Enhance Google Login: Allowed Domains, Redirect URL, Developer Mode, and Logging

composer.json

@@ -27,7 +27,7 @@
 	"minimum-stability": "dev",
 	"prefer-stable": true,
 	"require": {
-		"php": ">=7.4,<=8.2.27",
+		"php": ">=7.4,<=8.2.28",
 		"pimple/pimple": "3.5.*"
 	},
 	"require-dev": {

languages/login-with-google.pot

@@ -2,14 +2,14 @@
 # This file is distributed under the GPLv2+.
 msgid ""
 msgstr ""
-"Project-Id-Version: Login with Google 1.4.0\n"
+"Project-Id-Version: Login with Google 1.3.7\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/login-with-google\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2025-05-02T11:17:56+00:00\n"
+"POT-Creation-Date: 2025-04-29T04:00:23+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.12.0-alpha\n"
 "X-Domain: login-with-google\n"
@@ -52,11 +52,11 @@ msgstr ""
 msgid "Could not authenticate the user, please try again."
 msgstr ""
 
-#: src/Modules/OneTapLogin.php:181
+#: src/Modules/OneTapLogin.php:176
 msgid "Cannot verify the credentials"
 msgstr ""
 
-#: src/Modules/OneTapLogin.php:223
+#: src/Modules/OneTapLogin.php:218
 msgid "User not found to authenticate"
 msgstr ""
 
@@ -121,7 +121,7 @@ msgstr ""
 msgid "Login with Google settings"
 msgstr ""
 
-#: src/Modules/Shortcode.php:92
+#: src/Modules/Shortcode.php:91
 msgid "Login with google"
 msgstr ""
 
@@ -181,12 +181,12 @@ msgstr ""
 msgid "User data is stale! Please try again."
 msgstr ""
 
-#: templates/google-login-button.php:14
+#: templates/google-login-button.php:12
 #: assets/build/js/block-button.js:1
 msgid "Log in with Google"
 msgstr ""
 
-#: templates/google-login-button.php:24
+#: templates/google-login-button.php:22
 msgid "Log out"
 msgstr ""
 

login-with-google.php

@@ -2,7 +2,7 @@
 /**
  * Plugin Name: Login with Google
  * Description: Allow users to login/register via Google.
- * Version: 1.4.0
+ * Version: 1.3.7
  * Author: rtCamp
  * Author URI: https://rtcamp.com
  * Text Domain: login-with-google

readme.txt

@@ -1,12 +1,12 @@
 === Log in with Google ===
-Contributors: rtCamp, sh4lin, nikhiljoshua, mchirag2002, mi5t4n
-Unlinked contributors: Jeppehimer, dev-alamin
+Contributors: rtCamp, sh4lin, nikhiljoshua
+Unlinked contributors: Jeppehimer
 Donate link: https://rtcamp.com/
 Tags: Google login, sign in, sso, oauth, authentication, sign-in, single sign-on, log in
 Requires at least: 5.5
 Tested up to: 6.7.2
 Requires PHP: 7.4
-Stable tag: 1.4.0
+Stable tag: 1.3.7
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -141,15 +141,6 @@ Code snippets to extend and customize the plugin can be found [here](https://git
 
 == Changelog ==
 
-= 1.4.0 =
-Update: Migrated One Tap Login to use FedCM.
-Update: After a successful login or logout, users are now redirected to the page they originally intended to access.
-Update: When the plugin performs a redirect, it now includes an x-redirect-by header.
-Update: A settings page link has been added directly under the plugin name on the Plugins screen.
-Fix: Resolved an issue with generating unique usernames.
-Fix: Fixed a bug where JavaScript string translations were not being applied correctly.
-Chore: Documentation update.
-
 = 1.3.7 =
 * Compatible with WordPress 6.7.2
 
@@ -220,15 +211,6 @@ Chore: Documentation update.
 
 == Upgrade Notice ==
 
-= 1.4.0 =
-Update: Migrated One Tap Login to use FedCM.
-Update: After a successful login or logout, users are now redirected to the page they originally intended to access.
-Update: When the plugin performs a redirect, it now includes an x-redirect-by header.
-Update: A settings page link has been added directly under the plugin name on the Plugins screen.
-Fix: Resolved an issue with generating unique usernames.
-Fix: Fixed a bug where JavaScript string translations were not being applied correctly.
-Chore: Documentation update.
-
 = 1.3.7 =
 * Compatible with WordPress 6.7.2
 

src/Modules/Login.php

@@ -129,17 +129,51 @@ public function authenticate( $user = null ) {
 		$decoded_state = $state ? (array) ( json_decode( base64_decode( $state ) ) ) : null;    // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
 
 		if ( ! is_array( $decoded_state ) || empty( $decoded_state['provider'] ) || 'google' !== $decoded_state['provider'] ) {
+			$this->log_failed_attempt( 'Invalid provider or state' );
 			return $user;
 		}
 
 		if ( empty( $decoded_state['nonce'] ) || ! wp_verify_nonce( $decoded_state['nonce'], 'login_with_google' ) ) {
+			$this->log_failed_attempt( 'Invalid nonce' );
 			return $user;
 		}
 
