openid-connect-generic icon indicating copy to clipboard operation
openid-connect-generic copied to clipboard

Published 20 hours ago verified publisher icon oidc-wp

Exclude pages on "enforce_privacy" sites

Open cfoellmann opened this issue 2 years ago • 8 comments

I would like to exclude single sites from the login enforcement (enforce_private = 1) but the action template_redirect is pretty hard/impossible to manipulate.

Anyone know a way to conditionally remove the action? is_page is not available in that context.

cfoellmann avatar Aug 15 '23 13:08 cfoellmann

My idea would be to add this filter:

public function enforce_privacy_redirect() {
if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
	// The client endpoint relies on the wp-admin ajax endpoint.
	if ( ! defined( 'DOING_AJAX' ) || ! constant( 'DOING_AJAX' ) || ! isset( $_GET['action'] ) || 'openid-connect-authorize' != $_GET['action'] ) {
		$exclude = apply_filters( 'openid-connect-generic-exclude-auth', false );
		if ( ! $exclude ) {	
			auth_redirect();
		}
	}
}

This does not work!

cfoellmann avatar Aug 15 '23 14:08 cfoellmann

You mention "single sites" so does this mean you are trying to do this on a Multi site instance?

timnolte avatar Aug 15 '23 15:08 timnolte

Sorry for the wrong choice of words. I meant page.

We run a intranet site that requires the users to be logged in obviously. But I want to conditionally allow access to pages for anonymous visitors.

I need to

  • make one page (with a gravity form) open to all anonymous (filtered by page id)
  • make two pages (with a gravity form) open to all anonymous (filtered by page id) + LAN ip for a kiosk display and public tablet

cfoellmann avatar Aug 16 '23 05:08 cfoellmann

@timnolte any idea to get this integrated? I am at the moment modifying the function in the plugin which gets killed by updates.

public function enforce_privacy_redirect() {
		if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
			// The client endpoint relies on the wp-admin ajax endpoint.
			if ( ! defined( 'DOING_AJAX' ) || ! constant( 'DOING_AJAX' ) || ! isset( $_GET['action'] ) || 'openid-connect-authorize' != $_GET['action'] ) {
				$exclude = is_page(array(144,194,5,));
				// $exclude = apply_filters( 'openid-connect-generic-exclude-auth', false );
				if ( ! $exclude ) {
					auth_redirect();
				}
			}
		}
	}

if I use that intended filter the is_page() function is not available at that point.

cfoellmann avatar Apr 17 '24 10:04 cfoellmann

@cfoellmann hmm, that doesn't make sense that is_page() isn't available when the filter is used.

timnolte avatar Apr 17 '24 11:04 timnolte

it is not available in a mu-plugins/ plugin

cfoellmann avatar Apr 17 '24 11:04 cfoellmann

Can I go via another action to fire the filter later from within the must-use plugin code?

cfoellmann avatar Apr 17 '24 11:04 cfoellmann