Closed nobleclem closed 1 year ago
Thanks for reporting this. I'll look at it over the next few days and will keep you updated regarding a fix. I hope to have a fix for this in a beta release of 1.2.0 next week with a general release around the time WordPress 6.3 is available (currently around August 8).
I apologize for letting this sit for so long! A fix (bdc8d2f) for this problem is now available in a beta release, version 1.2.0-beta1. To test this beta release, you will need to download the .zip file and use its contents to manually replace the wp-content/plugins/umich-oidc-login
folder in your installation of WordPress. If all goes well, I plan on releasing version 1.2.0 via the WordPress plugin directory in mid-September.
Please let me know if you discover any problems in the beta release.
Version 1.2.0, which contains the fix for this issue, has been released and published in the WordPress plugin directory.
If you use this alias with this plugin you will end up in an endless authentication loop WP Login -> OIDC -> WP Login -> OIDC ....
The issue starts in wp-includes/canonical.php FUNCTION
wp_redirect_admin_locations()
which handles the /login -> /wp-login.php redirect. This function callswp_login_url()
which in turn callsUMich_OIDC_Login\Core\OIDC::login_url
. At this point things start to go wrong asUMich_OIDC_Login\Core\OIDC::get_current_url
looks at theREQUEST_URI
which is that of /login and not the passed /wp-login.phpNot knowing the reasons for everything the only solution I can think of that works is: in:
UMich_OIDC_Login\Core\OIDC::login_url
$this->get_oidc_url( 'login', '' )
to$this->get_oidc_url( 'login', ($redirect ?: $login_url) )
if(){}
in the 'optional' case (this is where I have less confidence as I don't understand its purpose as it seems to work fine in my use case without it)Alternatively you would need to check for REQUEST_URI being equal to either of these and using
/
insteadUMich_OIDC_Login\Core\OIDC::get_current_url
after$request_uri = $_SERVER['REQUEST_URI'];
This however will still require the 'optional' case in
UMich_OIDC_Login\Core\OIDC::login_url
to have theif(){}
code removed as it still causes a problem.Let me know if you have any questions.