Version Description
- Fixed Bug: Reported by Wordfence research team issue with multi-role support https://github.com/aamplugin/advanced-access-manager/issues/138
- Changed: Simplify
aam/v2/authenticate
output https://github.com/aamplugin/advanced-access-manager/issues/139
Download this release
Release Info
Developer | vasyltech |
Plugin | Advanced Access Manager |
Version | 6.6.2 |
Comparing to | |
See all releases |
Code changes from version 6.6.1 to 6.6.2
- aam.php +2 -2
- application/Backend/Manager.php +9 -4
- application/Service/Jwt.php +11 -9
- application/Service/LoginRedirect.php +14 -7
- application/Service/SecureLogin.php +39 -9
- readme.txt +5 -1
aam.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
/**
|
4 |
* Plugin Name: Advanced Access Manager
|
5 |
* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
|
6 |
-
* Version: 6.6.
|
7 |
* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
* Author URI: https://vasyltech.com
|
9 |
* Text Domain: advanced-access-manager
|
@@ -264,7 +264,7 @@ if (defined('ABSPATH')) {
|
|
264 |
//define few common constants
|
265 |
define('AAM_MEDIA', plugins_url('/media', __FILE__));
|
266 |
define('AAM_KEY', 'advanced-access-manager');
|
267 |
-
define('AAM_VERSION', '6.6.
|
268 |
define('AAM_BASEDIR', __DIR__);
|
269 |
|
270 |
//load vendor
|
3 |
/**
|
4 |
* Plugin Name: Advanced Access Manager
|
5 |
* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
|
6 |
+
* Version: 6.6.2
|
7 |
* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
* Author URI: https://vasyltech.com
|
9 |
* Text Domain: advanced-access-manager
|
264 |
//define few common constants
|
265 |
define('AAM_MEDIA', plugins_url('/media', __FILE__));
|
266 |
define('AAM_KEY', 'advanced-access-manager');
|
267 |
+
define('AAM_VERSION', '6.6.2');
|
268 |
define('AAM_BASEDIR', __DIR__);
|
269 |
|
270 |
//load vendor
|
application/Backend/Manager.php
CHANGED
@@ -10,6 +10,7 @@
|
|
10 |
/**
|
11 |
* Backend manager
|
12 |
*
|
|
|
13 |
* @since 6.2.2 Added `manage_policies` and removed `blog_id` for the localized
|
14 |
* array of properties
|
15 |
* @since 6.2.0 Added new property to the JS localization `blog_id`
|
@@ -17,7 +18,7 @@
|
|
17 |
* @since 6.0.0 Initial implementation of the class
|
18 |
*
|
19 |
* @package AAM
|
20 |
-
* @version 6.
|
21 |
*/
|
22 |
class AAM_Backend_Manager
|
23 |
{
|
@@ -222,15 +223,19 @@ class AAM_Backend_Manager
|
|
222 |
*
|
223 |
* @return void
|
224 |
*
|
|
|
|
|
|
|
225 |
* @access public
|
226 |
-
* @version 6.
|
227 |
*/
|
228 |
public function profileUpdate($id)
|
229 |
{
|
230 |
$user = get_user_by('ID', $id);
|
231 |
|
232 |
-
|
233 |
-
|
|
|
234 |
$roles = filter_input(
|
235 |
INPUT_POST,
|
236 |
'aam_user_roles',
|
10 |
/**
|
11 |
* Backend manager
|
12 |
*
|
13 |
+
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/138
|
14 |
* @since 6.2.2 Added `manage_policies` and removed `blog_id` for the localized
|
15 |
* array of properties
|
16 |
* @since 6.2.0 Added new property to the JS localization `blog_id`
|
18 |
* @since 6.0.0 Initial implementation of the class
|
19 |
*
|
20 |
* @package AAM
|
21 |
+
* @version 6.6.2
|
22 |
*/
|
23 |
class AAM_Backend_Manager
|
24 |
{
|
223 |
*
|
224 |
* @return void
|
225 |
*
|
226 |
+
* @since 6.6.2 Fixed https://github.com/aamplugin/advanced-access-manager/issues/138
|
227 |
+
* @since 6.0.0 Initial implementation of the method
|
228 |
+
*
|
229 |
* @access public
|
230 |
+
* @version 6.6.2
|
231 |
*/
|
232 |
public function profileUpdate($id)
|
233 |
{
|
234 |
$user = get_user_by('ID', $id);
|
235 |
|
236 |
+
$is_multirole = AAM::api()->getConfig('core.settings.multiSubject', false);
|
237 |
+
|
238 |
+
if ($is_multirole && current_user_can('promote_user', $id)) {
|
239 |
$roles = filter_input(
|
240 |
INPUT_POST,
|
241 |
'aam_user_roles',
|
application/Service/Jwt.php
CHANGED
@@ -10,6 +10,7 @@
|
|
10 |
/**
|
11 |
* JWT Token service
|
12 |
*
|
|
|
13 |
* @since 6.6.1 https://github.com/aamplugin/advanced-access-manager/issues/136
|
14 |
* @since 6.6.0 https://github.com/aamplugin/advanced-access-manager/issues/129
|
15 |
* https://github.com/aamplugin/advanced-access-manager/issues/100
|
@@ -25,7 +26,7 @@
|
|
25 |
* @since 6.0.0 Initial implementation of the class
|
26 |
*
|
27 |
* @package AAM
|
28 |
-
* @version 6.6.
