Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2622921

Timestamp:

11/01/2021 05:46:07 PM (4 years ago)

Author:

cryptium

Message:

fix: realm not found error when connecting to LoginShield account

Location:

loginshield/trunk

Files:

: 5 edited

README.txt (modified) (6 diffs)
admin/class-loginshield-admin.php (modified) (2 diffs)
admin/js/loginshield-admin.js (modified) (1 diff)
includes/class-loginshield-activator.php (modified) (1 diff)
loginshield.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

loginshield/trunk/README.txt

-                      r2598262
+                      r2622921
 License: GPLv2
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Stable tag: v1.0.13
+Stable tag: v1.0.14
 LoginShield for WordPress is a more secure login for WordPress sites. It's easy to use and protects users against password and phishing attacks.
+LoginShield for WordPress is the secure and convenient way to login to your WordPress site. It's easy to use and protects users against password and phishing attacks.
 == Description ==
 …
 = Self-service activation =
+After you install and set up the LoginShield plugin, users can easily
+activate LoginShield for themselves in their profile settings page.
+After you install and set up the LoginShield plugin, users can easily activate LoginShield for themselves in their profile settings page.
 = One-tap login =
 …
 = Digital signatures =
+Some of the most common ways that accounts are hacked are weak passwords and
+stolen passwords. This is why so many sites require users to come up with
+passwords that have special characters, and to change their passwords periodically
+(in case a current password was reused somewhere and cracked). But this is
+annoying to users and doesn't guarantee they will actually pick a secure password.
+Some of the most common ways that accounts are hacked are weak passwords and stolen passwords. This is why so many sites require users to come up with passwords that have special characters, and to change their passwords periodically (in case a current password was reused somewhere and cracked). But this is annoying to users and doesn't guarantee they will actually pick a secure password.
+LoginShield uses digital signatures for authentication instead of passwords.
+This makes LoginShield a passwordless authentication system.
+LoginShield uses digital signatures for authentication instead of passwords. This makes LoginShield a passwordless authentication system.
+Digital signatures are far stronger protection for an account than passwords,
+and they don't require the user to come up with anything or remember anything.
+LoginShield automatically generates and uses a separate credential for each
+website, so you can use the same LoginShield app to login to multiple sites.
+Digital signatures are far stronger protection for an account than passwords, and they don't require the user to come up with anything or remember anything. LoginShield automatically generates and uses a separate credential for each website, so you can use the same LoginShield app to login to multiple sites.
+LoginShield uses strong, modern cryptographic algorithms and parameters to
+ensure your accounts get the best protection available.
+LoginShield uses strong, modern cryptographic algorithms and parameters to ensure your accounts get the best protection available.
 = Strong multi-factor authentication =
+The LoginShield app itself can be protected by a password (which never leaves
+the mobile device) or a fingerprint. This is far better protection than the
+standard two-factor authentication that many sites use.
+The LoginShield app itself can be protected by a password (which never leaves the mobile device) or a fingerprint. This is far better protection than the standard two-factor authentication that many sites use.
 For more information, read about [authentication factors](https://loginshield.com/article/authentication-factors/).
 …
 LoginShield is the ONLY authentication solution to offer phishing protection.
+Many data breaches start with a phishing email, tricking the user to log in to
+the attacker's website that is impersonating the real website. Any website that
+uses passwords to log in is vulnerable to this.
+Many data breaches start with a phishing email, tricking the user to log in to the attacker's website that is impersonating the real website. Any website that uses passwords to log in is vulnerable to this.
+Websites that use standard
+two-factor authentication codes are also vulnerable -- whether they send the code
+via SMS or use an OTP app to display it, the fact that you enter that code into
+the website after the password prompt means a phishing attacker will also get the
+code.
+Websites that use standard two-factor authentication codes are also vulnerable -- whether they send the code via SMS or use an OTP app to display it, the fact that you enter that code into the website after the password prompt means a phishing attacker will also get the code.
+Websites that use an authenticator app with push notifications are ALSO
+vulnerable to this, because they don't confirm that you're at the correct website
+when you tap the "login" button in the app.
+Websites that use an authenticator app with push notifications are ALSO vulnerable to this, because they don't confirm that you're at the correct website when you tap the "login" button in the app.
+Only LoginShield is able to detect that the user is not at a trusted website
+and route the user to the correct website, completely circumventing a credential-theft
+phishing attack.
+Only LoginShield is able to detect that the user is not at a trusted website and route the user to the correct website, completely circumventing a credential-theft phishing attack.
 For more information, read about [phishing protection](https://loginshield.com/article/phishing-protection/).
 …
 == Changelog ==
+= 1.0.14 =
+* Fix: realm not found error when connecting to LoginShield account
 = 1.0.13 =
 …
 = User Name and Email =
 When a user activates LoginShield in their profile settings, their name and email address are sent to LoginShield to register the user.
 This information is later used by LoginShield for service-related communication with the user, such as our phishing protection feature. We DO NOT sell or share this information with anyone else, except as required by law. If the user deactivates LoginShield, and wants to delete this information, the user can visit [https://loginshield.com](https://loginshield.com) to delete their LoginShield account.

