-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 3.6.0 #475
Merged
Merged
Release 3.6.0 #475
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rect; added WP_Auth0_LoginManager->die_on_login() to handle login errors better
… setting a cookie unecessarily
123456789012345678901234567890123456789012345678901234567890123456789012 Added a get_state method to WP_Auth0_LoginManager to get and parse the state parameter as an object. Added 'state' to allowed query_vars.
WP_Auth0_LoginManager was not processing errors well, was poorly documented, and might have been improperly exposing error messages. Incoming URL param errors from Auth0 and configuration issues are caught earlier in the login process. Error message are not exposed to the user; instead they are logged for an admin. Thrown errors are standarized and listed in docblocks. Fixes #305
The implicit login flow redirects to the login page to handle the response from Auth0. This caused the cookie to be set to a new value before the state being returned is checked. The state was also not urldecoded so "=" chars were being received as "%3D" and were not being base64 decoded properly.
Documentation for the plugin resides in mulitple places - auth0.com docs, wp.org readme, GitHub readme - and this commit is part of an on- going effort to consolidate and clarify. This commit removes the installation instructions on wp.org, pointing to the docs site instead. It also updates the screenshots and adds information about support to the FAQs. This commit also clearly points the GitHub readme to docs in a few cases and updates the dev instructions.
Admins settings have confusing wording, inconsistent behavior, and broken links and translation. This first PR refactors the description system to be more straight-forward, adds HTML generation functions for consistent field outputs (used in future commits), adds settings page description translation, and fixes a few other minor code issues. First of a few smaller PRs to replace #396
State generation, specifically cookie storage, needs to happen before any output. The previous arch was ok for login page generation but failed with a "headers already set" error if used in the shortcode. This addresses the issue by storing state earlier and getting the value later.
Originally was generating and setting a nonce value in a state object, then checking that nonce on return from Auth0 instead of checking the entire state parameter.
Adding get_lock_connections and add_lock_connection for working with separated options field. reordering option defaults, remove comments, add docblocks
This field was for an audience value used with the Management API. This value should never change and should not be user-configurable.
The dashboard widgets clutter the admin, do not display usable data, and create an unecessary maintenance burden. This functionality can easily be re-added via a plugin if necessary. This commit will remove the dashboard widgets output, remove related settings, and add TODOs for proper deprecation.
This commit will remove duplicate error messages when the plugin is not setup, use proper HTML format for error messages, and sanitize URL parameters that are output in messages.
Non-breaking change to centralize asset URLs and remove duplication
Setting names were incorrect, confusing in some cases, and used inconsistent capitalization. Rewrite setting names and adding proper translations. Add opt names to the settings array for more simple HTML output (upcoming PR). Add a filter to add or modify settings array.
Move the JS that POSTs auth data back to the WP site to it's own file. Better enqueuing for login JS and CSS.
Removes the passwordless method and CDN URL settings. Method is removed to simplify the wp-admin and move passwordless management to the Dashbaord. Passwordless URL is hard-coded to new combined Lock, removing the settings field to change that as well. Going forward, Lock will use the same library for both login form types. Also added a DB version bump and migration script to modify the connections setting so the login form will work as expected after a plugin update. Added a handful of TODOs that will be better suited for a future branch (same release).
…rocess for new installs
- Revise language throughout setup wizard - Stop forcing auto install - Do not show configuration nag on wizard page - Add `required` for various required form inputs - Add `password` input type where appropriate - Fix broken auto install button
Correcting input field height on settings pages for IE
Release 3.6.0 - CHANGELOG, version number, and WP.org readme
lbalmaceda
approved these changes
Jun 5, 2018
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎊
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
NOTES
Closed issues
oauth/ro
endpoint #410Added
Changed
Deprecated
Removed
Fixed