From ec60b2ff9f809d041fafadf4851b4615354799f2 Mon Sep 17 00:00:00 2001 From: tamkendigital <160346532+tamkendigital@users.noreply.github.com> Date: Sat, 22 Nov 2025 19:45:10 +0300 Subject: [PATCH 1/2] Add SSO support and magic link handling in get_manage_url MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # Fix: "Manage" Button SSO and Magic Link Support ## Problem The "Manage" button in the "My Sites" widget was not properly redirecting to the admin panel when SSO (Single Sign-On) was enabled. Additionally, when magic links were used for custom domains, the magic link URL was generated on the home URL instead of the admin URL, causing users to be redirected to the front-end page instead of the admin panel after login. ### Issues Identified: 1. **Missing SSO Support**: The "Manage" button did not include SSO parameters, preventing automatic login when clicking the button. 2. **Magic Link Path Issue**: When `wu_get_admin_url()` generated a magic link for custom domains, it created URLs like: ``` https://site.online/?wu_magic_token=... ``` Instead of: ``` https://site.online/wp-admin/?wu_magic_token=... ``` This caused users to be logged in but redirected to the home page instead of the admin panel. 3. **Incompatibility with WP Hide**: The solution needed to respect custom admin paths set by plugins like WP Hide. ## Solution Modified the `get_manage_url()` method in `class-my-sites-element.php` to: 1. **Use `wu_get_admin_url()`** to automatically handle magic link generation when needed for custom domains. 2. **Detect Magic Links**: Check if the generated URL contains `wu_magic_token` parameter. 3. **Fix Magic Link Path**: When a magic link is detected: - Parse the magic link URL to extract the base URL and query string - Get the admin path using `get_admin_url()` (respects WP Hide and other plugins) - Reconstruct the URL with the admin path: `https://site.com/wp-admin/?wu_magic_token=...` 4. **Add SSO Support**: When magic link is not used: - Use `wp_login_url()` with `redirect_to` parameter pointing to the admin URL - Add SSO parameter (`sso=login`) to the login URL - This ensures automatic SSO login flow 5. **Backward Compatibility**: Apply the `wp_ultimo_manage_url` filter for compatibility with older versions and custom implementations. ## Implementation Details ### For `wp_admin` Type: - Uses `wu_get_admin_url()` to get admin URL with automatic magic link support - If magic link exists: Adds admin path directly to the URL - If magic link doesn't exist: Uses `wp_login_url()` with SSO parameter - Applies `wp_ultimo_manage_url` filter ### For `default` Type (Frontend Context): - Same logic as `wp_admin` type when not in admin context - Ensures "Manage" button goes directly to admin, not to front-end URL ### For `custom_page` Type: - No changes (unchanged behavior) ## Technical Notes - **Magic Link Detection**: Uses `strpos()` to check for `wu_magic_token` in the URL - **Admin Path Resolution**: Uses `parse_url(get_admin_url(), PHP_URL_PATH)` to get the admin path, which respects WordPress filters and plugins like WP Hide - **Site Context Switching**: Uses `switch_to_blog()` and `restore_current_blog()` to get correct URLs for the target site - **Fallback**: Defaults to `/wp-admin` if admin path cannot be determined ## Testing Tested scenarios: - ✅ SSO login with standard domains - ✅ Magic link login with custom domains - ✅ Compatibility with WP Hide plugin (custom admin paths) - ✅ Backward compatibility with `wp_ultimo_manage_url` filter - ✅ Both `wp_admin` and `default` types ## Files Modified - `/inc/ui/class-my-sites-element.php` - Modified `get_manage_url()` method ## Related Functions - `wu_get_admin_url()` - Generates admin URLs with magic link support - `wp_login_url()` - WordPress function to get login URL with redirect - `get_admin_url()` - WordPress function to get admin URL (respects filters) - `\WP_Ultimo\SSO\SSO::with_sso()` - Adds SSO parameters to URLs ## Example URLs Generated **With Magic Link:** ``` https://site.online/wp-admin/?wu_magic_token=cacf33253e6a4a3f8f82f4d7944f09757ec5e4953dd5ea095a2bb2dacfe8ec84 ``` **With SSO (no magic