From 833e99918b9d172b2a612cbe6ba686aefbc14092 Mon Sep 17 00:00:00 2001 From: arunshenoy99 Date: Thu, 18 Apr 2024 18:47:54 +0530 Subject: [PATCH 1/3] Fallback to an option when transients fail --- composer.json | 8 ++++++++ includes/SSO_Helpers_Legacy.php | 19 +++++++++++++++---- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/composer.json b/composer.json index 58721b2..6f48723 100644 --- a/composer.json +++ b/composer.json @@ -37,5 +37,13 @@ }, "require": { "newfold-labs/wp-module-data": ">=2.1" + }, + "require-dev": { + "newfold-labs/wp-php-standards": "^1.2" + }, + "config": { + "allow-plugins": { + "dealerdirect/phpcodesniffer-composer-installer": true + } } } diff --git a/includes/SSO_Helpers_Legacy.php b/includes/SSO_Helpers_Legacy.php index 14dfa6c..8038f35 100644 --- a/includes/SSO_Helpers_Legacy.php +++ b/includes/SSO_Helpers_Legacy.php @@ -15,6 +15,8 @@ class SSO_Helpers_Legacy extends SSO_Helpers { * @param string $token */ public static function handleLegacyLogin( $nonce, $salt ) { + $has_epoch = preg_match( '/-e(\d+)$/', $nonce, $epoch ); + $expired = ( $has_epoch && ( time() - $epoch[1] ) > 300 ) ? true : false; // Not doing sso if ( ! $nonce || ! $salt ) { @@ -36,8 +38,13 @@ public static function handleLegacyLogin( $nonce, $salt ) { } // Validate token - $token = substr( base64_encode( hash( 'sha256', $nonce . $salt, false ) ), 0, 64 ); - if ( get_transient( 'sso_token' ) !== $token ) { + $token = substr( base64_encode( hash( 'sha256', $nonce . $salt, false ) ), 0, 64 ); + $stored_token = get_transient( 'sso_token' ); + if ( false === $stored_token ) { + $stored_token = get_option( 'sso_token' ); + delete_option( 'sso_token' ); + } + if ( $expired || $stored_token !== $token ) { self::triggerFailure(); exit; } @@ -69,7 +76,12 @@ public static function getUser() { // If user wasn't found, find first admin user if ( ! $user ) { - $users = get_users( array( 'role' => 'administrator', 'number' => 1 ) ); + $users = get_users( + array( + 'role' => 'administrator', + 'number' => 1, + ) + ); if ( isset( $users[0] ) && is_a( $users[0], 'WP_User' ) ) { $user = $users[0]; } @@ -77,5 +89,4 @@ public static function getUser() { return $user; } - } From e4b1e037a1dce4ebac3790c2f3017b199b70a749 Mon Sep 17 00:00:00 2001 From: Arun Shenoy Date: Thu, 18 Apr 2024 20:07:43 +0530 Subject: [PATCH 2/3] Update SSO_Helpers_Legacy.php --- includes/SSO_Helpers_Legacy.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/includes/SSO_Helpers_Legacy.php b/includes/SSO_Helpers_Legacy.php index 8038f35..7278b0c 100644 --- a/includes/SSO_Helpers_Legacy.php +++ b/includes/SSO_Helpers_Legacy.php @@ -15,14 +15,15 @@ class SSO_Helpers_Legacy extends SSO_Helpers { * @param string $token */ public static function handleLegacyLogin( $nonce, $salt ) { - $has_epoch = preg_match( '/-e(\d+)$/', $nonce, $epoch ); - $expired = ( $has_epoch && ( time() - $epoch[1] ) > 300 ) ? true : false; // Not doing sso if ( ! $nonce || ! $salt ) { wp_safe_redirect( wp_login_url() ); exit; } + + $has_epoch = preg_match( '/-e(\d+)$/', $nonce, $epoch ); + $expired = ( $has_epoch && ( time() - $epoch[1] ) > 300 ) ? true : false; // Too many failed attempts if ( self::shouldThrottle() ) { From 5648cb09dc158db83cf8d65d084862b9b5c347a8 Mon Sep 17 00:00:00 2001 From: arunshenoy99 Date: Thu, 18 Apr 2024 21:08:34 +0530 Subject: [PATCH 3/3] Fix lint --- includes/SSO_Helpers_Legacy.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/SSO_Helpers_Legacy.php b/includes/SSO_Helpers_Legacy.php index 7278b0c..e87fcee 100644 --- a/includes/SSO_Helpers_Legacy.php +++ b/includes/SSO_Helpers_Legacy.php @@ -21,8 +21,8 @@ public static function handleLegacyLogin( $nonce, $salt ) { wp_safe_redirect( wp_login_url() ); exit; } - - $has_epoch = preg_match( '/-e(\d+)$/', $nonce, $epoch ); + + $has_epoch = preg_match( '/-e(\d+)$/', $nonce, $epoch ); $expired = ( $has_epoch && ( time() - $epoch[1] ) > 300 ) ? true : false; // Too many failed attempts