Added ability to extend WP session with a remember me checkbox when doing a shib login

assets/css/shibboleth_login_form.css

@@ -108,3 +108,46 @@
 .shibboleth-repositioned #shibboleth-wrap .button .dashicons {
 	font-size: 24px;
 }
+
+
+.shibboleth-remember-me-wrap {
+	margin-top: 1em;
+}
+.shibboleth-remember-me-wrap input[type="checkbox"] {
+	margin-right: .5em;
+}
+
+#shibboleth-wrap._rememberme-loading {
+	pointer-events: none;
+	position: relative;
+}
+
+#shibboleth-wrap._rememberme-loading * {
+	opacity: .4;
+}
+
+@keyframes L7 {
+	33%{background-size:calc(100%/3) 0%  ,calc(100%/3) 100%,calc(100%/3) 100%}
+	50%{background-size:calc(100%/3) 100%,calc(100%/3) 0%  ,calc(100%/3) 100%}
+	66%{background-size:calc(100%/3) 100%,calc(100%/3) 100%,calc(100%/3) 0%  }
+}
+#shibboleth-wrap._rememberme-loading::after {
+	content: '';
+	opacity: 1;
+	width: 60px;
+	aspect-ratio: 4;
+	--_g: no-repeat radial-gradient(circle closest-side,hsl(350, 20%, 28%) 90%,#0000);
+	background: 
+	var(--_g) 0%   50%,
+	var(--_g) 50%  50%,
+	var(--_g) 100% 50%;
+	background-size: calc(100%/3) 100%;
+	animation: L7 1s infinite linear;
+	position: absolute;
+	top: 50%;
+	left: 40%;
+}
+
+#shibboleth-wrap:has( .shibboleth-remember-me-wrap ) a.shibboleth-button[href*="wp-login.php"] {
+	float: none;
+}

assets/js/shibboleth_login_form.js

@@ -28,5 +28,27 @@
 		// positioning of the SSO UI.
 		loginForm.append( ssoWrap );
 		body.addClass( 'shibboleth-repositioned' );
+
+
+		var $checkbox = $( '#shibboleth-wrap input[name="shibboleth-lengthen-cookie"]' );
+		if( $checkbox ) {
+
+			$checkbox.on( 'change', function(e) {
+
+				var rememberMe = this.checked;
+				ssoWrap.addClass('_rememberme-loading');
+
+				var params = new URLSearchParams({
+					action: 'shibboleth_remember_me',
+					value: (rememberMe) ? '1' : '0',
+				});
+				var fetchurl = window.ajaxurl + '?' + params.toString();
+
+				fetch( fetchurl ).then( json => {
+					ssoWrap.removeClass('_rememberme-loading');
+				});
+
+			});
+		}
 	}
 );

