SSO: switch from module codebase to Connection package, part 3 (#37153)

* SSO: remove references to Jetpack class

* Switch to modern display of notice and add missing i18n wrapping

* Load SSO feature from the Connection package

* Switch to Connection package for all SSO references

* Deprecate all module classes and methods

* Remove module test

* Remove test reference too

* Remove one more test directory (multisite)

* Update Phan config

* Move SSO callables to the Connection package

See https://github.com/Automattic/jetpack/pull/37153/files#r1586113523

* Add deprecated class back

Co-authored-by: sergeymitr <[email protected]>

* Remove deprecated private methods

See https://github.com/Automattic/jetpack/pull/37153/files#r1586438953

Co-authored-by: sergeymitr <[email protected]>

* Remove private properties and methods

See Automattic/jetpack#37153 (comment)

Co-authored-by: sergeymitr <[email protected]>

* Move user generation to Utils class

See Automattic/jetpack#37153 (comment)

* Try fixing tests

* Revert "Try fixing tests"

This reverts commit 0ea30ae53034e025fa3e7938470991b65d254204.

* Bump versions

* Ensure the SSO module is used in tests

* Add new SSO XML-RPC method

* Jetpack Connection: Bump package version

---------

Co-authored-by: sergeymitr <[email protected]>
Co-authored-by: Foteini Giannaropoulou <[email protected]>

Committed via a GitHub action: https://github.com/Automattic/jetpack/actions/runs/9080205827

Upstream-Ref: Automattic/jetpack@101ddb3

composer.json

@@ -11,7 +11,7 @@
 		"automattic/jetpack-config": "^2.0.2",
 		"automattic/jetpack-identity-crisis": "^0.18.6",
 		"automattic/jetpack-publicize": "^0.44.0",
-		"automattic/jetpack-connection": "^2.8.0",
+		"automattic/jetpack-connection": "^2.8.1-alpha",
 		"automattic/jetpack-my-jetpack": "^4.23.2",
 		"automattic/jetpack-sync": "^2.16.2-alpha",
 		"automattic/jetpack-status": "^3.0.3",

jetpack_vendor/automattic/jetpack-boost-core/composer.json

@@ -5,7 +5,7 @@
 	"license": "GPL-2.0-or-later",
 	"require": {
 		"php": ">=7.0",
-		"automattic/jetpack-connection": "^2.8.0"
+		"automattic/jetpack-connection": "^2.8.1-alpha"
 	},
 	"require-dev": {
 		"yoast/phpunit-polyfills": "1.1.0",

jetpack_vendor/automattic/jetpack-connection/CHANGELOG.md

@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.8.1-alpha] - unreleased
+
+This is an alpha version! The changes listed here are not final.
+
+### Changed
+- SSO: do not rely on the Jetpack class anymore.
+
 ## [2.8.0] - 2024-05-13
 ### Added
 - SSO: Ensuring tooltips are accessible [#37302]
@@ -1058,6 +1065,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Separate the connection library into its own package.
 
+[2.8.1-alpha]: https://github.com/Automattic/jetpack-connection/compare/v2.8.0...v2.8.1-alpha
 [2.8.0]: https://github.com/Automattic/jetpack-connection/compare/v2.7.7...v2.8.0
 [2.7.7]: https://github.com/Automattic/jetpack-connection/compare/v2.7.6...v2.7.7
 [2.7.6]: https://github.com/Automattic/jetpack-connection/compare/v2.7.5...v2.7.6

jetpack_vendor/automattic/jetpack-connection/src/class-package-version.php

@@ -12,7 +12,7 @@
  */
 class Package_Version {
 
-	const PACKAGE_VERSION = '2.8.0';
+	const PACKAGE_VERSION = '2.8.1-alpha';
 
 	const PACKAGE_SLUG = 'connection';
 

jetpack_vendor/automattic/jetpack-connection/src/class-utils.php

@@ -83,4 +83,53 @@ public static function filter_register_request_body( $properties ) {
 			)
 		);
 	}
+
+	/**
+	 * Generate a new user from a SSO attempt.
+	 *
+	 * @param object $user_data WordPress.com user information.
+	 */
+	public static function generate_user( $user_data ) {
+		$username = $user_data->login;
+		/**
+		 * Determines how many times the SSO module can attempt to randomly generate a user.
+		 *
+		 * @module sso
+		 *
+		 * @since jetpack-4.3.2
+		 *
+		 * @param int 5 By default, SSO will attempt to random generate a user up to 5 times.
+		 */
+		$num_tries = (int) apply_filters( 'jetpack_sso_allowed_username_generate_retries', 5 );
+
+		$exists = username_exists( $username );
+		$tries  = 0;
+		while ( $exists && $tries++ < $num_tries ) {
+			$username = $user_data->login . '_' . $user_data->ID . '_' . wp_rand();
+			$exists   = username_exists( $username );
+		}
+
+		if ( $exists ) {
+			return false;
+		}
+
+		$user               = (object) array();
+		$user->user_pass    = wp_generate_password( 20 );
+		$user->user_login   = wp_slash( $username );
+		$user->user_email   = wp_slash( $user_data->email );
+		$user->display_name = $user_data->display_name;
+		$user->first_name   = $user_data->first_name;
+		$user->last_name    = $user_data->last_name;
+		$user->url          = $user_data->url;
+		$user->description  = $user_data->description;
+
+		if ( isset( $user_data->role ) && $user_data->role ) {
+			$user->role = $user_data->role;
+		}
+
+		$created_user_id = wp_insert_user( $user );
+
+		update_user_meta( $created_user_id, 'wpcom_user_id', $user_data->ID );
+		return get_userdata( $created_user_id );
+	}
 }