link):** ``` https://site.online/wp-login.php?redirect_to=https://site.online/wp-admin&sso=login ``` ## Compatibility - ✅ WordPress Multisite - ✅ WP Hide plugin (custom admin paths) - ✅ Custom domains with magic links - ✅ Standard domains with SSO - ✅ Backward compatible with existing filters --- inc/ui/class-my-sites-element.php | 127 +++++++++++++++++++++++++++++- 1 file changed, 126 insertions(+), 1 deletion(-) diff --git a/inc/ui/class-my-sites-element.php b/inc/ui/class-my-sites-element.php index ddb15310..50a5c319 100644 --- a/inc/ui/class-my-sites-element.php +++ b/inc/ui/class-my-sites-element.php @@ -393,6 +393,8 @@ function ($user_sites, $wp_site) use ($customer_sites) { * Returns the manage URL for sites, depending on the environment. * * @since 2.0.0 + * @modified Custom modification: Use direct admin URL with SSO support + * @modified_date 2025-01-XX * * @param int $site_id A Site ID. * @param string $type De redirection type (can be: default, wp_admin or custom_page). @@ -401,8 +403,68 @@ function ($user_sites, $wp_site) use ($customer_sites) { */ public function get_manage_url($site_id, $type = 'default', $custom_page_id = 0) { + // ============================================ + // CUSTOM MODIFICATION START + // ============================================ + // Purpose: Use direct admin URL (e.g., http://site.com/wp-admin) with SSO support + // This ensures the "Manage" button goes directly to admin with SSO working + // ============================================ + if ('wp_admin' === $type) { - return wu_get_admin_url($site_id); + // Use wu_get_admin_url() to get admin URL with magic link support if needed + // This function automatically adds magic links for custom domains + $admin_url = wu_get_admin_url($site_id); + + // Check if magic link is already used (contains wu_magic_token) + // If magic link exists, add admin path directly to the URL + $has_magic_link = (strpos($admin_url, 'wu_magic_token') !== false); + + if ($has_magic_link) { + // Magic link is generated on home URL, we need to add admin path + // Parse the URL to get the base URL and query string + $parsed_url = wp_parse_url($admin_url); + $base_url = $parsed_url['scheme'] . '://' . $parsed_url['host']; + if (isset($parsed_url['port'])) { + $base_url .= ':' . $parsed_url['port']; + } + + // Get admin path (respects WP Hide and other plugins) + switch_to_blog($site_id); + $admin_path = parse_url(get_admin_url(), PHP_URL_PATH); + restore_current_blog(); + + // Ensure admin path exists, default to /wp-admin if not found + if (empty($admin_path)) { + $admin_path = '/wp-admin'; + } + + // Build new URL with admin path + $query_string = isset($parsed_url['query']) ? '?' . $parsed_url['query'] : ''; + $admin_url = $base_url . $admin_path . $query_string; + } elseif (class_exists('\WP_Ultimo\SSO\SSO')) { + // Add SSO support if enabled and magic link is not used + // SSO needs to go through login page first, then redirect to admin + $sso = \WP_Ultimo\SSO\SSO::get_instance(); + if ($sso && $sso->is_enabled()) { + // Switch to target site to get correct login URL + switch_to_blog($site_id); + $sso_path = $sso->get_url_path(); + $actual_admin_url = get_admin_url($site_id); + $login_url = wp_login_url($actual_admin_url); + restore_current_blog(); + + // Add SSO parameter to login URL + $admin_url = add_query_arg($sso_path, 'login', $login_url); + } + } + + // Apply wp_ultimo_manage_url filter for backward compatibility + $site = wu_get_site($site_id); + if ($site) { + $admin_url = apply_filters('wp_ultimo_manage_url', $admin_url, $site); + } + + return $admin_url; } if ('custom_page' === $type) { @@ -420,7 +482,70 @@ public function get_manage_url($site_id, $type = 'default', $custom_page_id = 0) ); } + // For default type, use admin URL directly (like the old version) + // This ensures the "Manage" button goes directly to admin, not to front-end URL + if ( ! is_admin()) { + // Use wu_get_admin_url() to get admin URL with magic link support if needed + // This function automatically adds magic links for custom domains + $admin_url = wu_get_admin_url($site_id); + + // Check if magic link is already used (contains wu_magic_token) + // If magic link exists, add admin path directly to the URL + $has_magic_link = (strpos($admin_url, 'wu_magic_token') !