options-admin.php

@@ -130,6 +130,9 @@ function shibboleth_options_general() {
 		if ( ! defined( 'SHIBBOLETH_AUTO_LOGIN' ) ) {
 			update_site_option( 'shibboleth_auto_login', ! empty( $_POST['auto_login'] ) );
 		}
+		if ( ! defined( 'SHIBBOLETH_ALLOW_REMEMBERME' ) ) {
+			update_site_option( 'shibboleth_allow_rememberme', ! empty( $_POST['allow_rememberme'] ) );
+		}
 		if ( ! defined( 'SHIBBOLETH_BUTTON_TEXT' ) && isset( $_POST['button_text'] ) ) {
 			update_site_option( 'shibboleth_button_text', sanitize_text_field( wp_unslash( $_POST['button_text'] ) ) );
 		}
@@ -161,6 +164,8 @@ function shibboleth_options_general() {
 	$constant = $constant || $from_constant;
 	list( $auto_login, $from_constant ) = shibboleth_getoption( 'shibboleth_auto_login', false, false, true );
 	$constant = $constant || $from_constant;
+	list( $allow_rememberme, $from_constant ) = shibboleth_getoption( 'shibboleth_allow_rememberme', false, false, true );
+	$constant = $constant || $from_constant;
 	list( $disable_local_auth, $from_constant ) = shibboleth_getoption( 'shibboleth_disable_local_auth', false, false, true );
 	$constant = $constant || $from_constant;
 	list( $button_text, $from_constant ) = shibboleth_getoption( 'shibboleth_button_text', false, false, true );
@@ -337,6 +342,24 @@ function shibboleth_options_general() {
 				</p>
 			</td>
 		</tr>
+		<tr>
+			<th scope="row"><?php esc_html_e( 'Cookie Extension', 'shibboleth' ); ?></th>
+			<td>
+				<input type="checkbox" id="allow_rememberme" name="allow_rememberme" <?php checked( (bool) $allow_rememberme ); ?> <?php defined( 'SHIBBOLETH_ALLOW_REMEMBERME' ) && disabled( $allow_rememberme, SHIBBOLETH_ALLOW_REMEMBERME ); ?> />
+				<label for="allow_rememberme"><?php esc_html_e( 'Allow individual users to extend their shib cookie with a "Remember me" checkbox', 'shibboleth' ); ?></label>
+
+				<p>
+				<?php
+				echo wp_kses_post(
+					__(
+						'If set, this option displays a checkbox for "Remember Me" below the Shibboleth login button on the login page',
+						'shibboleth'
+					)
+				);
+				?>
+				</p>
+			</td>
+		</tr>
 		<tr>
 			<th scope="row"><?php esc_html_e( 'Disable Local Authentication', 'shibboleth' ); ?></th>
 			<td>

readme.txt

@@ -123,6 +123,10 @@ Yes, the plugin allows for all settings to be controlled via constants in `wp-co
    - Format: boolean
    - Available options: `true` to automatically login users with an existing Shibboleth session or `false` to not check for an existing Shibboleth session.
    - Example: `define('SHIBBOLETH_AUTO_LOGIN', true);`
+ - `SHIBBOLETH_ALLOW_REMEMBERME`
+   - Format: boolean
+   - Available options: `true` to include a "remember me" checkbox along with Shib login button to allow users to extend their cookie
+   - Example: `define( 'SHIBBOLETH_ALLOW_REMEMBERME', true );`
  - `SHIBBOLETH_BUTTON_TEXT`
    - Format: string
    - Available options: none

shibboleth.php

@@ -9,7 +9,7 @@
  * Plugin URI: https://wordpress.org/plugins/shibboleth/
  * Description: Easily externalize user authentication to a <a href="https://www.incommon.org/software/shibboleth/">Shibboleth</a> Service Provider
  * Author: Michael McNeill, mitcho (Michael 芳貴 Erlewine), Will Norris
- * Version: 2.4.2
+ * Version: 2.5.0
  * Requires PHP: 5.6
  * Requires at least: 4.0
  * License: Apache 2 (https://www.apache.org/licenses/LICENSE-2.0.html)
@@ -18,7 +18,7 @@
 
 define( 'SHIBBOLETH_MINIMUM_WP_VERSION', '4.0' );
 define( 'SHIBBOLETH_MINIMUM_PHP_VERSION', '5.6' );
-define( 'SHIBBOLETH_PLUGIN_VERSION', '2.4.2' );
+define( 'SHIBBOLETH_PLUGIN_VERSION', '2.5.0' );
 
