received_state = $state; - $state = urldecode( $state ); - $state = explode( '|', $state ); + $redirect_to = ( ! empty( $state[0] ) ) ? esc_url_raw( $state[0] ) : ''; + $blog_id = ( ! empty( $state[1] ) && 0 < intval( $state[1] ) ) ? intval( $state[1] ) : 0; - /** - * 1. Ensure that provider is google. This is to avoid conflict between this and any other plugins - * providing OAuth. - * - * 2. Ensure that returned state is similar to passed one. - */ - if ( empty( $state['provider'] ) || 'google' !== $state['provider'] || $this->_get_state() !== $received_state ) { + if ( empty( $token ) ) { return $user; } - $redirect_to = ( ! empty( $state[0] ) ) ? esc_url_raw( $state[0] ) : ''; - $blog_id = ( ! empty( $state[1] ) && 0 < intval( $state[1] ) ) ? intval( $state[1] ) : 0; - // Set redirect URL. so we can redirect after login. $this->_redirect_to = $redirect_to; diff --git a/login-with-google.php b/login-with-google.php index 7c485f20..ce2d5028 100644 --- a/login-with-google.php +++ b/login-with-google.php @@ -3,7 +3,7 @@ * Plugin Name: Log in with Google * Plugin URI: https://github.com/rtCamp/login-with-google * Description: Allow users to log in with Google on the WordPress login screen. - * Version: 1.0.13 + * Version: 1.0.14 * Author: rtCamp * Author URI: https://rtcamp.com * License: GPL2 @@ -16,7 +16,7 @@ define( 'WP_GOOGLE_LOGIN_PATH', untrailingslashit( plugin_dir_path( __FILE__ ) ) ); define( 'WP_GOOGLE_LOGIN_URL', untrailingslashit( plugin_dir_url( __FILE__ ) ) ); define( 'WP_GOOGLE_LOGIN_PLUGIN_NAME', plugin_basename( __FILE__ ) ); -define( 'WP_GOOGLE_LOGIN_VERSION', '1.0.13' ); +define( 'WP_GOOGLE_LOGIN_VERSION', '1.0.14' ); $vendor_autoload = sprintf( '%s/vendor/autoload.php', WP_GOOGLE_LOGIN_PATH ); diff --git a/readme.txt b/readme.txt index 5f3df16b..07dc138a 100644 --- a/readme.txt +++ b/readme.txt @@ -5,7 +5,7 @@ Tags: Google login, sign in, sso, oauth, authentication, sign-in, single sign-on Requires at least: 5.0 Tested up to: 5.7 Requires PHP: 7.0 -Stable tag: 1.0.13 +Stable tag: 1.0.14 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -124,6 +124,9 @@ Once you're ready to send a pull request, please run through the following check == Changelog == += 1.0.14 = +* Revert Login with GitHub state fix. + = 1.0.13 = * Fix login issue related to oAuth state. @@ -134,7 +137,7 @@ Once you're ready to send a pull request, please run through the following check * Add 'login_with_google/client_arguments' filter for Google_Client arguments. = 1.0.10 = -* Fix issue where JS/CSS were not loding. +* Fix issue where JS/CSS were not loading. = 1.0.9 = * Initial release.