From 89f322a2d1889d8253b15b4d05095a395b622a50 Mon Sep 17 00:00:00 2001 From: Sixto Martin Date: Fri, 18 May 2018 13:07:10 +0200 Subject: [PATCH] Release 2.6.0. Add Status setting in order to enable or disable the plugin (Required on multi-sites environment since the plugin is enabled globally for the network) --- onelogin-saml-sso/onelogin_saml.php | 10 +++-- onelogin-saml-sso/php/configuration.php | 12 ++++++ onelogin-saml-sso/php/functions.php | 39 +++++++++++++++++++- onelogin-saml-sso/php/lib/Saml2/version.json | 4 +- onelogin-saml-sso/readme.txt | 6 +++ onelogin-saml-sso/version.json | 8 ++-- 6 files changed, 69 insertions(+), 10 deletions(-) diff --git a/onelogin-saml-sso/onelogin_saml.php b/onelogin-saml-sso/onelogin_saml.php index 606d8d2..4beb97d 100644 --- a/onelogin-saml-sso/onelogin_saml.php +++ b/onelogin-saml-sso/onelogin_saml.php @@ -4,7 +4,7 @@ Plugin URI: https://github.com/onelogin/wordpress-saml Description: Give users secure one-click access to WordPress from OneLogin. This SAML integration eliminates passwords and allows you to authenticate users against your existing Active Directory or LDAP server as well increase security using YubiKeys or VeriSign VIP Access, browser PKI certificates and OneLogin's flexible security policies. OneLogin is pre-integrated with thousands of apps and handles all of your SSO needs in the cloud and behind the firewall. Author: OneLogin, Inc. -Version: 2.5.0 +Version: 2.6.0 Author URI: http://www.onelogin.com */ @@ -34,11 +34,15 @@ // Localization add_action( 'init', 'saml_load_translations'); +// add menu option for configuration +add_action('admin_menu', 'onelogin_saml_configuration'); + // Check if exists SAML Messages add_action('init', 'saml_checker', 1); -// add menu option for configuration -add_action('admin_menu', 'onelogin_saml_configuration'); +if (!is_saml_enabled()) { + return; +} $prevent_reset_password = get_option('onelogin_saml_customize_action_prevent_reset_password', false); if ($prevent_reset_password) { diff --git a/onelogin-saml-sso/php/configuration.php b/onelogin-saml-sso/php/configuration.php index 1410fe1..5218603 100644 --- a/onelogin-saml-sso/php/configuration.php +++ b/onelogin-saml-sso/php/configuration.php @@ -50,6 +50,11 @@ function onelogin_saml_configuration() { $option_group = 'onelogin_saml_configuration'; + add_settings_section('status', __('STATUS', 'onelogin-saml-sso'), 'plugin_section_status_text', $option_group); + + register_setting($option_group, 'onelogin_saml_enabled'); + add_settings_field('onelogin_saml_enabled', __('Enable', 'onelogin-saml-sso'), "plugin_setting_boolean_onelogin_saml_enabled", $option_group, 'status'); + add_settings_section('idp', __('IDENTITY PROVIDER SETTINGS', 'onelogin-saml-sso'), 'plugin_section_idp_text', $option_group); $idp_fields = array ( 'onelogin_saml_idp_entityid' => __('IdP Entity Id', 'onelogin-saml-sso') . ' *', @@ -182,6 +187,13 @@ function onelogin_saml_configuration() { add_settings_field('onelogin_saml_advanced_digestalgorithm', __('Digest Algorithm', 'onelogin-saml-sso'), "plugin_setting_select_onelogin_saml_advanced_digestalgorithm", $option_group, 'advanced_settings'); } + function plugin_setting_boolean_onelogin_saml_enabled() { + $value = get_option('onelogin_saml_enabled'); + echo ''. + '

'.__("Check it in order to enable the SAML plugin.", 'onelogin-saml-sso').'

