[SITE-5067] Fix SimpleSAMLphp warnings showing for OneLogin/internal connector users (#445)

* update readme and changelog
* refactor scenarios
* Add more early returns

---------

Co-authored-by: Pantheon Robot <bot@getpantheon.com>
Co-authored-by: Phil Tyler <phil.tyler@pantheon.io>

Author: 3 people

README.md

@@ -1,5 +1,5 @@
 # WP SAML Auth #
-**Contributors:** [getpantheon](https://profiles.wordpress.org/getpantheon/), [danielbachhuber](https://profiles.wordpress.org/danielbachhuber/), [outlandish-josh](https://profiles.wordpress.org/outlandish-josh/), [jazzs3quence](https://profiles.wordpress.org/jazzs3quence/), [lcatlett](https://profiles.wordpress.org/lcatlett/)  
+**Contributors:** [getpantheon](https://profiles.wordpress.org/getpantheon/), [danielbachhuber](https://profiles.wordpress.org/danielbachhuber/), [outlandish-josh](https://profiles.wordpress.org/outlandish-josh/), [jazzs3quence](https://profiles.wordpress.org/jazzs3quence/), [lcatlett](https://profiles.wordpress.org/lcatlett/), [AnaisPantheor](https://profiles.wordpress.org/AnaisPantheor/)  
 **Tags:** authentication, SAML  
 **Requires at least:** 6.4  
 **Tested up to:** 6.9  

inc/class-wp-saml-auth.php

@@ -715,7 +715,7 @@ public function action_admin_notices() {
 		$simplesamlphp_version_status = $this->check_simplesamlphp_version( $simplesamlphp_version );
 		$plugin_page = 'https://wordpress.org/plugins/wp-saml-auth';
 
-		// Using 'internal' (default) connection type.
+		// Scenario 1 - Using 'internal' (default) connection type.
 		if ( 'internal' === $connection_type ) {
 			if ( file_exists( WP_SAML_AUTH_AUTOLOADER ) ) {
 				require_once WP_SAML_AUTH_AUTOLOADER;
@@ -738,10 +738,18 @@ public function action_admin_notices() {
 					]
 				);
 			}
+			return;
+		}
+
+		// Early return if not using SimpleSAMLphp connection type.
+		if ( 'simplesamlphp' !== $connection_type ) {
+			return;
 		}
 
-		// If we have a SimpleSAMLphp version but the connection type is set, we haven't set up SimpleSAMLphp correctly.
-		if ( ! $simplesamlphp_version && $connection_type === 'simplesamlphp' ) {
+		// All scenarios below are for SimpleSAMLphp connection type.
+
+		// Scenario 2 - If we do not have a SimpleSAMLphp version, we haven't set up SimpleSAMLphp correctly.
+		if ( ! $simplesamlphp_version ) {
 			// Only show this notice if we're on the settings page.
 			if ( ! isset( $_GET['page'] ) || $_GET['page'] !== 'wp-saml-auth-settings' ) {
 				return;
@@ -761,71 +769,75 @@ public function action_admin_notices() {
 					],
 				]
 			);
+			return;
 		}
 