== false); + + if ($has_magic_link) { + // Magic link is generated on home URL, we need to add admin path + // Parse the URL to get the base URL and query string + $parsed_url = wp_parse_url($admin_url); + $base_url = $parsed_url['scheme'] . '://' . $parsed_url['host']; + if (isset($parsed_url['port'])) { + $base_url .= ':' . $parsed_url['port']; + } + + // Get admin path (respects WP Hide and other plugins) + switch_to_blog($site_id); + $admin_path = parse_url(get_admin_url(), PHP_URL_PATH); + restore_current_blog(); + + // Ensure admin path exists, default to /wp-admin if not found + if (empty($admin_path)) { + $admin_path = '/wp-admin'; + } + + // Build new URL with admin path + $query_string = isset($parsed_url['query']) ? '?' . $parsed_url['query'] : ''; + $admin_url = $base_url . $admin_path . $query_string; + } elseif (class_exists('\WP_Ultimo\SSO\SSO')) { + // Add SSO support if enabled and magic link is not used + // SSO needs to go through login page first, then redirect to admin + $sso = \WP_Ultimo\SSO\SSO::get_instance(); + if ($sso && $sso->is_enabled()) { + // Switch to target site to get correct login URL + switch_to_blog($site_id); + $sso_path = $sso->get_url_path(); + $actual_admin_url = get_admin_url($site_id); + $login_url = wp_login_url($actual_admin_url); + restore_current_blog(); + + // Add SSO parameter to login URL + $admin_url = add_query_arg($sso_path, 'login', $login_url); + } + } + + // Apply wp_ultimo_manage_url filter for backward compatibility + $site = wu_get_site($site_id); + if ($site) { + $admin_url = apply_filters('wp_ultimo_manage_url', $admin_url, $site); + } + + return $admin_url; + } + return \WP_Ultimo\Current::get_manage_url($site_id, 'site'); + + // ============================================ + // CUSTOM MODIFICATION END + // ============================================ } /** From 1b559c6c425b65557d98f6944e16e68c13ccc2af Mon Sep 17 00:00:00 2001 From: David Stone Date: Tue, 23 Dec 2025 14:24:46 -0700 Subject: [PATCH 2/2] fix styles --- inc/ui/class-my-sites-element.php | 65 +++++++++++++------------------ 1 file changed, 26 insertions(+), 39 deletions(-) diff --git a/inc/ui/class-my-sites-element.php b/inc/ui/class-my-sites-element.php index 50a5c319..a94880d4 100644 --- a/inc/ui/class-my-sites-element.php +++ b/inc/ui/class-my-sites-element.php @@ -393,8 +393,6 @@ function ($user_sites, $wp_site) use ($customer_sites) { * Returns the manage URL for sites, depending on the environment. * * @since 2.0.0 - * @modified Custom modification: Use direct admin URL with SSO support - * @modified_date 2025-01-XX * * @param int $site_id A Site ID. * @param string $type De redirection type (can be: default, wp_admin or custom_page). @@ -403,44 +401,37 @@ function ($user_sites, $wp_site) use ($customer_sites) { */ public function get_manage_url($site_id, $type = 'default', $custom_page_id = 0) { - // ============================================ - // CUSTOM MODIFICATION START - // ============================================ - // Purpose: Use direct admin URL (e.g., http://site.com/wp-admin) with SSO support - // This ensures the "Manage" button goes directly to admin with SSO working - // ============================================ - if ('wp_admin' === $type) { // Use wu_get_admin_url() to get admin URL with magic link support if needed // This function automatically adds magic links for custom domains $admin_url = wu_get_admin_url($site_id); - + // Check if magic link is already used (contains wu_magic_token) // If magic link exists, add admin path directly to the URL $has_magic_link = (strpos($admin_url, 'wu_magic_token') !== false); - + if ($has_magic_link) { // Magic link is generated on home URL, we need to add admin path // Parse the URL to get the base URL and query string $parsed_url = wp_parse_url($admin_url); - $base_url = $parsed_url['scheme'] . '://' . $parsed_url['host']; + $base_url = $parsed_url['scheme'] . '://' . $parsed_url['host']; if (isset($parsed_url['port'])) { $base_url .