feat: updated readme, bump version, and moved state checking

README.md

@@ -10,6 +10,12 @@ A paradigm shift in the registration and sign-in process, Affinidi Login is a ga
 |---|---|---|
 | Offers a secure and user-friendly alternative to traditional password-based authentication by eliminating passwords and thus removing the vulnerability to password-related attacks such as phishing and credential stuffing. | Leverages OID4VP to enable users to control their data and digital identity, selectively share their credentials and authenticate themselves across multiple platforms and devices without relying on a centralised identity provider. | Utilises OID4VP to enhance security of the authentication process by verifying user authenticity without the need for direct communication with the provider, reducing risk of tampering and ensuring data integrity. |
 
+## Features ##
+
+- Passwordless login experience for users using Affinidi Login and Affinidi Vault.
+
+- Supports WooCommerce: Passwordless login, Seamless Customer Onboarding, and Customer profile creation.
+
 ## Shortcode ##
 
 You can use the Affinidi Login as a shortcode in your editor. Just add the following to display the button in the page:
@@ -63,6 +69,4 @@ We are here to help. Please [Contact Us](https://www.affinidi.com/get-in-touch)
 
 ## Changelog ##
 
-### 1.0.0 ###
-
-* Initial release of Affinidi Login - Passwordless Authentication for Wordpress.
+Visit our [GitHub Releases](https://github.com/affinidi/wordpress-affinidi-login/releases) for the complete list of changes and releases.

includes/wp-affinidi-login-callback.php

@@ -16,16 +16,24 @@
     session_start();
 }
 
-// // Check for custom redirect
-// if (!empty($_GET['redirect_uri'])) {
-//     $user_redirect = esc_url($_GET['redirect_uri']);
-// }
+// default to homepage if the state not found or expired
+$user_redirect = home_url();
+
+// Check for error, ensure state has value
+if (empty($_GET['state'])) {
+    // log error description on server side
+    $log_message = "Affinidi Login: state is empty".PHP_EOL;
+    error_log($log_message);
+    // redirect user with error code
+    wp_safe_redirect($user_redirect . "?message=affinidi_login_failed");
+    exit;
+}
 
 // Authenticate Check and Redirect
-if (!isset($_GET['code']) && !isset($_GET['error_description']) && !empty($_GET['state'])) {
+if (!isset($_GET['code']) && !isset($_GET['error_description'])) {
 
     // Grab the state from the Auth URL and send to AL
-    $state = $_GET['state'];
+    $state = sanitize_text_field($_GET['state']);
 
     // generate code verifier and challenge
     $verifier_bytes = bin2hex(openssl_random_pseudo_bytes(32));
@@ -51,21 +59,9 @@
     exit;
 }
 
-// Check for error 
-if (empty($_GET['state'])) {
-    // log error description on server side
-    $log_message = "Affinidi Login: State is empty".PHP_EOL;
-    error_log($log_message);
-    // redirect user with error code
-    wp_safe_redirect($user_redirect . "?message=affinidi_login_failed");
-    exit;
-}
-
 // retrieve state and get the transient info for redirect
 $state      = sanitize_text_field($_GET['state']);
 $redirect_to = get_transient("affinidi_user_redirect_to".$state);
-// default to homepage if the state not found or expired
-$user_redirect = home_url();
 // check if the state exists
 if (!empty($redirect_to) && !empty($redirect_to[$state]) && !empty($redirect_to[$state]['redirect_to'])) {
     // set the redirect url based on state
@@ -81,7 +77,6 @@
     error_log($log_message);
     // redirect user with error code
     wp_safe_redirect($user_redirect . "?message=affinidi_login_failed&error={$_GET['error']}");
-
     exit;
 }
 

readme.txt

@@ -1,10 +1,10 @@
 === Affinidi Login - Passwordless Authentication ===
 Contributors: affinidi
-Tags: authentication, security, multi-factor, oauth2, sso
+Tags: authentication, passwordless, multi-factor, sso, ecommerce
 Requires at least: 6.4
 Tested up to: 6.4
 Requires PHP: 7.4
-Stable tag: 1.0.0
+Stable tag: 1.1.0
 License: MIT
 License URI: https://github.com/affinidi/wordpress-affinidi-login/blob/main/LICENSE
 
@@ -26,6 +26,12 @@ Leverages OID4VP to enable users to control their data and digital identity, sel
 
 Utilises OID4VP to enhance security of the authentication process by verifying user authenticity without the need for direct communication with the provider, reducing risk of tampering and ensuring data integrity.
 
+= Features =
+
+- Passwordless login experience for users using Affinidi Login and Affinidi Vault.
+
+- Supports WooCommerce: Passwordless login, Seamless Customer Onboarding, and Customer profile creation.
+
 = Shortcode =
 
 You can use the Affinidi Login as a shortcode in your editor. Just add the following to display the button in the page:
@@ -83,6 +89,4 @@ We are here to help. Please [Contact Us](https://www.affinidi.com/get-in-touch)
 
 == Changelog ==
 
-= 1.0.0 =
-
-* Initial release of Affinidi Login - Passwordless Authentication for Wordpress.
+Visit our [GitHub Releases](https://github.com/affinidi/wordpress-affinidi-login/releases) for the complete list of changes and releases.

wp-affinidi-login.php

@@ -18,7 +18,7 @@
  * Plugin Name:       Affinidi Login - Passwordless Authentication
  * Plugin URI:        https://github.com/affinidi/wordpress-affinidi-login
  * Description:       A paradigm shift in the registration and sign-in process, Affinidi Login is a game-changing solution for developers. With our revolutionary passwordless authentication solution your user's first sign-in doubles as their registration, and all the necessary data for onboarding can be requested during this streamlined sign-in/signup process. End users are in full control, ensuring that they consent to the information shared in a transparent and user-friendly manner. This streamlined approach empowers developers to create efficient user experiences with data integrity, enhanced security and privacy, and ensures compatibility with industry standards.
- * Version:           1.0.0
+ * Version:           1.1.0
  * Requires at least: 6.4
  * Requires PHP:      7.4
  * Author:            Affinidi