Zynatic Authentication

This plugin enable authentication from Zynatic Medlemsregister by wp_remote_get call to https://www.zynatic.se/ The authentication is performed in several steps to reduce the risk of leakage of user credentials

1. WordPress sends an initiate to https://www.zynatic.se/ and receives a public key in the responce
2. WordPress encrypts user credentials using the received public key
3. WordPress sends the encrypted credentials to https://www.zynatic.se/
4. https://www.zynatic.se/ decrypt the credentials using its own secret key and validate credentials
5. https://www.zynatic.se/ sends a responce informing if the credentials is validated correctly and the user is allowed to login The user is created in https://www.zynatic.se/ if the username is missing in https://www.zynatic.se/, the credentials are validated ok in WordPress and the name are equal in https://www.zynatic.se/ and WordPress. The user is created in WordPress if the user credentials is validated ok in https://www.zynatic.se/ and the user is missing in WordPress. A WordPress super admin user is granted access in WordPress even if the user is missing in https://www.zynatic.se/.

1.0

• First version.

1.1

• Added the paramater allow_create to make it possible to turn off the creation of user and member in Zynatic Medlemsregister.

1.2

• Added code to give subscriber right to see private pages.

1.3

• Added logout function

1.3.1

• Corrected use of wp admin login

1.3.2

• Corrected settings of "Skapa användare"

1.3.3

• Handling of initial failure when contacting Zynatic

1.3.4

• Minor correction

1.3.5

• Check email if name check fails

1.3.6

• Try to select user from meta data ZynaticID

1.3.7

• Corrected creation of user in WordPress

1.4.0

• Added two-factor authentisation

1.4.1

• Added reading Zynatic session variables

1.4.2

• Board member allowed to login even if fee not is payed

1.4.3

• Error handling improved

1.5.1

• Allow user with administrator role to log in if not found in Zynatic

1.5.2

• Removed the use of interface files in the directory zynatic_medlemsregister

1.5.3

• Minor corrections

1.5.4

• Close session after accessing session variables.

1.6.0

• Added page templates for resticted access to pages.

1.7.0

• Added role selection for members of the board

1.7.1

• User created during login is set the defined role

1.7.2

• Minor corrections for two factor input field.
• Removed fallback action for 'wp_authenticate_email_password'.

1.7.3

• Removed the 'Remember me' check box on login page

1.7.4

• Error handling improved

1.7.5

• Error corrections

1.7.6

• Error corrections

1.7.7

• Error corrections

1.7.8

• Renamed the plugin to 'Zynatic Authentication'

1.7.9

• Added one more wp_unslash and removed a phpcs:ignore at that place

1.7.10

• Updates after initial review from wordpress.org

1.7.11

• Updates after review from wordpress.org

1.7.12

• Error corrections

1.7.13

• Updates after review from wordpress.org = 1.8.0
• Lagt till en parameter i inställningarna för att markera vilka administratörsinloggningar
• som tillåts logga in utan att motsvarande användare finns i medlemsregistret eller att
• uppkopplingen mot medlemsregistret inte fungerar. = 1.8.1
• Reworked the code to secure authentication process = 1.8.2
• Corrected error when opening login page = 1.8.3
• Error correction = 1.8.4
• Error correction = 1.8.5
• Better error message when failed to store user in WordPress = 1.8.6
• Secure that user meta data is stored when creating new user in WordPress = 1.9.0
• Trying to prevent brute force attack by addin delays on failed attempt after two failed attempts
• from same ip-address during the last ten minutes = 1.9.1
• Added captcha for too many failed login attempts from same ip-address = 1.9.2
• Allow external call to zynaau_login_form_extras in custom login-form