Merge pull request #248 from pantheon-systems/filter-enable-force-authn

Add a filter to allow `forceAuthn="true"` to be enabled
pantheon-systems · May 25, 2021 · 6224d5e · 6224d5e
2 parents cb619df + 056331e
commit 6224d5e
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 **Tags:** authentication, SAML  
 **Requires at least:** 4.4  
 **Tested up to:** 5.7  
-**Stable tag:** 1.2.2  
+**Stable tag:** 1.2.3  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -277,6 +277,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati
 
 ## Changelog ##
 
+### 1.2.3 (May 25, 2021) ###
+* Adds a `wp_saml_auth_force_authn` filter to allow forceAuthn="true" to be enabled [[#248](https://github.com/pantheon-systems/wp-saml-auth/pull/248)].
+
 ### 1.2.2 (Apr 26, 2021) ###
 * Ensures SAML button and explanations are only added to the login screen [[#242](https://github.com/pantheon-systems/wp-saml-auth/pull/242)].
 

diff --git a/inc/class-wp-saml-auth.php b/inc/class-wp-saml-auth.php
@@ -258,7 +258,13 @@ function() use ( $redirect_to ) {
 			} else {
 				$redirect_to = filter_input( INPUT_GET, 'redirect_to', FILTER_SANITIZE_URL );
 				$redirect_to = $redirect_to ? $redirect_to : $_SERVER['REQUEST_URI'];
-				$provider->login( $redirect_to );
+				/**
+				 * Allows forceAuthn="true" to be enabled.
+				 *
+				 * @param boolean $force_auth forceAuthn behavior.
+				 */
+				$force_authn = apply_filters( 'wp_saml_auth_force_authn', false );
+				$provider->login( $redirect_to, array(), $force_authn );
 			}
 		} elseif ( is_a( $provider, $this->simplesamlphp_class ) ) {
 			$redirect_to = filter_input( INPUT_GET, 'redirect_to', FILTER_SANITIZE_URL );

diff --git a/languages/wp-saml-auth.pot b/languages/wp-saml-auth.pot
@@ -2,16 +2,16 @@
 # This file is distributed under the same license as the WP SAML Auth plugin.
 msgid ""
 msgstr ""
-"Project-Id-Version: WP SAML Auth 1.2.1\n"
+"Project-Id-Version: WP SAML Auth 1.2.3\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-saml-auth\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2021-03-02T13:38:37+00:00\n"
+"POT-Creation-Date: 2021-05-25T12:43:53+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"X-Generator: WP-CLI 2.4.0\n"
+"X-Generator: WP-CLI 2.5.0\n"
 "X-Domain: wp-saml-auth\n"
 
 #. Plugin Name of the plugin
@@ -182,45 +182,45 @@ msgstr ""
 msgid "N/A"
 msgstr ""
 
-#: inc/class-wp-saml-auth.php:147
+#: inc/class-wp-saml-auth.php:151
 msgid "Use one-click authentication:"
 msgstr ""
 
-#: inc/class-wp-saml-auth.php:148
+#: inc/class-wp-saml-auth.php:152
 msgid "Sign In"
 msgstr ""
 
-#: inc/class-wp-saml-auth.php:149
+#: inc/class-wp-saml-auth.php:153
 msgid "Or, sign in with WordPress:"
 msgstr ""
 
 #. Translators: Includes error reason from OneLogin.
-#: inc/class-wp-saml-auth.php:234
+#: inc/class-wp-saml-auth.php:238
 msgid "User is not authenticated with SAML IdP. Reason: %s"
 msgstr ""
 
-#: inc/class-wp-saml-auth.php:287
+#: inc/class-wp-saml-auth.php:297
 msgid "Invalid provider specified for SAML authentication"
 msgstr ""
 
-#: inc/class-wp-saml-auth.php:312
+#: inc/class-wp-saml-auth.php:322
 msgid "No attributes were present in SAML response. Attributes are used to create and fetch users. Please contact your administrator"
 msgstr ""
 
 #. Translators: Communicates how the user is fetched based on the SAML response.
-#: inc/class-wp-saml-auth.php:319
+#: inc/class-wp-saml-auth.php:329
 msgid "\"%1$s\" attribute is expected, but missing, in SAML response. Attribute is used to fetch existing user by \"%2$s\". Please contact your administrator."
 msgstr ""
 
-#: inc/class-wp-saml-auth.php:334
+#: inc/class-wp-saml-auth.php:344
 msgid "No WordPress user exists for your account. Please contact your administrator."
 msgstr ""
 
 #. Translators: Links to the WP SAML Auth plugin.
-#: inc/class-wp-saml-auth.php:386
+#: inc/class-wp-saml-auth.php:396
 msgid "WP SAML Auth wasn't able to find the <code>OneLogin\\Saml2\\Auth</code> class. Please verify your Composer autoloader, or <a href='%s'>visit the plugin page</a> for more information."
 msgstr ""
 
-#: inc/class-wp-saml-auth.php:397
+#: inc/class-wp-saml-auth.php:407
 msgid "WP SAML Auth wasn't able to find the <code>%1$s</code> class. Please check the <code>simplesamlphp_autoload</code> configuration option, or <a href='%2$s'>visit the plugin page</a> for more information."
 msgstr ""
diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Contributors: getpantheon, danielbachhuber, Outlandish Josh
 Tags: authentication, SAML
 Requires at least: 4.4
 Tested up to: 5.7
-Stable tag: 1.2.2
+Stable tag: 1.2.3
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -277,6 +277,9 @@ There is no third step. Because SimpleSAMLphp loads WordPress, which has WP Nati
 
 == Changelog ==
 
+= 1.2.3 (May 25, 2021) =
+* Adds a `wp_saml_auth_force_authn` filter to allow forceAuthn="true" to be enabled [[#248](https://github.com/pantheon-systems/wp-saml-auth/pull/248)].
+
 = 1.2.2 (Apr 26, 2021) =
 * Ensures SAML button and explanations are only added to the login screen [[#242](https://github.com/pantheon-systems/wp-saml-auth/pull/242)].
 

diff --git a/wp-saml-auth.php b/wp-saml-auth.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * Plugin Name: WP SAML Auth
- * Version: 1.2.2
+ * Version: 1.2.3
  * Description: SAML authentication for WordPress, using SimpleSAMLphp.
  * Author: Pantheon
  * Author URI: https://pantheon.io