|
29 |
*/
|
30 |
class AAM_Service_Jwt
|
31 |
{
|
@@ -143,7 +144,7 @@ class AAM_Service_Jwt
|
|
143 |
|
144 |
return $args;
|
145 |
});
|
146 |
-
add_filter('aam_auth_response_filter', array($this, 'prepareLoginResponse'), 10,
|
147 |
|
148 |
// WP Core current user definition
|
149 |
add_filter('determine_current_user', array($this, 'determineUser'), PHP_INT_MAX);
|
@@ -392,25 +393,26 @@ class AAM_Service_Jwt
|
|
392 |
*
|
393 |
* @param array $response
|
394 |
* @param WP_REST_Request $request
|
|
|
395 |
*
|
396 |
* @return array
|
397 |
*
|
|
|
398 |
* @since 6.6.0 https://github.com/aamplugin/advanced-access-manager/issues/100
|
399 |
* @since 6.4.0 Added the ability to issue refreshable token
|
400 |
* @since 6.0.0 Initial implementation of the method
|
401 |
*
|
402 |
* @access public
|
403 |
-
* @version 6.6.
|
404 |
*/
|
405 |
-
public function prepareLoginResponse(
|
406 |
-
|
|
|
407 |
if ($request->get_param('issueJWT') === true) {
|
408 |
$refreshable = $request->get_param('refreshableJWT');
|
409 |
|
410 |
if ($refreshable) {
|
411 |
-
$refreshable = user_can(
|
412 |
-
$response['user']->ID, 'aam_issue_refreshable_jwt'
|
413 |
-
);
|
414 |
|
415 |
if ($refreshable === false) {
|
416 |
throw new Exception(
|
@@ -430,7 +432,7 @@ class AAM_Service_Jwt
|
|
430 |
});
|
431 |
}
|
432 |
|
433 |
-
$jwt = $this->issueToken($
|
434 |
|
435 |
$response['jwt'] = array(
|
436 |
'token' => $jwt->token,
|
10 |
/**
|
11 |
* JWT Token service
|
12 |
*
|
13 |
+
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/139
|
14 |
* @since 6.6.1 https://github.com/aamplugin/advanced-access-manager/issues/136
|
15 |
* @since 6.6.0 https://github.com/aamplugin/advanced-access-manager/issues/129
|
16 |
* https://github.com/aamplugin/advanced-access-manager/issues/100
|
26 |
* @since 6.0.0 Initial implementation of the class
|
27 |
*
|
28 |
* @package AAM
|
29 |
+
* @version 6.6.2
|
30 |
*/
|
31 |
class AAM_Service_Jwt
|
32 |
{
|
144 |
|
145 |
return $args;
|
146 |
});
|
147 |
+
add_filter('aam_auth_response_filter', array($this, 'prepareLoginResponse'), 10, 3);
|
148 |
|
149 |
// WP Core current user definition
|
150 |
add_filter('determine_current_user', array($this, 'determineUser'), PHP_INT_MAX);
|
393 |
*
|
394 |
* @param array $response
|
395 |
* @param WP_REST_Request $request
|
396 |
+
* @param WP_User $user
|
397 |
*
|
398 |
* @return array
|
399 |
*
|
400 |
+
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/139
|
401 |
* @since 6.6.0 https://github.com/aamplugin/advanced-access-manager/issues/100
|
402 |
* @since 6.4.0 Added the ability to issue refreshable token
|
403 |
* @since 6.0.0 Initial implementation of the method
|
404 |
*
|
405 |
* @access public
|
406 |
+
* @version 6.6.2
|
407 |
*/
|
408 |
+
public function prepareLoginResponse(
|
409 |
+
array $response, WP_REST_Request $request, $user
|
410 |
+
) {
|
411 |
if ($request->get_param('issueJWT') === true) {
|
412 |
$refreshable = $request->get_param('refreshableJWT');
|
413 |
|
414 |
if ($refreshable) {
|
415 |
+
$refreshable = user_can($user->ID, 'aam_issue_refreshable_jwt');
|
|
|
|
|
416 |
|
417 |
if ($refreshable === false) {
|
418 |
throw new Exception(
|
432 |
});
|
433 |
}
|
434 |
|
435 |
+
$jwt = $this->issueToken($user->ID, null, null, $refreshable);
|
436 |
|
437 |
$response['jwt'] = array(
|
438 |
'token' => $jwt->token,
|
application/Service/LoginRedirect.php
CHANGED
@@ -12,11 +12,12 @@
|
|
12 |
*
|
13 |
* @package AAM
|
14 |
*
|
|
|
15 |
* @since 6.5.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/98
|
16 |
* @since 6.4.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/76
|
17 |
* @since 6.0.0 Initial implementation of the class
|
18 |
*
|
19 |
-
* @version 6.
