A WordPress plugin that provides Headless login and authentication for WPGraphQL, supporting traditional passwords, OAuth2/OpenID Connect, JWT, and more.
GNU General Public License v3.0
66
stars
11
forks
source link
Add AuthCookie for Login with SameSite cookie option #129
This PR enhances the loginCookie functionality by introducing a new AuthCookie class. This class adds options for configuring the cookie's expiration and SameSite attribute. This should resolve this issue.
Why
Currently, the authentication cookie being set is session-only. This means that when a user closes their browser, they need to re-authenticate upon reopening. This change allows for persistent authentication sessions, reducing the need for frequent logins.
How
This PR introduces the AuthCookie class which replaces the default behavior for setting authentication cookies. The AuthCookie class:
Provides the option to set a custom expiration time for the authentication cookie.
Supports the SameSite attribute for cookies, which enhances security by controlling how cookies are sent with cross-site requests.
Allows users to set the cookie as persistent if they opt for the "remember me" functionality, which is currently not supported by default.
Testing Instructions
Login using a Login provider. Verify cookies and check that SameSite is set to None.
Additional Info
Things to improve: Add options in admin for samesite configuration & domain cookie.
Checklist:
[x] My code is tested to the best of my abilities.
[x] My code follows the WordPress Coding Standards.
[x] My code has proper inline documentation.
[ ] I have added unit tests to verify the code works as intended.
[ ] I included the relevant changes in CHANGELOG.md
@alexookah I've rebased this on the current develop branch to fix some issues with ci and testing in WP 6.6. Please make sure to pull --force before committing/pushing any additional changes to this PR.
coverage: 81.787% (-0.1%) from 81.924%
when pulling 1eed7c4a11609461d8d136c2f3bfe23a6144f0aa on alexookah:custom_wp_auth_cookie
into 72936f46e814d30e13213f8ee50e516f35c9c7f5 on AxeWP:develop.
What
This PR enhances the loginCookie functionality by introducing a new AuthCookie class. This class adds options for configuring the cookie's expiration and SameSite attribute. This should resolve this issue.
Why
Currently, the authentication cookie being set is session-only. This means that when a user closes their browser, they need to re-authenticate upon reopening. This change allows for persistent authentication sessions, reducing the need for frequent logins.
How
This PR introduces the AuthCookie class which replaces the default behavior for setting authentication cookies. The AuthCookie class:
Provides the option to set a custom expiration time for the authentication cookie. Supports the SameSite attribute for cookies, which enhances security by controlling how cookies are sent with cross-site requests. Allows users to set the cookie as persistent if they opt for the "remember me" functionality, which is currently not supported by default.
Testing Instructions
Login using a Login provider. Verify cookies and check that SameSite is set to None.
Additional Info
Things to improve: Add options in admin for samesite configuration & domain cookie.
Checklist: