How to fully delete & reinstall plugin? Possible corrupted settings

  • How can I completely remove Authorizer (files, settings and other config elements) from a site so that I can do a clean reinstall? We’re using the plugin on a couple hundred sites at UC Berkeley Engineering, and on nearly all it’s working great. But for one site, I can’t successfully authorize new CAS-authenticated users, and existing CAS-authenticated users can’t log in. Instead, such users get blocked with the “You’re not currently allowed to view this site. Your administrator has been notified …” notice. And on the Authorizer Settings page, they get added to the Pending Users list, but with an incorrect, arbitrary email address that combines their username/UID with our campus domain. (For example, a new user I add to the Approved Users list as [email protected] winds up in the Pending Users list as [email protected].)

    On our other sites, using the same SSO integration settings and the same CAS settings, I have no problem adding new users simply by providing their email address. But on this problem site, I suspect there’s something corrupted/misconfigured in the plugin settings that is thwarting CAS authentication attempts. Even after I deactivated & deleted the plugin in the WP admin, and then reinstalled a fresh copy from the WP plugins directory, all of the site-specific settings reconfigured themselves without me doing anything, including the CAS configurations and an authorized user who had not actually logged in to create a WP account. I even tried manually deleting the authorizer folder in wp-content/plugins via SFTP, then installing a freshly downloaded copy, and again the config settings were there from the outset.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Paul Ryan

    (@figureone)

    When you deactivate and delete the plugin through the WordPress Dashboard > Plugins > Installed Plugins, the uninstall hook should fire which deletes the plugin settings from the database: https://github.com/uhm-coe/authorizer/blob/master/uninstall.php#L15-L23

    It’s been awhile since I tested that so I can verify after the holidays. In the meantime, you can also manually delete the rows from the wp_options table, basically any option_name that starts with auth_settings.

    All that said, it kind of sounds like Authorizer isn’t finding the email address attribute from the CAS server (you should specify this attribute name in the setting: Authorizer > External Service > CAS attribute containing email address). For this one server, it looks like that is set to a field with an ID instead of an email address, which causes Authorizer to fall back to a “guess” for the email address (basically appending an ampersand and the top-level domain of the CAS server to that value). Here’s the full routine for reference: https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-authentication.php#L824-L871

    Hopefully that’s the underlying cause here, because I can’t think of another reason why this one server would be behaving differently. I would go through and verify the CAS settings in Authorizer match the config you have on another working server first, and report back. Cheers!

    Plugin Author Paul Ryan

    (@figureone)

    Just an update, we found a few plugin options that weren’t deleted from the database upon uninstall/deletion: https://github.com/uhm-coe/authorizer/commit/17f43a17058a7053a5d08094bff2a21eab859cc8

    This will be included in the next version.

    (Funny story, I deleted my development copy of the plugin testing this out X-])

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to fully delete & reinstall plugin? Possible corrupted settings’ is closed to new replies.