'; + } + function plugin_setting_string_onelogin_saml_idp_entityid() { echo ''. diff --git a/onelogin-saml-sso/php/functions.php b/onelogin-saml-sso/php/functions.php index b18a421..2bb7beb 100644 --- a/onelogin-saml-sso/php/functions.php +++ b/onelogin-saml-sso/php/functions.php @@ -8,7 +8,6 @@ require_once "compatibility.php"; - function saml_checker() { if (isset($_GET['saml_acs'])) { if (empty($_POST['SAMLResponse'])) { @@ -68,6 +67,10 @@ function saml_sso() { return true; } $auth = initialize_saml(); + if ($auth == false) { + wp_redirect(home_url()); + exit(); + } if (isset($_SERVER['REQUEST_URI']) && !isset($_GET['saml_sso'])) { $auth->login($_SERVER['REQUEST_URI']); } else { @@ -99,6 +102,10 @@ function saml_slo() { } $auth = initialize_saml(); + if ($auth == false) { + wp_redirect(home_url()); + exit(); + } $auth->logout(home_url(), array(), $nameId, $sessionIndex, false, $nameIdFormat); return false; } @@ -136,6 +143,10 @@ function saml_role_order_compare($role1, $role2) { function saml_acs() { $auth = initialize_saml(); + if ($auth == false) { + wp_redirect(home_url()); + exit(); + } $auth->processResponse(); @@ -311,6 +322,11 @@ function saml_acs() { function saml_sls() { $auth = initialize_saml(); + if ($auth == false) { + wp_redirect(home_url()); + exit(); + } + $retrieve_parameters_from_server = get_option('onelogin_saml_advanced_settings_retrieve_parameters_from_server', false); if (isset($_GET) && isset($_GET['SAMLRequest'])) { // Close session before send the LogoutResponse to the IdP @@ -370,6 +386,10 @@ function initialize_saml() { require_once plugin_dir_path(__FILE__).'_toolkit_loader.php'; require plugin_dir_path(__FILE__).'settings.php'; + if (!is_saml_enabled()) { + return false; + } + try { $auth = new Onelogin_Saml2_Auth($settings); } catch (Exception $e) { @@ -382,6 +402,23 @@ function initialize_saml() { return $auth; } +function is_saml_enabled() { + $saml_enabled = get_option('onelogin_saml_enabled', null); + if ($saml_enabled == null) { + // If no data was saved about enable/disable saml, then + // check if entityId also is null and then consider the + // plugin disabled + if (get_option('onelogin_saml_idp_entityid', null) == null) { + $saml_enabled = false; + } else { + $saml_enabled = true; + } + } else { + $saml_enabled = $saml_enabled == 'on'? true : false; + } + return $saml_enabled; +} + // Prevent that the user change important fields class preventLocalChanges { diff --git a/onelogin-saml-sso/php/lib/Saml2/version.json b/onelogin-saml-sso/php/lib/Saml2/version.json index 1319c88..f502a0c 100644 --- a/onelogin-saml-sso/php/lib/Saml2/version.json +++ b/onelogin-saml-sso/php/lib/Saml2/version.json @@ -1,6 +1,6 @@ { "php-saml": { - "version": "2.11.0", - "released": "21/07/2017" + "version": "2.13.0", + "released": "05/03/2018" } } diff --git a/onelogin-saml-sso/readme.txt b/onelogin-saml-sso/readme.txt index 9cecbc2..feb31a3 100644 --- a/onelogin-saml-sso/readme.txt +++ b/onelogin-saml-sso/readme.txt @@ -21,6 +21,12 @@ If you used this plugin before 2.2.0 with just-in-time provision active, Read: h To mitigate that bug, place the script at the root of wordpress and execute it (later remove it) https://gist.github.com/pitbulk/a8223c90a3534e9a7d5e0a93009a094f == Changelog == += 2.6.0 = +* Update php-saml to 2.13.0 +* Add Status setting in order to enable or disable the plugin (Required on multi-sites environment since the plugin is enabled globally for the network) +* Add 'Remember Me' Login option to Settings +* Fix bug on escaping value for customize_links_saml_login +* If password is disabled.. turn field readonly.. not disable it = 2.5.0 = * Update php-saml library to 2.11.0 diff --git a/onelogin-saml-sso/version.json b/onelogin-saml-sso/version.json index d7511aa..0fabbdd 100644 --- a/onelogin-saml-sso/version.json +++ b/onelogin-saml-sso/version.json @@ -1,12 +1,12 @@ { "php-saml": { - "version": "2.11.0", - "released": "21/07/2017" + "version": "2.13.0", + "released": "05/05/2018" }, "plugin": { "app": "wordpress", "name": "onelogin-saml-sso", - "version": "2.5.0", - "released": "02/08/2017" + "version": "2.6.0", + "released": "18/05/2018" } }