|
20 |
*/
|
21 |
class AAM_Service_LoginRedirect
|
22 |
{
|
@@ -72,16 +73,17 @@ class AAM_Service_LoginRedirect
|
|
72 |
*
|
73 |
* @return void
|
74 |
*
|
|
|
75 |
* @since 6.4.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/76
|
76 |
* @since 6.0.0 Initial implementation of the method
|
77 |
*
|
78 |
* @access protected
|
79 |
-
* @version 6.
|
80 |
*/
|
81 |
protected function initializeHooks()
|
82 |
{
|
83 |
// AAM Secure Login hooking
|
84 |
-
add_filter('aam_auth_response_filter', array($this, 'prepareLoginResponse'));
|
85 |
|
86 |
// WP Core login redirect hook
|
87 |
add_filter('login_redirect', array($this, 'getLoginRedirect'), 10, 3);
|
@@ -125,18 +127,23 @@ class AAM_Service_LoginRedirect
|
|
125 |
* This method hooks into the Secure Login redirect service and override the
|
126 |
* response for the Ajax login request
|
127 |
*
|
128 |
-
* @param array
|
|
|
|
|
129 |
*
|
130 |
* @return array
|
131 |
*
|
|
|
|
|
|
|
132 |
* @access public
|
133 |
* @see AAM_Service_SecureLogin::authenticate
|
134 |
-
* @version 6.
|
135 |
*/
|
136 |
-
public function prepareLoginResponse($response)
|
137 |
{
|
138 |
if (empty($response['redirect']) || ($response['redirect'] === admin_url())) {
|
139 |
-
$response['redirect'] = $this->getUserRedirect($
|
140 |
}
|
141 |
|
142 |
return $response;
|
12 |
*
|
13 |
* @package AAM
|
14 |
*
|
15 |
+
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/139
|
16 |
* @since 6.5.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/98
|
17 |
* @since 6.4.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/76
|
18 |
* @since 6.0.0 Initial implementation of the class
|
19 |
*
|
20 |
+
* @version 6.6.2
|
21 |
*/
|
22 |
class AAM_Service_LoginRedirect
|
23 |
{
|
73 |
*
|
74 |
* @return void
|
75 |
*
|
76 |
+
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/139
|
77 |
* @since 6.4.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/76
|
78 |
* @since 6.0.0 Initial implementation of the method
|
79 |
*
|
80 |
* @access protected
|
81 |
+
* @version 6.6.2
|
82 |
*/
|
83 |
protected function initializeHooks()
|
84 |
{
|
85 |
// AAM Secure Login hooking
|
86 |
+
add_filter('aam_auth_response_filter', array($this, 'prepareLoginResponse'), 10, 3);
|
87 |
|
88 |
// WP Core login redirect hook
|
89 |
add_filter('login_redirect', array($this, 'getLoginRedirect'), 10, 3);
|
127 |
* This method hooks into the Secure Login redirect service and override the
|
128 |
* response for the Ajax login request
|
129 |
*
|
130 |
+
* @param array $response
|
131 |
+
* @param WP_REST_Request $request
|
132 |
+
* @param WP_User $user
|
133 |
*
|
134 |
* @return array
|
135 |
*
|
136 |
+
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/139
|
137 |
+
* @since 6.0.0 Initial implementation of the method
|
138 |
+
*
|
139 |
* @access public
|
140 |
* @see AAM_Service_SecureLogin::authenticate
|
141 |
+
* @version 6.6.2
|
142 |
*/
|
143 |
+
public function prepareLoginResponse($response, $request, $user)
|
144 |
{
|
145 |
if (empty($response['redirect']) || ($response['redirect'] === admin_url())) {
|
146 |
+
$response['redirect'] = $this->getUserRedirect($user);
|
147 |
}
|
148 |
|
149 |
return $response;
|
application/Service/SecureLogin.php
CHANGED
@@ -10,6 +10,7 @@
|
|
10 |
/**
|
11 |
* Secure Login service
|
12 |
*
|
|
|
13 |
* @since 6.6.1 https://github.com/aamplugin/advanced-access-manager/issues/136
|
14 |
* @since 6.4.2 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/91
|
15 |
* @since 6.4.0 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/16.