jetpack_vendor/automattic/jetpack-connection/src/sso/class-force-2fa.php

@@ -50,10 +50,7 @@ public function plugins_loaded() {
 		$this->role = apply_filters( 'jetpack_force_2fa_cap', 'manage_options' );
 
 		// Bail if Jetpack SSO is not active
-		if (
-			! class_exists( 'Jetpack' )
-			|| ! ( new Modules() )->is_active( 'sso' )
-		) {
+		if ( ! ( new Modules() )->is_active( 'sso' ) ) {
 			add_action( 'admin_notices', array( $this, 'admin_notice' ) );
 			return;
 		}
@@ -75,7 +72,12 @@ public function admin_notice() {
 		 * @module SSO
 		 */
 		if ( apply_filters( 'jetpack_force_2fa_dependency_notice', true ) && current_user_can( $this->role ) ) {
-			printf( '<div class="%1$s"><p>%2$s</p></div>', 'notice notice-warning', 'Jetpack Force 2FA requires Jetpack and the Jetpack SSO module.' );
+			wp_admin_notice(
+				esc_html__( 'Jetpack Force 2FA requires Jetpack’s SSO feature.', 'jetpack-connection' ),
+				array(
+					'type' => 'warning',
+				)
+			);
 		}
 	}
 

jetpack_vendor/automattic/jetpack-connection/src/sso/class-helpers.php

@@ -214,55 +214,6 @@ public static function allowed_redirect_hosts( $hosts, $api_base = '' ) {
 		return array_unique( $hosts );
 	}
 
-	/**
-	 * Generate a new user from a SSO attempt.
-	 *
-	 * @param object $user_data WordPress.com user information.
-	 */
-	public static function generate_user( $user_data ) {
-		$username = $user_data->login;
-		/**
-		 * Determines how many times the SSO module can attempt to randomly generate a user.
-		 *
-		 * @module sso
-		 *
-		 * @since jetpack-4.3.2
-		 *
-		 * @param int 5 By default, SSO will attempt to random generate a user up to 5 times.
-		 */
-		$num_tries = (int) apply_filters( 'jetpack_sso_allowed_username_generate_retries', 5 );
-
-		$exists = username_exists( $username );
-		$tries  = 0;
-		while ( $exists && $tries++ < $num_tries ) {
-			$username = $user_data->login . '_' . $user_data->ID . '_' . wp_rand();
-			$exists   = username_exists( $username );
-		}
-
-		if ( $exists ) {
-			return false;
-		}
-
-		$user               = (object) array();
-		$user->user_pass    = wp_generate_password( 20 );
-		$user->user_login   = wp_slash( $username );
-		$user->user_email   = wp_slash( $user_data->email );
-		$user->display_name = $user_data->display_name;
-		$user->first_name   = $user_data->first_name;
-		$user->last_name    = $user_data->last_name;
-		$user->url          = $user_data->url;
-		$user->description  = $user_data->description;
-
-		if ( isset( $user_data->role ) && $user_data->role ) {
-			$user->role = $user_data->role;
-		}
-
-		$created_user_id = wp_insert_user( $user );
-
-		update_user_meta( $created_user_id, 'wpcom_user_id', $user_data->ID );
-		return get_userdata( $created_user_id );
-	}
-
 	/**
 	 * Determines how long the auth cookie is valid for when a user logs in with SSO.
 	 *

jetpack_vendor/automattic/jetpack-connection/src/sso/class-sso.php

@@ -47,14 +47,6 @@ private function __construct() {
 
 		self::$instance = $this;
 
-		/*
-		 * This feature currently relies on the Jetpack plugin.
-		 * Bail if Jetpack isn't installed.
-		 */
-		if ( ! class_exists( 'Jetpack' ) ) {
-			return;
-		}
-
 		add_action( 'admin_init', array( $this, 'maybe_authorize_user_after_sso' ), 1 );
 		add_action( 'admin_init', array( $this, 'register_settings' ) );
 		add_action( 'login_init', array( $this, 'login_init' ) );
@@ -71,6 +63,9 @@ private function __construct() {
 
 		add_filter( 'wp_login_errors', array( $this, 'sso_reminder_logout_wpcom' ) );
 
+		// Synchronize SSO options with WordPress.com.
+		add_filter( 'jetpack_sync_callable_whitelist', array( $this, 'sync_sso_callables' ), 10, 1 );
+
 		/**
 		 * Filter to include Force 2FA feature.
 		 *
@@ -134,6 +129,27 @@ public static function get_instance() {
 		return self::$instance;
 	}
 