 		try {
 			$this->gh_client->set_access_token( $code );
-			$user = $this->gh_client->user();
-			$user = $this->authenticator->authenticate( $user );
+			$google_user = $this->gh_client->user();
+
+			// Handle developer mode
+			if ( get_option( 'google_login_dev_mode' ) ) {
+				// Log raw user data
+				error_log( 'Google Login Debug - Raw User Data: ' . print_r( $google_user, true ) );
+
+				// Add debug information to the login page
+				add_action( 'login_footer', function() use ( $google_user ) {
+					echo '<div class="google-login-debug" style="margin: 20px; padding: 20px; background: #f1f1f1; border: 1px solid #ddd;">';
+					echo '<h3>' . esc_html__( 'Google Login Debug Information', 'login-with-google' ) . '</h3>';
+					echo '<pre style="white-space: pre-wrap; word-wrap: break-word;">';
+					echo esc_html( print_r( $google_user, true ) );
+					echo '</pre>';
+					echo '</div>';
+				});
+			}
+
+			// Check if the email domain is allowed
+			$allowed_domains = get_option( 'google_login_allowed_domains' );
+			if ( ! empty( $allowed_domains ) ) {
+				$email_domain = substr( strrchr( $google_user->email, '@' ), 1 );
+				$allowed_domains = array_map( 'trim', explode( ',', $allowed_domains ) );
+
+				if ( ! in_array( $email_domain, $allowed_domains, true ) ) {
+					$this->log_failed_attempt( 'Domain not allowed: ' . $email_domain );
+					return new WP_Error(
+						'domain_not_allowed',
+						__( 'Your email domain is not allowed to login to this site.', 'login-with-google' )
+					);
+				}
+			}
+
+			$user = $this->authenticator->authenticate( $google_user );
 
 			if ( $user instanceof WP_User ) {
 				$this->authenticated = true;
@@ -156,13 +190,35 @@ public function authenticate( $user = null ) {
 				return $user;
 			}
 
+			$this->log_failed_attempt( 'Could not authenticate user' );
 			throw new Exception( __( 'Could not authenticate the user, please try again.', 'login-with-google' ) );
 
 		} catch ( Throwable $e ) {
+			$this->log_failed_attempt( $e->getMessage() );
 			return new WP_Error( 'google_login_failed', $e->getMessage() );
 		}
 	}
 
+	/**
+	 * Log failed login attempts
+	 *
+	 * @param string $reason Reason for the failed attempt.
+	 * @return void
+	 */
+	private function log_failed_attempt( string $reason ): void {
+		$logs = get_option( 'google_login_logs', [] );
+		$log_entry = [
+			'timestamp' => current_time( 'mysql' ),
+			'reason' => $reason,
+		];
+
+		// Keep only the last 100 entries
+		array_unshift( $logs, $log_entry );
+		$logs = array_slice( $logs, 0, 100 );
+
+		update_option( 'google_login_logs', $logs );
+	}
+
 	/**
 	 * Add extra meta information about user.
 	 *
@@ -199,13 +255,18 @@ public function redirect_url( string $url ): string {
 	 */
 	public function state_redirect( array $state ): array {
 		$redirect_to = Helper::filter_input( INPUT_GET, 'redirect_to', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+
+		// Get the default redirect URL from settings
+		$settings = plugin()->container()->get( 'settings' );
+		$default_redirect = $settings->redirect_url;
+
 		/**
 		 * Filter the default redirect URL in case redirect_to param is not available.
 		 * Default to admin URL.
 		 *
 		 * @param string $admin_url Admin URL address.
 		 */
-		$state['redirect_to'] = $redirect_to ?? apply_filters( 'rtcamp.google_default_redirect', admin_url() );
+		$state['redirect_to'] = $redirect_to ?? ( $default_redirect ?: apply_filters( 'rtcamp.google_default_redirect', admin_url() ) );
 
 		return $state;
 	}
@@ -225,9 +286,19 @@ public function login_redirect(): void {
 		$state = base64_decode( $state );
 		$state = $state ? json_decode( $state ) : null;
 
-		if ( ( $state instanceof stdClass ) && ! empty( $state->provider ) && 'google' === $state->provider && ! empty( $state->redirect_to ) ) {
-			wp_safe_redirect( $state->redirect_to, 302, 'Login with Google' );
-			exit;
+		if ( ( $state instanceof stdClass ) && ! empty( $state->provider ) && 'google' === $state->provider ) {
+			// Check for the global redirect URL option first
+			$global_redirect = get_option( 'google_login_redirect_url' );
+			if ( ! empty( $global_redirect ) ) {
+				wp_safe_redirect( $global_redirect, 302, 'Login with Google' );
+				exit;
+			}
+
+			// If no global redirect is set, use the state redirect
+			if ( ! empty( $state->redirect_to ) ) {
+				wp_safe_redirect( $state->redirect_to, 302, 'Login with Google' );
+				exit;
+			}
 		}
 	}
 }