Release v0.7.0

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

kalaspuffar

Well-known member
May 19, 2018
267
91
Sweden
coderinsights.com
Hi gang.

I found that we needed to support redirect URLs so the user is returned to the right post if we click the link to log in before commenting.

Features
* Handle redirect URLs.
* Fix content length.

Thanks for your time.
 

Once set this cannot be

Active member
Jun 27, 2019
38
13
Firstly, although I like the way this forum handles mobile screens, this iPhone is sometimes frustrating to use for these kinds of reports due to being unable to copy some dialogue text and my unwillingness to screen capture...

Using @Jeffa ios TestFlight app. Tested in both web root install and subdirectory or subpath install at /wp.


Logins work on both and associate with admin accts.

@Steve @kalaspuffar I am not sure if the Wordpress install or the app handles the messages. “Account creation ...” and “you are now authenticated...” at DOMAIN.TLD which the iOS app displays at bottom of screen before user returns to browser.

I am not using any redirects- each blog is available at its respective location: domain root or sub directory, respectively.

If a domain has multiple blogs on different paths or subdirectories, for better user experience, shouldn’t the app:
  • Show the entire path requesting user to confirm the domain being registered at?
  • In the response after successful login, show the same full path?
The user is asked to verify domain being logged into, but this may not be entirely I correct if logging into a sub directory. Of same domain.

If user registers at sub domain, they are thentold they have successfully connected at web root which may have its own separate login and thus they may NOT be authenticated where they are told they have been
 
Last edited:

brianoflondon

Well-known member
Nov 22, 2018
81
8
This change seems to have been highly successful on my blog.

If you log in to reply to a comment you're taken right back to the right spot.
 

Once set this cannot be

Active member
Jun 27, 2019
38
13
@kalaspuffar FYI, I have noticed that (I didn't flush my cache so it didn't load the new code) neither BrianofLondon's login page nor my own show a QR code to click. AFAIK, we are both on 0.7.0. I remember you added local QR generation to the plugin, but wonder if there is something left out.

My install is a generic default install. I notice that a different domain I am testing on has 0.6.4 and it does show a qr to scan via phone.


PS - I know it's early and there are lots of rough edges, but man, this shit rocks!
 
Last edited:

brianoflondon

Well-known member
Nov 22, 2018
81
8
Yes, after trying to selectively delete things I completely deleted my Brave cache and history and that solved everything.
 

Steve

Administrator
Staff member
May 6, 2018
992
290
www.grc.com
0.7.0 installed from wordpress on a clean system. Giving error:
Wordpress site running without SSL, wondering if that's the reason.
We thought long and hard about whether to allow SQRL to be used with non-secured sites. Unlike with usernames and passwords, one-time tokens, etc., the core SQRL technology, itself, can provide secure authentication even without SSL/TLS. And my first implementations of SQRL worked either way. We finally decided that since it really makes no sense to "sign in" to a non-secured site -- since the browser's session cookies is readily sniffed to allow passive impersonation and session hijacking -- we didn't want to have SQRL associated with that sort of non-secure session. And, with the availability of free domain certificates, the presence of secured connections is clearly the future.
 

Once set this cannot be

Active member
Jun 27, 2019
38
13
@kalaspuffar FYI, I have noticed that (I didn't flush my cache so it didn't load the new code) neither BrianofLondon's login page nor my own show a QR code to click. AFAIK, we are both on 0.7.0. I remember you added local QR generation to the plugin, but wonder if there is something left out.

My install is a generic default install. I notice that a different domain I am testing on has 0.6.4 and it does show a qr to scan via phone.


PS - I know it's early and there are lots of rough edges, but man, this shit rocks!
It was strange. I tested in a different Comp and it didn’t show QR code. So I posted. Then remembered about flushing cache and it showed. So I corrected my post.

I tried later using this phone and brave browser and again it didn’t show. I tried flushing all data and it still didn’t show.
I ust had a thought and turned off fingerprinting protection for that domain and the QR code showed. Hmm.
 
Last edited:
  • Like
Reactions: brianoflondon

Paul F

Active member
Apr 11, 2019
37
6
Toronto
@kalaspuffar
1. On a login, the server returns tif=5 for cmd=query, correctly indicating an identity match. On the subsequent cmd=ident, the user is logged in but the server returns tif=4. It should return tif=5.
2. The server's sin=0 parameter is missing its \r\n.
 

brianoflondon

Well-known member
Nov 22, 2018
81
8
It was strange. I tested in a different Comp and it didn’t show QR code. So I posted. Then remembered about flushing cache and it showed. So I corrected my post.

I tried later using this phone and brave browser and again it didn’t show. I tried flushing all data and it still didn’t show.
I ust had a thought and turned off fingerprinting protection for that domain and the QR code showed. Hmm.
Caching is going on in a few places. On WordPress, Cloudflare and the browser.

I'm also seeing strange behavior and I suspect Caching is a big part.

Eventually it does all seem to work. I'm trying to flush all server and Cloudflare caches after plug-in upgrades.
 

testingherb

New member
Jun 11, 2019
2
1
I was running a site with a wp4.9 version with no luck(as expected), but as soon as I updated to wp5.2.2 it worked using a nginx/1.10.3, php7.0.33.
Logged in using QR code/Android app.
 

brianoflondon

Well-known member
Nov 22, 2018
81
8
I was running a site with a wp4.9 version with no luck(as expected), but as soon as I updated to wp5.2.2 it worked using a nginx/1.10.3, php7.0.33.
Logged in using QR code/Android app.
I also had to upgrade my PHP version (which I should have done some time ago) but after that it worked well. These days it's somewhat essential to have Wordpress on auto-update because its such a large attack surface, if there are any security issues there will be huge problems.