Changeset 9941 for sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

Timestamp:

05/29/2020 03:14:48 AM (5 years ago)

Author:

dd32

Message:

Login: Add remote-login functionality to the SSO login code.

This will allow for instances of WordPress in the WordPress.org network (and using it's user tables) to login via login.wordpress.org.

See #5239.

File:

• sites/trunk/common/includes/wporg-sso/class-wporg-sso.php (modified) (5 diffs)

sites/trunk/common/includes/wporg-sso/class-wporg-sso.php

@@ -2 +2 @@
 if ( ! class_exists( 'WPOrg_SSO' ) ) {
     /**
-     * Single Sign-On (SSO) handling for WordPress/bbPress instances under *.wordpress.org.
+     * Single Sign-On (SSO) handling for WordPress/bbPress instances on wordpress.org.
      *
      * @author stephdau
@@ -10 +10 @@
 
         const SUPPORT_EMAIL = 'forum-password-resets@wordpress.org';
+
+        const VALID_HOSTS = [
+            'wordpress.org',
+            'bbpress.org',
+            'buddypress.org',
+            'wordcamp.org'
+        ];
 
         public $sso_host_url;
@@ -76 +83 @@
             }
 
+            if ( ! preg_match( '!wordpress\.org$!', $this->host ) ) {
+                $login_url = add_query_arg( 'from', $this->host, $login_url );
+            }
+
             return $login_url;
 
@@ -117 +128 @@
                 // We didn't get a redirect_to, but we got a referrer, use that if a valid target.
                 $redirect_to_referrer = $_SERVER['HTTP_REFERER'];
-                if ( $this->_is_valid_targeted_domain( $redirect_to_referrer ) ) {
+                if ( $this->_is_valid_targeted_domain( $redirect_to_referrer ) && self::SSO_HOST != parse_url( $redirect_to_referrer, PHP_URL_HOST ) ) {
                     $redirect_to = $redirect_to_referrer;
                 }
-            } else {
+            } elseif ( self::SSO_HOST !== $this->host ) {
                 // Otherwise, attempt to guess the parent dir of where they came from and validate that.
                 $redirect_to_source_parent = preg_replace( '/\/[^\/]+\.php\??.*$/', '/', "https://{$this->host}{$_SERVER['REQUEST_URI']}" );
@@ -132 +143 @@
 
         /**
-         * Tests if the passed host/domain, or URL, is part of the WordPress.org domain.
+         * Tests if the passed host/domain, or URL, is part of the WordPress.org network.
          *
-         * @param unknown $string A domain, hostname, or URL
+         * @param unknown $host A domain, hostname, or URL
          * @return boolean True is ok, false if not
          */
-        protected function _is_valid_targeted_domain( $string ) {
-            if ( empty( $string ) || ! is_string( $string ) ) {
-                $string = '';
+        protected function _is_valid_targeted_domain( $host ) {
+            if ( empty( $host ) || ! is_string( $host ) || ! strstr( $host, '.' ) ) {
+                return false;
             }
 
-            if ( strstr( $string , '/' ) ) {
-                $url = parse_url( $string );
-                $host = ( ! empty( $url['host'] ) ) ? $url['host'] : '';
-            } else {
-                $host = $string;
+            if ( strstr( $host, '/' ) ) {
+                $host = parse_url( $host, PHP_URL_HOST );
             }
 
-            if ( ! empty( $host ) && strstr( $host , '.' ) ) {
-                return ( preg_match( '/^(.+\.)?wordpress\.org$/', $host ) ) ? true : false;
+            if ( in_array( $host, self::VALID_HOSTS, true ) ) {
+                return true;
             }
 
-            return false;
+            // If not a top-level domain, shrink it down and try again.
+            $top_level_host = implode( '.', array_slice( explode( '.', $host ), -2 ) );
+
+            return in_array( $top_level_host, self::VALID_HOSTS, true );
         }