loginshield/trunk/admin/class-loginshield-admin.php

-                      r2517999
+                      r2622921
         // Initialize settings
-        add_action( 'admin_init', array( $this,'loginshield_settings_register' ) );
         add_action( 'admin_init', array( $this,'loginshield_activation_redirect' ) );
 …
+    }
     /**
      * Redirects the user after plugin activation. The redirect happens only under the

loginshield/trunk/admin/js/loginshield-admin.js

-                      r2515142
+                      r2622921
     checkRealmStatus: async function() {
+      const response = await this.handleCheckRealmStatus();
+      const { status, error, message, realmId } = response;
+      if (status === 'success') {
+        console.info(message);
+        this.showNormalForm();
+        this.$realmIdText.text(realmId);
+        return;
+      }
+      if (error) {
+        console.info(message);
+        this.showAccessRequestForm();
+      try {
+          const response = await this.handleCheckRealmStatus();
+          const { status, error, message, realmId } = response;
+          if (status === 'success') {
+            console.info(message);
+            this.showNormalForm();
+            this.$realmIdText.text(realmId);
+            return;
+          }
+          if (error) {
+            console.info(message);
+            this.showAccessRequestForm();
+          }
+      } catch (err) {
+          console.error('checkRealmStatus failed', err);
+          this.showAccessRequestForm();
+      }
     },

loginshield/trunk/includes/class-loginshield-activator.php

-                      r2515142
+                      r2622921
     public static function activate() {
         /**
+         * Create options if they don't already exist. Existing options will not be updated.
+         */
+        add_option( 'loginshield_realm_id' );
+        add_option( 'loginshield_access_token' );
+        add_option( 'loginshield_access_token_not_after' );
+        add_option( 'loginshield_refresh_token' );
+        add_option( 'loginshield_refresh_token_not_after' );
+        add_option( 'loginshield_webauthz_discovery_uri' );
+        add_option( 'loginshield_webauthz_register_uri' );
+        add_option( 'loginshield_webauthz_request_uri' );
+        add_option( 'loginshield_webauthz_exchange_uri' );
+        add_option( 'loginshield_client_id' );
+        add_option( 'loginshield_client_token' );
+        add_option( 'loginshield_realm' );
+        add_option( 'loginshield_scope' );
+        add_option( 'loginshield_path' );
+        add_option( 'loginshield_client_state' );
+        add_option( 'loginshield_login_page' );
+        /**
          * Create LoginShield Login Page.
+         *

loginshield/trunk/loginshield.php

-                      r2598262
+                      r2622921
  * Plugin URI:        https://loginshield.com
  * Description:       LoginShield for WordPress is a more secure login for WordPress sites. It's easy to use and protects users against password and phishing attacks.
  * Version:           1.0.13
+ * Version:           1.0.14
  * Author:            Cryptium
  * Author URI:        https://cryptium.com
 …
  * Current plugin version, in accordance with https://semver.org
  */
 define( 'LOGINSHIELD_VERSION', '1.0.13' );
+define( 'LOGINSHIELD_VERSION', '1.0.14' );
 /**

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory