Respect redirect_to param to wp-login.php with Azure logins

uhm-coe · Nov 3, 2022 · a3d28a9 · a3d28a9
1 parent 7de6357
commit a3d28a9
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 0 deletions.
diff --git a/src/authorizer/class-authentication.php b/src/authorizer/class-authentication.php
@@ -404,6 +404,18 @@ function ( $entry ) {
 			// See: https://github.com/thenetworg/oauth2-azure.
 			session_start();
 			try {
+				// Save the redirect URL for WordPress so we can restore it after a
+				// successful login (note: we can't add the redirect_to querystring
+				// param to the redirectUri param below because it won't match the
+				// approved URI set in the Azure portal).
+				$login_querystring = array();
+				if ( isset( $_SERVER['QUERY_STRING'] ) ) {
+					parse_str( $_SERVER['QUERY_STRING'], $login_querystring ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
+				}
+				if ( isset( $login_querystring['redirect_to'] ) ) {
+					$_SESSION['azure_redirect_to'] = $login_querystring['redirect_to'];
+				}
+
 				$provider = new \TheNetworg\OAuth2\Client\Provider\Azure( array(
 					'clientId'     => $auth_settings['oauth2_clientid'],
 					'clientSecret' => $auth_settings['oauth2_clientsecret'],

diff --git a/src/authorizer/class-wp-plugin-authorizer.php b/src/authorizer/class-wp-plugin-authorizer.php
@@ -60,6 +60,9 @@ public function __construct() {
 			add_filter( 'login_errors', array( Login_Form::get_instance(), 'show_advanced_login_error' ) );
 		}
 
+		// Redirect to wp-login.php?redirect_to=? destination after an Azure login.
+		add_filter( 'login_redirect', array( Options\External\OAuth2::get_instance(), 'maybe_redirect_after_azure_login' ), 10, 2 );
+
 		// Enable localization. Translation files stored in /languages.
 		add_action( 'plugins_loaded', array( $this, 'load_textdomain' ) );
 

diff --git a/src/authorizer/options/external/class-oauth2.php b/src/authorizer/options/external/class-oauth2.php
@@ -263,4 +263,21 @@ public function print_text_oauth2_url_resource( $args = '' ) {
 		<?php
 	}
 
+
+	/**
+	 * Restore any redirect_to value saved during an Azure login (in the
+	 * `authenticate` hook). This is needed since the Azure portal needs an
+	 * approved URI to visit after logging in, and cannot have a variable
+	 * redirect_to param in it like the normal WordPress redirect flow.
+	 *
+	 * @hook login_redirect
+	 */
+	public function maybe_redirect_after_azure_login( $redirect_to ) {
+		if ( ! empty( $_SESSION['azure_redirect_to'] ) ) {
+			$redirect_to = $_SESSION['azure_redirect_to'];
+		}
+
+		return $redirect_to;
+	}
+
 }