|
@@ -19,7 +20,7 @@
|
|
19 |
* @since 6.0.0 Initial implementation of the class
|
20 |
*
|
21 |
* @package AAM
|
22 |
-
* @version 6.6.
|
23 |
*/
|
24 |
class AAM_Service_SecureLogin
|
25 |
{
|
@@ -211,13 +212,14 @@ class AAM_Service_SecureLogin
|
|
211 |
*
|
212 |
* @return WP_REST_Response
|
213 |
*
|
|
|
214 |
* @since 6.4.2 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/91
|
215 |
* @since 6.4.0 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/16
|
216 |
* @since 6.1.0 Enriched error response with more details
|
217 |
* @since 6.0.0 Initial implementation of the method
|
218 |
*
|
219 |
* @access public
|
220 |
-
* @version 6.
|
221 |
*/
|
222 |
public function authenticate(WP_REST_Request $request)
|
223 |
{
|
@@ -237,9 +239,9 @@ class AAM_Service_SecureLogin
|
|
237 |
try {
|
238 |
if (!is_wp_error($user)) {
|
239 |
$result = apply_filters('aam_auth_response_filter', array(
|
240 |
-
'user' => $user,
|
241 |
'redirect' => $request->get_param('redirect')
|
242 |
-
), $request);
|
243 |
} else {
|
244 |
$status = 403;
|
245 |
$result = array(
|
@@ -264,8 +266,11 @@ class AAM_Service_SecureLogin
|
|
264 |
*
|
265 |
* @return WP_REST_Response
|
266 |
*
|
|
|
|
|
|
|
267 |
* @access public
|
268 |
-
* @version 6.
|
269 |
*/
|
270 |
public function legacyAuthenticate(WP_REST_Request $request)
|
271 |
{
|
@@ -282,12 +287,12 @@ class AAM_Service_SecureLogin
|
|
282 |
// Making sure that token is issued
|
283 |
$request->set_param('issueJWT', true);
|
284 |
|
285 |
-
$
|
286 |
'aam_auth_response_filter',
|
287 |
-
array('user' => $user),
|
288 |
-
$request
|
|
|
289 |
);
|
290 |
-
$result = array_merge(array('user' => $user), $data['jwt']);
|
291 |
} else {
|
292 |
$status = 403;
|
293 |
$result = new WP_Error(
|
@@ -299,6 +304,31 @@ class AAM_Service_SecureLogin
|
|
299 |
return new WP_REST_Response($result, $status);
|
300 |
}
|
301 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
302 |
/**
|
303 |
* Intercept auth token generation and enhance security
|
304 |
*
|
10 |
/**
|
11 |
* Secure Login service
|
12 |
*
|
13 |
+
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/139
|
14 |
* @since 6.6.1 https://github.com/aamplugin/advanced-access-manager/issues/136
|
15 |
* @since 6.4.2 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/91
|
16 |
* @since 6.4.0 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/16.