-		// Check SimpleSAMLphp version.
-		if ( $simplesamlphp_version !== false ) {
-			if ( 'critical' === $simplesamlphp_version_status && $connection_type === 'simplesamlphp' ) {
-				$min_version = self::get_option( 'critical_simplesamlphp_version' );
-				wp_admin_notice(
-					sprintf(
-						// Translators: 1 is the installed version of SimpleSAMLphp, 2 is the minimum version and 3 is the most secure version.
-						__( '<strong>Security Alert:</strong> The SimpleSAMLphp version used by the WP SAML Auth plugin (%1$s) has a critical security vulnerability (CVE-2023-26881). Please update to version %2$s or later. <a href="%3$s">Learn more</a>.', 'wp-saml-auth' ),
-						esc_html( $simplesamlphp_version ),
-						esc_html( $min_version ),
-						esc_url( admin_url( 'options-general.php?page=wp-saml-auth-settings' ) )
-					),
-					[
-						'type' => 'error',
-						'dismissible' => false,
-						'attributes' => [
-							'data-slug' => 'wp-saml-auth',
-							'data-type' => 'simplesamlphp-critical-vulnerability',
-						],
-					]
-				);
-			} elseif ( 'warning' === $simplesamlphp_version_status && $connection_type === 'simplesamlphp' ) {
-				$min_version = self::get_option( 'min_simplesamlphp_version' );
-				wp_admin_notice(
-					sprintf(
-						// Translators: 1 is the installed version of SimpleSAMLphp, 2 is the minimum version and 3 is the most secure version.
-						__( '<strong>Security Recommendation:</strong> The  SimpleSAMLphp version used by the WP SAML Auth plugin (%1$s) is older than the recommended secure version. Please consider updating to version %2$s or later. <a href="%3$s">Learn more</a>.', 'wp-saml-auth' ),
-						esc_html( $simplesamlphp_version ),
-						esc_html( $min_version ),
-						esc_url( admin_url( 'options-general.php?page=wp-saml-auth-settings' ) )
-					),
-					[
-						'type' => 'warning',
-						'dismissible' => true,
-						'attributes' => [
-							'data-slug' => 'wp-saml-auth',
-							'data-type' => 'simplesamlphp-version-warning',
-						],
-					]
-				);
-			}
-		} elseif ( 'unknown' === $simplesamlphp_version_status && $connection_type === 'simplesamlphp' ) {
-			// Only show this notice if we're on the settings page.
-			if ( ! isset( $_GET['page'] ) || $_GET['page'] !== 'wp-saml-auth-settings' ) {
-				return;
-			}
+		// Scenario 3 - Check SimpleSAMLphp version warnings.
+		if ( 'critical' === $simplesamlphp_version_status ) {
+			$min_version = self::get_option( 'critical_simplesamlphp_version' );
+			wp_admin_notice(
+				sprintf(
+					// Translators: 1 is the installed version of SimpleSAMLphp, 2 is the minimum version and 3 is the most secure version.
+					__( '<strong>Security Alert:</strong> The SimpleSAMLphp version used by the WP SAML Auth plugin (%1$s) has a critical security vulnerability (CVE-2023-26881). Please update to version %2$s or later. <a href="%3$s">Learn more</a>.', 'wp-saml-auth' ),
+					esc_html( $simplesamlphp_version ),
+					esc_html( $min_version ),
+					esc_url( admin_url( 'options-general.php?page=wp-saml-auth-settings' ) )
+				),
+				[
+					'type' => 'error',
+					'dismissible' => false,
+					'attributes' => [
+						'data-slug' => 'wp-saml-auth',
+						'data-type' => 'simplesamlphp-critical-vulnerability',
+					],
+				]
+			);
+			return;
+		}
+
+		if ( 'warning' === $simplesamlphp_version_status ) {
+			$min_version = self::get_option( 'min_simplesamlphp_version' );
 			wp_admin_notice(
 				sprintf(
-					// Translators: 1 is the minimum recommended version of SimpleSAMLphp. 2 is a link to the WP SAML Auth settings page.
-					__( '<strong>Warning:</strong> WP SAML Auth was unable to determine your SimpleSAMLphp version. Please ensure you are using version %1$s or later for security. <a href="%2$s">Learn more</a>.', 'wp-saml-auth' ),
-					esc_html( self::get_option( 'min_simplesamlphp_version' ) ),
+					// Translators: 1 is the installed version of SimpleSAMLphp, 2 is the minimum version and 3 is the most secure version.
+					__( '<strong>Security Recommendation:</strong> The  SimpleSAMLphp version used by the WP SAML Auth plugin (%1$s) is older than the recommended secure version. Please consider updating to version %2$s or later. <a href="%3$s">Learn more</a>.', 'wp-saml-auth' ),
+					esc_html( $simplesamlphp_version ),
+					esc_html( $min_version ),
 					esc_url( admin_url( 'options-general.php?page=wp-saml-auth-settings' ) )
 				),
 				[
 					'type' => 'warning',
 					'dismissible' => true,
 					'attributes' => [
 						'data-slug' => 'wp-saml-auth',
-						'data-type' => 'simplesamlphp-version-unknown',
+						'data-type' => 'simplesamlphp-version-warning',
 					],
 				]
 			);
+			return;
+		}
+
+		// Scenario 4 - Unable to determine SimpleSAMLphp version ("unknown").
+		// Only show this notice if we're on the settings page.
+		if ( ! isset( $_GET['page'] ) || $_GET['page'] !== 'wp-saml-auth-settings' ) {
+			return;
 		}
+		wp_admin_notice(
+			sprintf(
+				// Translators: 1 is the minimum recommended version of SimpleSAMLphp. 2 is a link to the WP SAML Auth settings page.
+				__( '<strong>Warning:</strong> WP SAML Auth was unable to determine your SimpleSAMLphp version. Please ensure you are using version %1$s or later for security. <a href="%2$s">Learn more</a>.', 'wp-saml-auth' ),
+				esc_html( self::get_option( 'min_simplesamlphp_version' ) ),
+				esc_url( admin_url( 'options-general.php?page=wp-saml-auth-settings' ) )
+			),
+			[
+				'type' => 'warning',
+				'dismissible' => true,
+				'attributes' => [
+					'data-slug' => 'wp-saml-auth',
+					'data-type' => 'simplesamlphp-version-unknown',
+				],
+			]
+		);
 	}
 
 	/**

readme.txt

@@ -1,8 +1,8 @@
 === WP SAML Auth ===
-Contributors: getpantheon, danielbachhuber, Outlandish Josh, jspellman, jazzs3quence
+Contributors: getpantheon, danielbachhuber, Outlandish Josh, jspellman, jazzs3quence, AnaisPantheor
 Tags: authentication, SAML
 Requires at least: 6.4
-Tested up to: 6.8.1
+Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 2.2.1-dev
 License: GPLv2 or later