search

sqrldev / wordpress-sqrl-login

SQRL Login WordPress plugin
MIT License
21 stars 7 forks source link

Cast User ID as an integer #59

Closed sanzeeb3 closed 4 years ago

sanzeeb3 commented 4 years ago

Describe the bug To avoid edge cases conflict, cast user id as an integer.

Additional context Conflict with iThemes Security Pro where the session is getting initialized with a stringly typed user id.

Support Post: https://wordpress.org/support/topic/conflict-with-ithemes-security-pro/

Fatal error: Uncaught TypeError: Argument 1 passed to iThemesSecurity\User_Groups\Match_Target::for_user() must be an instance of WP_User, bool given, called in /home/bowlftcc/bowlanderson.com/wp-content/plugins/ithemes-security-pro/core/lib/class-itsec-lib-fingerprinting.php on line 170 and defined in /home/bowlftcc/bowlanderson.com/wp-content/plugins/ithemes-security-pro/core/modules/user-groups/Match/Match_Target.php:34 Stack trace: #0 /home/bowlftcc/bowlanderson.com/wp-content/plugins/ithemes-security-pro/core/lib/class-itsec-lib-fingerprinting.php(170): iThemesSecurity\User_Groups\Match_Target::for_user(false) #1 /home/bowlftcc/bowlanderson.com/wp-content/plugins/ithemes-security-pro/pro/fingerprinting/class-itsec-fingerprinting.php(196): ITSEC_Lib_Fingerprinting::applies_to_user(‘2’) #2 /home/bowlftcc/bowlanderson.com/wp-includes/class-wp-hook.php(288): ITSEC_Fingerprinting->attach_fingerprint_to_session(Array, ‘2’) #3 /home/bowlftcc/bowlanderson.com/wp-includes/plugin.php(206): WP_Hook->apply_filters(Array, Array) in /home/bowlftcc/bowlanderson.com/wp-content/plugins/ithemes-security-pro/core/modules/user-groups/Match/Match_Target.php on line 34

https://github.com/sqrldev/wordpress-sqrl-login/blob/3041ab2486eab6db4e348133d1c083e0ff3aa129/sqrl-login.php#L1444

kalaspuffar commented 4 years ago

Hi @sanzeeb3

I'm not saying this isn't something we could look into and fix (PR welcome).

But I believe this is probably not the issue with your plugin. As I see it the user ID is only used internally for the SQRL plugin and the only time it actually is used in any external call is when it calls wp_set_auth_cookie( $session['user'] ); which should use the ID in order to create the cookie. And a cookie per nature is a string.

Best regards Daniel

sanzeeb3 commented 4 years ago

@kalaspuffar I agree. This is not a common issue and nothing's wrong with user ID being a string. As per the expectation of the datatype, I propose return (int) $wp_users[0]; or this can be closed.