|
20 |
* @since 6.0.0 Initial implementation of the class
|
21 |
*
|
22 |
* @package AAM
|
23 |
+
* @version 6.6.2
|
24 |
*/
|
25 |
class AAM_Service_SecureLogin
|
26 |
{
|
212 |
*
|
213 |
* @return WP_REST_Response
|
214 |
*
|
215 |
+
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/139
|
216 |
* @since 6.4.2 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/91
|
217 |
* @since 6.4.0 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/16
|
218 |
* @since 6.1.0 Enriched error response with more details
|
219 |
* @since 6.0.0 Initial implementation of the method
|
220 |
*
|
221 |
* @access public
|
222 |
+
* @version 6.6.2
|
223 |
*/
|
224 |
public function authenticate(WP_REST_Request $request)
|
225 |
{
|
239 |
try {
|
240 |
if (!is_wp_error($user)) {
|
241 |
$result = apply_filters('aam_auth_response_filter', array(
|
242 |
+
'user' => $this->prepareUserData($user),
|
243 |
'redirect' => $request->get_param('redirect')
|
244 |
+
), $request, $user);
|
245 |
} else {
|
246 |
$status = 403;
|
247 |
$result = array(
|
266 |
*
|
267 |
* @return WP_REST_Response
|
268 |
*
|
269 |
+
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/139
|
270 |
+
* @since 6.4.2 Initial implementation of the method
|
271 |
+
*
|
272 |
* @access public
|
273 |
+
* @version 6.6.2
|
274 |
*/
|
275 |
public function legacyAuthenticate(WP_REST_Request $request)
|
276 |
{
|
287 |
// Making sure that token is issued
|
288 |
$request->set_param('issueJWT', true);
|
289 |
|
290 |
+
$result = apply_filters(
|
291 |
'aam_auth_response_filter',
|
292 |
+
array('user' => $this->prepareUserData($user)),
|
293 |
+
$request,
|
294 |
+
$user
|
295 |
);
|
|
|
296 |
} else {
|
297 |
$status = 403;
|
298 |
$result = new WP_Error(
|
304 |
return new WP_REST_Response($result, $status);
|
305 |
}
|
306 |
|
307 |
+
/**
|
308 |
+
* Prepare user data that is returned
|
309 |
+
*
|
310 |
+
* @param WP_User $user
|
311 |
+
*
|
312 |
+
* @return array
|
313 |
+
*
|
314 |
+
* @access protected
|
315 |
+
* @version 6.6.2
|
316 |
+
*/
|
317 |
+
protected function prepareUserData($user) {
|
318 |
+
$response = array('data' => array());
|
319 |
+
|
320 |
+
$props = array(
|
321 |
+
'ID', 'user_login', 'user_nicename', 'display_name', 'user_url',
|
322 |
+
'user_email', 'user_registered'
|
323 |
+
);
|
324 |
+
|
325 |
+
foreach($props as $prop) {
|
326 |
+
$response['data'][$prop] = $user->{$prop};
|
327 |
+
}
|
328 |
+
|
329 |
+
return $response;
|
330 |
+
}
|
331 |
+
|
332 |
/**
|
333 |
* Intercept auth token generation and enhance security
|
334 |
*
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Tags: access control, membership, backend menu, user role, restricted content, s
|
|
4 |
Requires at least: 4.7.0
|
5 |
Requires PHP: 5.6.0
|
6 |
Tested up to: 5.5.0
|
7 |
-
Stable tag: 6.6.
|
8 |
|
9 |
All you need to manage access to WordPress websites on the frontend, backend and API levels for any role, user or visitors.
|
10 |
|
@@ -91,6 +91,10 @@ We take security and privacy very seriously, that is why there are several non-n
|
|
91 |
|
92 |
== Changelog ==
|
93 |
|
|
|
|
|
|
|
|
|
94 |
= 6.6.1 =
|
95 |
* Fixed Bug: register_rest_route was called incorrectly in WP 5.5 [https://github.com/aamplugin/advanced-access-manager/issues/136](https://github.com/aamplugin/advanced-access-manager/issues/136)
|
96 |
* Fixed Bug: When AAM is active, the Password Protected cannot be set [https://github.com/aamplugin/advanced-access-manager/issues/137](https://github.com/aamplugin/advanced-access-manager/issues/137)
|
4 |
Requires at least: 4.7.0
|
5 |
Requires PHP: 5.6.0
|
6 |
Tested up to: 5.5.0
|
7 |
+
Stable tag: 6.6.2
|
8 |
|
9 |
All you need to manage access to WordPress websites on the frontend, backend and API levels for any role, user or visitors.
|
10 |
|
91 |
|
92 |
== Changelog ==
|
93 |
|
94 |
+
= 6.6.2 =
|
95 |
+
* Fixed Bug: Reported by Wordfence research team issue with multi-role support [https://github.com/aamplugin/advanced-access-manager/issues/138](https://github.com/aamplugin/advanced-access-manager/issues/138)
|
96 |
+
* Changed: Simplify `aam/v2/authenticate` output [https://github.com/aamplugin/advanced-access-manager/issues/139](https://github.com/aamplugin/advanced-access-manager/issues/139)
|
97 |
+
|
98 |
= 6.6.1 =
|
99 |
* Fixed Bug: register_rest_route was called incorrectly in WP 5.5 [https://github.com/aamplugin/advanced-access-manager/issues/136](https://github.com/aamplugin/advanced-access-manager/issues/136)
|
100 |
* Fixed Bug: When AAM is active, the Password Protected cannot be set [https://github.com/aamplugin/advanced-access-manager/issues/137](https://github.com/aamplugin/advanced-access-manager/issues/137)
|