 /**
  * Determine if this is a new install or upgrade and, if so, run the
@@ -198,6 +198,7 @@ function shibboleth_activate_plugin() {
 	add_site_option( 'shibboleth_login_url', get_site_option( 'home' ) . '/Shibboleth.sso/Login' );
 	add_site_option( 'shibboleth_default_to_shib_login', false );
 	add_site_option( 'shibboleth_auto_login', false );
+	add_site_option( 'shibboleth_allow_rememberme', false );
 	add_site_option( 'shibboleth_logout_url', get_site_option( 'home' ) . '/Shibboleth.sso/Logout' );
 	add_site_option( 'shibboleth_attribute_access_method', 'standard' );
 	add_site_option( 'shibboleth_default_role', '' );
@@ -876,6 +877,17 @@ function shibboleth_login_enqueue_scripts() {
 		wp_enqueue_style( 'shibboleth-login', plugins_url( 'assets/css/shibboleth_login_form.css', __FILE__ ), array( 'login' ), SHIBBOLETH_PLUGIN_VERSION );
 		wp_enqueue_script( 'shibboleth-login', plugins_url( 'assets/js/shibboleth_login_form.js', __FILE__ ), array( 'jquery' ), SHIBBOLETH_PLUGIN_VERSION, true );
 	}
+
+	if ( shibboleth_getoption( 'shibboleth_allow_rememberme' ) == 1 ) {
+		$ajaxurl = admin_url( 'admin-ajax.php' );
+		$js = '
+			if( ! window.ajaxurl ) {
+				ajaxurl = "' . esc_js( $ajaxurl ) . '";
+			}
+		';
+
+		wp_add_inline_script( 'shibboleth-login', $js, 'before' );
+	}
 }
 add_action( 'login_enqueue_scripts', 'shibboleth_login_enqueue_scripts' );
 
@@ -966,6 +978,10 @@ function shibboleth_login_form() {
 	$login_url = remove_query_arg( 'reauth', $login_url );
 	$button_text = shibboleth_getoption( 'shibboleth_button_text', __( 'Log in with Shibboleth', 'shibboleth' ) );
 	$disable = shibboleth_getoption( 'shibboleth_disable_local_auth', false );
+	$allow_rememberme = shibboleth_getoption( 'shibboleth_allow_rememberme' );
+	// in case we have this a previous login
+	setcookie( 'shibboleth_extend_cookie', '', time() - 3600, '/' );
+
 	?>
 	<div id="shibboleth-wrap" <?php echo $disable ? 'style="margin-top:0;"' : ''; ?>>
 		<?php
@@ -981,6 +997,16 @@ function shibboleth_login_form() {
 			<span class="shibboleth-icon"></span>
 			<?php echo esc_html( $button_text ); ?>
 		</a>
+		<?php
+		if ( $allow_rememberme ) {
+			?>
+			<div class="shibboleth-remember-me-wrap">
+				<input type="checkbox" name="shibboleth-lengthen-cookie" id="shibboleth-lengthen-cookie" value="1">
+				<label for="shibboleth-lengthen-cookie">Remember Me</label>
+			</div>
+			<?php
+		}
+		?>
 	</div>
 	<?php
 }
@@ -1026,3 +1052,39 @@ function shibboleth_load_textdomain() {
 	load_plugin_textdomain( 'shibboleth', false, dirname( plugin_basename( __FILE__ ) ) . '/localization/' );
 }
 add_action( 'plugins_loaded', 'shibboleth_load_textdomain' );
+
+
+/**
+ * Allow extending the shibboleth cookie
+ */
+function shibboleth_extend_cookie_expiration ( $length ) {
+	if (
+		shibboleth_getoption( 'shibboleth_allow_rememberme' ) == 1
+		&&
+		isset( $_COOKIE['shibboleth_extend_cookie'] )
+		&&
+		$_COOKIE['shibboleth_extend_cookie'] === 'yes'
+	) {
+		$length = 14 * DAY_IN_SECONDS;
+	}
+
+	return $length;
+}
+add_filter( 'auth_cookie_expiration', 'shibboleth_extend_cookie_expiration' );
+
+/**
+ * In response to an ajax call, set a temporary "remember me" to lengthen the
+ * cookie after shib resopnse comes back
+ */
+function shibboleth_ajax_set_temporary_rememberme_cookie () {
+	$remember_me = ( $_GET['value'] === '1' );
+
+	if ( $remember_me ) {
+		setcookie( 'shibboleth_extend_cookie', 'yes', 0, '/' );
+		wp_send_json_success( 'ok' );
+	} else {
+		setcookie( 'shibboleth_extend_cookie', '', time() - 3600, '/' );
+		wp_send_json_success( 'ok' );
+	}
+}
+add_action( 'wp_ajax_nopriv_shibboleth_remember_me', 'shibboleth_ajax_set_temporary_rememberme_cookie' );