feat(Sessions): Add remember me feature via a filter (#513)

* Add remember me feature via a filter Signed-off-by: Menno van den Ende <[email protected]> * fix phpcs errors * add unit test --------- Signed-off-by: Menno van den Ende <[email protected]> Co-authored-by: Tim Nolte <[email protected]>
oidc-wp · Mar 17, 2024 · b00f7ca · b00f7ca
1 parent c59faf0
commit b00f7ca
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/includes/openid-connect-generic-client-wrapper.php b/includes/openid-connect-generic-client-wrapper.php
@@ -672,16 +672,19 @@ public function login_user( $user, $token_response, $id_token_claim, $user_claim
 		// Allow plugins / themes to take action using current claims on existing user (e.g. update role).
 		do_action( 'openid-connect-generic-update-user-using-current-claim', $user, $user_claim );
 
+		$remember_me = apply_filters( 'openid-connect-generic-remember-me', false, $user, $token_response, $id_token_claim, $user_claim, $subject_identity );
+		$expiration_days = $remember_me ? 14 : 2;
+
 		// Create the WP session, so we know its token.
-		$expiration = time() + apply_filters( 'auth_cookie_expiration', 2 * DAY_IN_SECONDS, $user->ID, false );
+		$expiration = time() + apply_filters( 'auth_cookie_expiration', $expiration_days * DAY_IN_SECONDS, $user->ID, false );
 		$manager = WP_Session_Tokens::get_instance( $user->ID );
 		$token = $manager->create( $expiration );
 
 		// Save the refresh token in the session.
 		$this->save_refresh_token( $manager, $token, $token_response );
 
 		// you did great, have a cookie!
-		wp_set_auth_cookie( $user->ID, false, '', $token );
+		wp_set_auth_cookie( $user->ID, $remember_me, '', $token );
 		do_action( 'wp_login', $user->user_login, $user );
 	}
 

diff --git a/tests/phpunit/includes/openid-connect-generic-client-wrapper_test.php b/tests/phpunit/includes/openid-connect-generic-client-wrapper_test.php
@@ -17,6 +17,8 @@ class OpenID_Connect_Generic_Client_Wrapper_Test extends WP_UnitTestCase {
 	 */
 	public function setUp(): void {
 
+		$this->client_wrapper = OpenID_Connect_Generic::instance()->client_wrapper;
+
 		parent::setUp();
 
 	}
@@ -43,4 +45,26 @@ public function test_plugin_client_wrapper_alternate_redirect_uri_parse_request(
 
 	}
 
+	public function test_plugin_client_wrapper_remember_me() {
+		// Set the remember me option to true
+		add_filter( 'openid-connect-generic-remember-me', '__return_true' );
+
+		// Create a user and log in using the login function of the client wrapper
+		$user = $this->factory()->user->create_and_get( array( 'user_login' => 'test-remember-me-user' ) );
+		$this->client_wrapper->login_user( $user, array(
+			'expires_in' => 14 * HOUR_IN_SECONDS, // This does not influence the length of the cookie
+		), array(), array(), '' );
+
+		// Retrieve the session tokens
+		$manager = WP_Session_Tokens::get_instance( $user->ID );
+		$token = $manager->get_all()[0];
+
+		// Assert if the token is set to expire in 14 days, with some seconds as a timing margin
+		$this->assertGreaterThan( time() + 13 * DAY_IN_SECONDS, $token['expiration'] );
+		$this->assertLessThan( time() + 15 * DAY_IN_SECONDS, $token['expiration'] );
+
+		// Reset the remember me option
+		remove_filter( 'openid-connect-generic-remember-me', '__return_true' );
+	}
+
 }