Prepares New Bug Fix and Refactoring Release

CHANGELOG.md

@@ -1,6 +1,11 @@
 # OpenId Connect Generic Changelog
 
-3.9.0
+**3.9.1**
+
+- Improvement: @timnolte - Refactors Composer setup and GitHub Actions.
+- Improvement: @timnolte - Bumps WordPress tested version compatibility.
+
+**3.9.0**
 
 - Feature: @matchaxnb - Added support for additional configuration constants.
 - Feature: @schanzen - Added support for agregated claims.
@@ -18,35 +23,35 @@
 - Security: @timnolte - Updated build tooling security vulnerabilities.
 - Improvement: @timnolte - Changed build tooling scripts.
 
-  3.8.5
+**3.8.5**
 
 - Fix: @timnolte - Fixed missing URL request validation before use & ensure proper current page URL is setup for Redirect Back.
 - Fix: @timnolte - Fixed Redirect URL Logic to Handle Sub-directory Installs.
 - Fix: @timnolte - Fixed issue with redirecting user back when the openid_connect_generic_auth_url shortcode is used.
 
-  3.8.4
+**3.8.4**
 
 - Fix: @timnolte - Fixed invalid State object access for redirection handling.
 - Improvement: @timnolte - Fixed local wp-env Docker development environment.
 - Improvement: @timnolte - Fixed Composer scripts for linting and static analysis.
 
-  3.8.3
+**3.8.3**
 
 - Fix: @timnolte - Fixed problems with proper redirect handling.
 - Improvement: @timnolte - Changes redirect handling to use State instead of cookies.
 - Improvement: @timnolte - Refactored additional code to meet coding standards.
 
-  3.8.2
+**3.8.2**
 
 - Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.
 
-  3.8.1
+**3.8.1**
 
 - Fix: @timnolte - Prevent SSO redirect on password protected posts.
 - Fix: @timnolte - CI/CD build issues.
 - Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.
 
-  3.8.0
+**3.8.0**
 
 - Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
 - Improvement: @timnolte - NPM version requirements for development.
@@ -56,18 +61,17 @@
 - Improvement: @timnolte - Refactored to provide localization.
 - Improvement: @timnolte - Refactored to provide a Docker-based local development environment.
 
-  3.7.1
+**3.7.1**
 
 - Fix: Release Version Number.
 
-  3.7.0
+**3.7.0**
 
 - Feature: @timnolte - Ability to enable/disable token refresh. Useful for IDPs that don't support token refresh.
 - Feature: @timnolte - Support custom redirect URL(`redirect_to`) with the authentication URL & login button shortcodes.
+- Supports additional attribute overrides including login `button_text`, `endpoint_login`, `scope`, `redirect_uri`.
 
-  - Supports additional attribute overrides including login `button_text`, `endpoint_login`, `scope`, `redirect_uri`.
-
-    3.6.0
+**3.6.0**
 
 - Improvement: @RobjS - Improved error messages during login state failure.
 - Improvement: @RobjS - New developer filter for login form button URL.
@@ -76,11 +80,11 @@
 - Feature: @benochen - New setting named "Create user if does not exist" determines whether new users are created during login attempts.
 - Improvement: @flat235 - Username transliteration and normalization.
 
-  3.5.1
+**3.5.1**
 
 - Fix: @daggerhart - New approach to state management using transients.
 
-  3.5.0
+**3.5.0**
 
 - Readme fix: @thijskh - Fix syntax error in example openid-connect-generic-login-button-text
 - Feature: @slavicd - Allow override of the plugin by posting credentials to wp-login.php

README.md

@@ -3,8 +3,8 @@
 **Donate link:** http://www.daggerhart.com/  
 **Tags:** security, login, oauth2, openidconnect, apps, authentication, autologin, sso  
 **Requires at least:** 4.9  
-**Tested up to:** 5.9.2  
-**Stable tag:** 3.9.0  
+**Tested up to:** 6.0.1  
+**Stable tag:** 3.9.1  
 **Requires PHP:** 7.2  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
@@ -51,6 +51,11 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 
 ## Changelog ##
 
+### 3.9.1 ###
+
+* Improvement: @timnolte - Refactors Composer setup and GitHub Actions.
+* Improvement: @timnolte - Bumps WordPress tested version compatibility.
+
 ### 3.9.0 ###
 
 * Feature: @matchaxnb - Added support for additional configuration constants.
@@ -104,134 +109,6 @@ On the settings page for this plugin (Dashboard > Settings > OpenID Connect Gene
 * Improvement: @timnolte - Refactored to meet WordPress coding standards.
 * Improvement: @timnolte - Refactored to provide localization.
 
-### 3.7.1 ###
-
-* Fix: Release Version Number.
-
-### 3.7.0 ###
-
-* Feature: @timnolte - Ability to enable/disable token refresh. Useful for IDPs that don't support token refresh.
-* Feature: @timnolte - Support custom redirect URL(`redirect_to`) with the authentication URL & login button shortcodes.
-  - Supports additional attribute overrides including login `button_text`, `endpoint_login`, `scope`, `redirect_uri`.
-
-### 3.6.0 ###
-
-* Improvement: @RobjS - Improved error messages during login state failure.
-* Improvement: @RobjS - New developer filter for login form button URL.
-* Fix: @cs1m0n - Only increment username during new user creation if the "Link existing user" setting is enabled.
-* Fix: @xRy-42 - Allow periods and spaces in usernames to match what WordPress core allows.
-* Feature: @benochen - New setting named "Create user if does not exist" determines whether new users are created during login attempts.
-* Improvement: @flat235 - Username transliteration and normalization.
-
-### 3.5.1 ###
-
-* Fix: @daggerhart - New approach to state management using transients.
-
-### 3.5.0 ###
-
-* Readme fix: @thijskh - Fix syntax error in example openid-connect-generic-login-button-text
-* Feature: @slavicd - Allow override of the plugin by posting credentials to wp-login.php
-* Feature: @gassan - New action on use login
-* Fix: @daggerhart - Avoid double question marks in auth url query string
-* Fix: @drzraf - wp-cli bootstrap must not inhibit custom rewrite rules
-* Syntax change: @mullikine - Change PHP keywords to comply with PSR2
-
-### 3.4.1 ###
-
-* Minor documentation update and additional error checking.
-
-### 3.4.0 ###
-
-* Feature: @drzraf - New filter hook: ability to filter claim and derived user data before user creation.
-* Feature: @anttileppa - State time limit can now be changed on the settings page.
-* Fix: @drzraf - Fix PHP notice when using traditional login, $token_response may be empty.
-* Fix: @drzraf - Fixed a notice when cookie does not contain expected redirect_url
-
-### 3.3.1 ###
-
-* Prefixing classes for more efficient autoloading.
-* Avoid altering global wp_remote_post() parameters.
-* Minor metadata updates for wp.org
-
-### 3.3.0 ###
-
-* Fix: @pjeby - Handle multiple user sessions better by using the `WP_Session_Tokens` object. Predecessor to fixes for multiple other issues: #49, #50, #51
-
-### 3.2.1 ###
-
-* Bug fix: @svenvanhal - Exit after issuing redirect. Fixes #46
-
-### 3.2.0 ###
-
-* Feature: @robbiepaul - trigger core action `wp_login` when user is logged in through this plugin
-* Feature: @moriyoshi - Determine the WP_User display name with replacement tokens on the settings page. Tokens can be any property of the user_claim.
-* Feature: New setting to set redirect URL when session expires.
-* Feature: @robbiepaul - New filter for modifying authentication URL
-* Fix: @cedrox - Adding id_token_hint to logout URL according to spec
-* Bug fix: Provide port to the request header when requesting the user_claim
-
-### 3.1.0 ###
-
-* Feature: @rwasef1830 - Refresh tokens
-* Feature: @rwasef1830 - Integrated logout support with end_session endpoint
-* Feature: May use an alternate redirect_uri that doesn't rely on admin-ajax
-* Feature: @ahatherly - Support for IDP behind reverse proxy
-* Bug fix: @robertstaddon - case insensitive check for Bearer token
-* Bug fix: @rwasef1830 - "redirect to origin when auto-sso" cookie issue
-* Bug fix: @rwasef1830 - PHP Warnings headers already sent due to attempts to redirect and set cookies during login form message
-* Bug fix: @rwasef1830 - expire session when access_token expires if no refresh token found
-* UX fix: @rwasef1830 - Show login button on error redirect when using auto-sso
-
-### 3.0.8 ###
-
-* Feature: @wgengarelly - Added `openid-connect-generic-update-user-using-current-claim` action hook allowing other plugins/themes
-  to take action using the fresh claims received when an existing user logs in.
-
-### 3.0.7 ###
-
-* Bug fix: @wgengarelly - When requesting userinfo, send the access token using the Authorization header field as recommended in
-section 5.3.1 of the specs.
-
-### 3.0.6 ###
-
-* Bug fix: @robertstaddon - If "Link Existing Users" is enabled, allow users who login with OpenID Connect to also log in with WordPress credentials
-
-### 3.0.5 ###
-
-* Feature: @robertstaddon - Added `[openid_connect_generic_login_button]` shortcode to allow the login button to be placed anywhere
-* Feature: @robertstaddon - Added setting to "Redirect Back to Origin Page" after a successful login instead of redirecting to the home page.
-
-### 3.0.4 ###
-
-* Feature: @robertstaddon - Added setting to allow linking existing WordPress user accounts with newly-authenticated OpenID Connect login
-
-### 3.0.3 ###
-
-* Using WordPresss's is_ssl() for setcookie()'s "secure" parameter
-* Bug fix: Incrementing username in case of collision.
-* Bug fix: Wrong error sent when missing token body
-
-### 3.0.2 ###
-
-* Added http_request_timeout setting
-
-### 3.0.1 ###
-
-* Finalizing 3.0.x api
-
-### 3.0 ###
-
-* Complete rewrite to separate concerns
-* Changed settings keys for clarity (requires updating settings if upgrading from another version)
-* Error logging
-
-### 2.1 ###
-
-* Working my way closer to spec. Possible breaking change.  Now checking for preferred_username as priority.
-* New username determination to avoid collisions
-
-### 2.0 ###
-
-Complete rewrite
-
+--------
 
+[See the previous changelogs here](https://github.com/oidc-wp/openid-connect-generic/blob/main/CHANGELOG.md#changelog)

languages/openid-connect-generic.pot

@@ -2,10 +2,10 @@
 # This file is distributed under the GPL-2.0+.
 msgid ""
 msgstr ""
-"Project-Id-Version: OpenID Connect Generic 3.9.0\n"
+"Project-Id-Version: OpenID Connect Generic 3.9.1\n"
 "Report-Msgid-Bugs-To: "
 "https://github.com/daggerhart/openid-connect-generic/issues\n"
-"POT-Creation-Date: 2022-03-22 03:28:37+00:00\n"
+"POT-Creation-Date: 2022-08-19 04:06:16+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"

openid-connect-generic.php

@@ -16,7 +16,7 @@
  * Plugin Name:       OpenID Connect Generic
  * Plugin URI:        https://github.com/daggerhart/openid-connect-generic
  * Description:       Connect to an OpenID Connect generic client using Authorization Code Flow.
- * Version:           3.9.0
+ * Version:           3.9.1
  * Requires at least: 4.9
  * Requires PHP:      7.2
  * Author:            daggerhart
@@ -91,7 +91,7 @@ class OpenID_Connect_Generic {
 	 *
 	 * @var string
 	 */
-	const VERSION = '3.9.0';
+	const VERSION = '3.9.1';
 
 	/**
 	 * Plugin settings.

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "openid-connect-generic",
-	"version": "3.9.0",
+	"version": "3.9.1",
 	"description": "OpenID Connect generic WordPress plugin.",
 	"main": "Gruntfile.js",
 	"repository": {