From c5c38ba03045837f832fd2da3eaf6000e61f6a76 Mon Sep 17 00:00:00 2001 From: r-a-y Date: Mon, 12 Oct 2020 17:39:20 -0700 Subject: [PATCH 1/2] Use the current session token when setting the auth cookies. Fixes issue when logging out from the mapped domain. Fixes #14. --- sso.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sso.php b/sso.php index 74fcdca..77cfbfe 100644 --- a/sso.php +++ b/sso.php @@ -471,6 +471,7 @@ function get_login_url( $user, $args ) { 'action' => ACTION_LOGIN, 'key' => $key, 'nonce' => create_shared_nonce( 'mercator-sso-login|' . $key ), + 'token' => wp_get_session_token(), ); $admin_url = get_admin_url( $args['site'], 'admin-ajax.php', 'relative' ); $admin_url = add_query_arg( urlencode_deep( $url_args ), $admin_url ); @@ -554,7 +555,7 @@ function handle_login_response() { } wp_set_current_user( $token['user'] ); - wp_set_auth_cookie( $token['user'], true ); + wp_set_auth_cookie( $token['user'], true, '', $args['token'] ); // Logged in, return to sender. wp_redirect( $token['back'] ); From adb3e91fedc78ce7381391b2c8c56514e12f0de8 Mon Sep 17 00:00:00 2001 From: r-a-y Date: Tue, 20 Oct 2020 00:48:25 -0700 Subject: [PATCH 2/2] SSO: Ensure custom 'token' parameter is fetched during login response. See related commit c5c38ba. --- sso.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sso.php b/sso.php index 77cfbfe..f55f084 100644 --- a/sso.php +++ b/sso.php @@ -490,7 +490,7 @@ function get_login_url( $user, $args ) { * with an authentication token. */ function handle_login_response() { - $arg_keys = array( 'nonce', 'key' ); + $arg_keys = array( 'nonce', 'key', 'token' ); $args = array(); foreach ( $arg_keys as $key ) { $args[ $key ] = empty( $_GET[ $key ] ) ? '' : wp_unslash( $_GET[ $key ] );