= ':' . $parsed_url['port']; } - + // Get admin path (respects WP Hide and other plugins) switch_to_blog($site_id); - $admin_path = parse_url(get_admin_url(), PHP_URL_PATH); + $admin_path = wp_parse_url(get_admin_url(), PHP_URL_PATH); restore_current_blog(); - + // Ensure admin path exists, default to /wp-admin if not found if (empty($admin_path)) { $admin_path = '/wp-admin'; } - + // Build new URL with admin path $query_string = isset($parsed_url['query']) ? '?' . $parsed_url['query'] : ''; - $admin_url = $base_url . $admin_path . $query_string; + $admin_url = $base_url . $admin_path . $query_string; } elseif (class_exists('\WP_Ultimo\SSO\SSO')) { // Add SSO support if enabled and magic link is not used // SSO needs to go through login page first, then redirect to admin @@ -448,22 +439,22 @@ public function get_manage_url($site_id, $type = 'default', $custom_page_id = 0) if ($sso && $sso->is_enabled()) { // Switch to target site to get correct login URL switch_to_blog($site_id); - $sso_path = $sso->get_url_path(); + $sso_path = $sso->get_url_path(); $actual_admin_url = get_admin_url($site_id); - $login_url = wp_login_url($actual_admin_url); + $login_url = wp_login_url($actual_admin_url); restore_current_blog(); - + // Add SSO parameter to login URL $admin_url = add_query_arg($sso_path, 'login', $login_url); } } - + // Apply wp_ultimo_manage_url filter for backward compatibility $site = wu_get_site($site_id); if ($site) { $admin_url = apply_filters('wp_ultimo_manage_url', $admin_url, $site); } - + return $admin_url; } @@ -488,33 +479,33 @@ public function get_manage_url($site_id, $type = 'default', $custom_page_id = 0) // Use wu_get_admin_url() to get admin URL with magic link support if needed // This function automatically adds magic links for custom domains $admin_url = wu_get_admin_url($site_id); - + // Check if magic link is already used (contains wu_magic_token) // If magic link exists, add admin path directly to the URL $has_magic_link = (strpos($admin_url, 'wu_magic_token') !== false); - + if ($has_magic_link) { // Magic link is generated on home URL, we need to add admin path // Parse the URL to get the base URL and query string $parsed_url = wp_parse_url($admin_url); - $base_url = $parsed_url['scheme'] . '://' . $parsed_url['host']; + $base_url = $parsed_url['scheme'] . '://' . $parsed_url['host']; if (isset($parsed_url['port'])) { $base_url .= ':' . $parsed_url['port']; } - + // Get admin path (respects WP Hide and other plugins) switch_to_blog($site_id); - $admin_path = parse_url(get_admin_url(), PHP_URL_PATH); + $admin_path = wp_parse_url(get_admin_url(), PHP_URL_PATH); restore_current_blog(); - + // Ensure admin path exists, default to /wp-admin if not found if (empty($admin_path)) { $admin_path = '/wp-admin'; } - + // Build new URL with admin path $query_string = isset($parsed_url['query']) ? '?' . $parsed_url['query'] : ''; - $admin_url = $base_url . $admin_path . $query_string; + $admin_url = $base_url . $admin_path . $query_string; } elseif (class_exists('\WP_Ultimo\SSO\SSO')) { // Add SSO support if enabled and magic link is not used // SSO needs to go through login page first, then redirect to admin @@ -522,30 +513,26 @@ public function get_manage_url($site_id, $type = 'default', $custom_page_id = 0) if ($sso && $sso->is_enabled()) { // Switch to target site to get correct login URL switch_to_blog($site_id); - $sso_path = $sso->get_url_path(); + $sso_path = $sso->get_url_path(); $actual_admin_url = get_admin_url($site_id); - $login_url = wp_login_url($actual_admin_url); + $login_url = wp_login_url($actual_admin_url); restore_current_blog(); - + // Add SSO parameter to login URL $admin_url = add_query_arg($sso_path, 'login', $login_url); } } - + // Apply wp_ultimo_manage_url filter for backward compatibility $site = wu_get_site($site_id); if ($site) { $admin_url = apply_filters('wp_ultimo_manage_url', $admin_url, $site); } - + return $admin_url; } return \WP_Ultimo\Current::get_manage_url($site_id, 'site'); - - // ============================================ - // CUSTOM MODIFICATION END - // ============================================ } /**