From 4544f664f42fbff762307163efd1f8487ccb5c2c Mon Sep 17 00:00:00 2001
From: Robert O'Rourke <robert@o-rourke.org>
Date: Fri, 30 Jul 2021 15:04:51 +0000
Subject: [PATCH] Allow SAML SSO URLs to function when require login is enabled

Fixes #58
---
 inc/saml/namespace.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/inc/saml/namespace.php b/inc/saml/namespace.php
index b647aa6..305fae0 100644
--- a/inc/saml/namespace.php
+++ b/inc/saml/namespace.php
@@ -25,6 +25,7 @@ function bootstrap() {
 	add_filter( 'wpsimplesaml_idp_metadata_xml_path', __NAMESPACE__ . '\\get_idp_metadata_file_path' );
 	add_filter( 'pre_site_option_sso_sp_base', __NAMESPACE__ . '\\get_sp_client_id' );
 	add_filter( 'pre_site_option_sso_enabled', __NAMESPACE__ . '\\get_sso_enabled_option' );
+	add_filter( 'hm-require-login.allowed_pages', __NAMESPACE__ . '\\allow_sso_urls', 10, 2 );
 	require_once Altis\ROOT_DIR . '/vendor/humanmade/wp-simple-saml/plugin.php';
 
 	add_action( 'plugins_loaded', __NAMESPACE__ . '\\remove_plugin_admin_ui' );
@@ -83,3 +84,18 @@ function remove_plugin_admin_ui() {
 	remove_action( 'wpmu_options', 'HumanMade\\SimpleSaml\\Admin\\network_settings_fields' );
 	remove_action( 'update_wpmu_options', 'HumanMade\\SimpleSaml\\Admin\\save_network_settings_fields' );
 }
+
+/**
+ * Ensure SAML endpoints are not redirected when require login is active.
+ *
+ * @param array $allowed Allowed PHP pages.
+ * @param string|null $page The current page.
+ * @return array
+ */
+function allow_sso_urls( array $allowed, ?string $page ) : array {
+	if ( $page === 'index.php' && strpos( $_SERVER['REQUEST_URI'], '/sso/' ) !== false ) {
+		$allowed[] = $page;
+	}
+
+	return $allowed;
+}