Login Security Solution - Version 0.8.0

Version Description

Fix logging user out a second time after WordPress expires cookies.
It turns out this plugin requires WordPress 3.3, not 3.0.
Tested under WordPress 3.3.2 regular and 3.4beta2 multisite.
Unit tests pass using PHP 5.4.0RC8-dev, 5.3.11-dev, and 5.2.18-dev.

Release Info

Developer	convissor
Plugin	Login Security Solution
Version	0.8.0
Comparing to
See all releases

Code changes from version 0.7.0 to 0.8.0

Files changed (3) hide show

login-security-solution.php +28 -2
readme.txt +8 -2
tests/IdleTest.php +63 -1

	@@ -6,7 +6,7 @@
6	* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
7	*
8	* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
9	- * Version: 0.7.0
10	* Author: Daniel Convissor
11	* Author URI: http://www.analysisandsolutions.com/
12	* License: GPLv2
	@@ -190,6 +190,7 @@ class login_security_solution {
190	if ($this->options['idle_timeout']) {
191	add_action('wp_login', array(&$this, 'delete_last_active'));
192	add_action('wp_logout', array(&$this, 'delete_last_active'));

193	}
194
195	if ($this->options['login_fail_breach_notify']
	@@ -286,6 +287,28 @@ class login_security_solution {
286	* ===== ACTION & FILTER CALLBACK METHODS =====
287	*/
288






















289	/**
290	* Redirects the current user to the login screen if their password
291	* is expired or needs to be reset
	@@ -373,7 +396,7 @@ class login_security_solution {
373	* NOTE: This method is automatically called by WordPress when users
374	* log in or out.
375	*
376	- * @return ~~bool\|null~~ ~~null~~ if ~~$user_ID~~ ~~and~~ ~~$user_name~~ ~~are unknown~~
377	*/
378	public function delete_last_active() {
379	global $user_ID, $user_name;
	@@ -383,6 +406,9 @@ class login_security_solution {
383	return;
384	}
385	$user = get_user_by('login', $user_name);



386	$user_ID = $user->ID;
387	}
388


6	* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
7	*
8	* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
9	+ * Version: 0.8.0
10	* Author: Daniel Convissor
11	* Author URI: http://www.analysisandsolutions.com/
12	* License: GPLv2

190	if ($this->options['idle_timeout']) {
191	add_action('wp_login', array(&$this, 'delete_last_active'));
192	add_action('wp_logout', array(&$this, 'delete_last_active'));
193	+ add_action('auth_cookie_expired', array(&$this, 'auth_cookie_expired'));
194	}
195
196	if ($this->options['login_fail_breach_notify']

287	* ===== ACTION & FILTER CALLBACK METHODS =====
288	*/
289
290	+ /**
291	+ * Removes the current user's last active time metadata
292	+ *
293	+ * NOTE: This method is automatically called by WordPress when a user's
294	+ * cookie has expired.
295	+ *
296	+ * @param array $cookie_elements the auth cookie data
297	+ * @return mixed return values provided for unit testing
298	+ */
299	+ public function auth_cookie_expired($cookie_elements) {
300	+ if (empty($cookie_elements['username'])) {
301	+ return;
302	+ }
303	+
304	+ $user = get_user_by('login', $cookie_elements['username']);
305	+ if (! $user instanceof WP_User) {
306	+ return -1;
307	+ }
308	+
309	+ return delete_user_meta($user->ID, $this->umk_last_active);
310	+ }
311	+
312	/**
313	* Redirects the current user to the login screen if their password
314	* is expired or needs to be reset

396	* NOTE: This method is automatically called by WordPress when users
397	* log in or out.
398	*
399	+ * @return mixed return values provided for unit testing
400	*/
401	public function delete_last_active() {
402	global $user_ID, $user_name;

406	return;
407	}
408	$user = get_user_by('login', $user_name);
409	+ if (! $user instanceof WP_User) {
410	+ return -1;
411	+ }
412	$user_ID = $user->ID;
413	}
414

readme.txt CHANGED Viewed

	@@ -2,9 +2,9 @@
2	Contributors: convissor
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: login, password, idle, timeout, maintenance, security, attack, hack, lock, ban
5	- Requires at least: 3.0
6	Tested up to: 3.4beta2
7	- Stable tag: 0.7.0
8
9	Security against brute force attacks by tracking IP, name, password;
10	requiring very strong passwords. Idle timeout. Maintenance mode. Multisite
	@@ -255,6 +255,12 @@ then `cd` into that directory and run:
255
256	== Changelog ==
257






258	= 0.7.0 =
259	* The "lost your password" process now validates passwords.
260	* Tested under WordPress 3.3.1 regular and 3.4beta2 multisite.


