Exclude pages on "enforce_privacy" sites

oidc-wp / openid-connect-generic

WordPress plugin to provide an OpenID Connect Generic client

https://wordpress.org/plugins/daggerhart-openid-connect-generic/

257 stars 155 forks source link

Exclude pages on "enforce_privacy" sites #494

Open cfoellmann opened 1 year ago

cfoellmann commented 1 year ago

I would like to exclude single sites from the login enforcement (enforce_private = 1) but the action template_redirect is pretty hard/impossible to manipulate.

Anyone know a way to conditionally remove the action? is_page is not available in that context.

cfoellmann commented 1 year ago

My idea would be to add this filter:

public function enforce_privacy_redirect() {
if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
    // The client endpoint relies on the wp-admin ajax endpoint.
    if ( ! defined( 'DOING_AJAX' ) || ! constant( 'DOING_AJAX' ) || ! isset( $_GET['action'] ) || 'openid-connect-authorize' != $_GET['action'] ) {
        $exclude = apply_filters( 'openid-connect-generic-exclude-auth', false );
        if ( ! $exclude ) { 
            auth_redirect();
        }
    }
}

This does not work!

timnolte commented 1 year ago

You mention "single sites" so does this mean you are trying to do this on a Multi site instance?

cfoellmann commented 1 year ago

Sorry for the wrong choice of words. I meant page.

We run a intranet site that requires the users to be logged in obviously. But I want to conditionally allow access to pages for anonymous visitors.

I need to

make one page (with a gravity form) open to all anonymous (filtered by page id)
make two pages (with a gravity form) open to all anonymous (filtered by page id) + LAN ip for a kiosk display and public tablet

cfoellmann commented 4 months ago

@timnolte any idea to get this integrated? I am at the moment modifying the function in the plugin which gets killed by updates.

public function enforce_privacy_redirect() {
        if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
            // The client endpoint relies on the wp-admin ajax endpoint.
            if ( ! defined( 'DOING_AJAX' ) || ! constant( 'DOING_AJAX' ) || ! isset( $_GET['action'] ) || 'openid-connect-authorize' != $_GET['action'] ) {
                $exclude = is_page(array(144,194,5,));
                // $exclude = apply_filters( 'openid-connect-generic-exclude-auth', false );
                if ( ! $exclude ) {
                    auth_redirect();
                }
            }
        }
    }

if I use that intended filter the is_page() function is not available at that point.

timnolte commented 4 months ago

@cfoellmann hmm, that doesn't make sense that is_page() isn't available when the filter is used.

cfoellmann commented 4 months ago

it is not available in a mu-plugins/ plugin

cfoellmann commented 4 months ago

Can I go via another action to fire the filter later from within the must-use plugin code?

mohmmadali1976 commented 2 months ago

Hi, The same I'm looking for. Want to exclude specific page when enable this enforce_privacy. Could you please provide the solution without touching the existing code. Is there a way we can filter on top this.