2	Contributors: convissor
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danielc%40analysisandsolutions%2ecom&lc=US&item_name=Donate%3a%20Login%20Security%20Solution&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: login, password, idle, timeout, maintenance, security, attack, hack, lock, ban
5	+ Requires at least: 3.3
6	Tested up to: 3.4beta2
7	+ Stable tag: 0.8.0
8
9	Security against brute force attacks by tracking IP, name, password;
10	requiring very strong passwords. Idle timeout. Maintenance mode. Multisite

255
256	== Changelog ==
257
258	+ = 0.8.0 =
259	+ * Fix logging user out a second time after WordPress expires cookies.
260	+ * It turns out this plugin requires WordPress 3.3, not 3.0.
261	+ * Tested under WordPress 3.3.2 regular and 3.4beta2 multisite.
262	+ * Unit tests pass using PHP 5.4.0RC8-dev, 5.3.11-dev, and 5.2.18-dev.
263	+
264	= 0.7.0 =
265	* The "lost your password" process now validates passwords.
266	* Tested under WordPress 3.3.1 regular and 3.4beta2 multisite.

tests/IdleTest.php CHANGED Viewed

@@ -23,6 +23,9 @@ require_once dirname(__FILE__) .  '/TestCase.php';
              * @license http://www.gnu.org/licenses/gpl-2.0.html GPLv2
              */
             class IdleTest extends TestCase {
             	public static function setUpBeforeClass() {
             		parent::$db_needed = true;
             		parent::set_up_before_class();
@@ -95,7 +98,10 @@ class IdleTest extends TestCase {
             		);
             		$this->assertSame(1, $actual, 'Could not insert sample record.');
-            -
            		$actual = self::$lss->set_last_active($wpdb->insert_id);
             		$this->assertInternalType('integer', $actual, 'Set last active...');
             		$user_ID = null;
@@ -104,6 +110,62 @@ class IdleTest extends TestCase {
             		$this->assertTrue($actual, 'Delete last active...');
+            	}
             	/*
             	 * IS IDLE
             	 */


23	* @license http://www.gnu.org/licenses/gpl-2.0.html GPLv2
24	*/
25	class IdleTest extends TestCase {
26	+ protected static $user_ID;
27	+
28	+
29	public static function setUpBeforeClass() {
30	parent::$db_needed = true;
31	parent::set_up_before_class();

98	);
99	$this->assertSame(1, $actual, 'Could not insert sample record.');
100
101	+ // Save this for later use.
102	+ self::$user_ID = $wpdb->insert_id;
103	+
104	+ $actual = self::$lss->set_last_active(self::$user_ID);
105	$this->assertInternalType('integer', $actual, 'Set last active...');
106
107	$user_ID = null;

110	$this->assertTrue($actual, 'Delete last active...');
111	}
112
113	+ /**
114	+ * @depends test_delete_last_active__user_name
115	+ */
116	+ public function test_delete_last_active__user_name_unknown() {
117	+ global $user_ID, $user_name;
118	+
119	+ $actual = self::$lss->set_last_active(self::$user_ID);
120	+ $this->assertInternalType('integer', $actual, 'Set last active...');
121	+
122	+ $user_ID = null;
123	+ $user_name = 'nowaycanthisnameexistokayprettyplease';
124	+ $actual = self::$lss->delete_last_active();
125	+ $this->assertEquals(-1, $actual, 'Delete last active...');
126	+ }
127	+
128	+ /*
129	+ * AUTH COOKIE EXPIRED
130	+ */
131	+
132	+ /**
133	+ * @depends test_delete_last_active__user_name
134	+ */
135	+ public function test_auth_cooke_expired__user_name_unknown() {
136	+ $cookie_elements = array(
137	+ 'username' => 'nowaycanthisnameexistokayprettyplease',
138	+ );
139	+ $actual = self::$lss->auth_cookie_expired($cookie_elements);
140	+ $this->assertEquals(-1, $actual, 'auth_cookie_expired');
141	+ }
142	+
143	+ /**
144	+ * @depends test_delete_last_active__user_name_unknown
145	+ */
146	+ public function test_auth_cookie_expired__normal() {
147	+ global $user_ID, $user_name, $wpdb;
148	+
149	+ $actual = self::$lss->get_last_active(self::$user_ID);
150	+ $this->assertInternalType('integer', $actual, 'get_last_active');
151	+ $this->assertGreaterThan(0, $actual, 'get_last_active');
152	+
153	+ $cookie_elements = array(
154	+ 'username' => $this->user->user_login,
155	+ );
156	+ $actual = self::$lss->auth_cookie_expired($cookie_elements);
157	+ $this->assertTrue($actual, 'auth_cookie_expired');
158	+
159	+ $actual = self::$lss->get_last_active(self::$user_ID);
160	+ $this->assertSame(0, $actual, 'get_last_active');
161	+ }
162	+
163	+ public function test_auth_cooke_expired__user_name_empty() {
164	+ $cookie_elements = array();
165	+ $actual = self::$lss->auth_cookie_expired($cookie_elements);
166	+ $this->assertNull($actual, 'auth_cookie_expired');
167	+ }
168	+
169	/*
170	* IS IDLE
171	*/