+	/**
+	 * Add SSO callables to the sync whitelist.
+	 *
+	 * @since 2.8.1-alpha
+	 *
+	 * @param array $callables list of callables.
+	 *
+	 * @return array list of callables.
+	 */
+	public function sync_sso_callables( $callables ) {
+		$sso_callables = array(
+			'sso_is_two_step_required'      => array( Helpers::class, 'is_two_step_required' ),
+			'sso_should_hide_login_form'    => array( Helpers::class, 'should_hide_login_form' ),
+			'sso_match_by_email'            => array( Helpers::class, 'match_by_email' ),
+			'sso_new_user_override'         => array( Helpers::class, 'new_user_override' ),
+			'sso_bypass_default_login_form' => array( Helpers::class, 'bypass_login_forward_wpcom' ),
+		);
+
+		return array_merge( $callables, $sso_callables );
+	}
+
 	/**
 	 * Safety heads-up added to the logout messages when SSO is enabled.
 	 * Some folks on a shared computer don't know that they need to log out of WordPress.com as well.
@@ -864,7 +880,7 @@ public function handle_login() {
 					$user_data->role = $new_user_override_role;
 				}
 
-				$user = Helpers::generate_user( $user_data );
+				$user = Utils::generate_user( $user_data );
 				if ( ! $user ) {
 					$tracking->record_user_event(
 						'sso_login_failed',

jetpack_vendor/automattic/jetpack-identity-crisis/composer.json

@@ -5,7 +5,7 @@
 	"license": "GPL-2.0-or-later",
 	"require": {
 		"php": ">=7.0",
-		"automattic/jetpack-connection": "^2.8.0",
+		"automattic/jetpack-connection": "^2.8.1-alpha",
 		"automattic/jetpack-constants": "^2.0.2",
 		"automattic/jetpack-status": "^3.0.3",
 		"automattic/jetpack-logo": "^2.0.2",

jetpack_vendor/automattic/jetpack-jitm/composer.json

@@ -7,7 +7,7 @@
 		"php": ">=7.0",
 		"automattic/jetpack-a8c-mc-stats": "^2.0.1",
 		"automattic/jetpack-assets": "^2.1.9",
-		"automattic/jetpack-connection": "^2.8.0",
+		"automattic/jetpack-connection": "^2.8.1-alpha",
 		"automattic/jetpack-device-detection": "^2.1.3",
 		"automattic/jetpack-logo": "^2.0.2",
 		"automattic/jetpack-redirect": "^2.0.2",

jetpack_vendor/automattic/jetpack-licensing/composer.json

@@ -5,7 +5,7 @@
 	"license": "GPL-2.0-or-later",
 	"require": {
 		"php": ">=7.0",
-		"automattic/jetpack-connection": "^2.8.0"
+		"automattic/jetpack-connection": "^2.8.1-alpha"
 	},
 	"require-dev": {
 		"automattic/wordbless": "@dev",

jetpack_vendor/automattic/jetpack-my-jetpack/composer.json

@@ -8,7 +8,7 @@
 		"automattic/jetpack-admin-ui": "^0.4.2",
 		"automattic/jetpack-assets": "^2.1.9",
 		"automattic/jetpack-boost-speed-score": "^0.3.11",
-		"automattic/jetpack-connection": "^2.8.0",
+		"automattic/jetpack-connection": "^2.8.1-alpha",
 		"automattic/jetpack-jitm": "^3.1.10",
 		"automattic/jetpack-licensing": "^2.0.5",
 		"automattic/jetpack-plugins-installer": "^0.3.5",

jetpack_vendor/automattic/jetpack-publicize/composer.json

@@ -5,7 +5,7 @@
 	"license": "GPL-2.0-or-later",
 	"require": {
 		"php": ">=7.0",
-		"automattic/jetpack-connection": "^2.8.0",
+		"automattic/jetpack-connection": "^2.8.1-alpha",
 		"automattic/jetpack-autoloader": "^3.0.7",
 		"automattic/jetpack-config": "^2.0.2",
 		"automattic/jetpack-assets": "^2.1.9",

jetpack_vendor/automattic/jetpack-sync/composer.json

@@ -5,7 +5,7 @@
 	"license": "GPL-2.0-or-later",
 	"require": {
 		"php": ">=7.0",
-		"automattic/jetpack-connection": "^2.8.0",
+		"automattic/jetpack-connection": "^2.8.1-alpha",
 		"automattic/jetpack-constants": "^2.0.2",
 		"automattic/jetpack-identity-crisis": "^0.18.6",
 		"automattic/jetpack-password-checker": "^0.3.1",

jetpack_vendor/i18n-map.php

@@ -26,7 +26,7 @@
     ),
     'jetpack-connection' => array(
       'path' => 'jetpack_vendor/automattic/jetpack-connection',
-      'ver' => '2.8.0',
+      'ver' => '2.8.1-alpha1715693174',
     ),
     'jetpack-idc' => array(
       'path' => 'jetpack_vendor/automattic/jetpack-identity-crisis',

vendor/automattic/jetpack-plans/composer.json

@@ -5,7 +5,7 @@
 	"license": "GPL-2.0-or-later",
 	"require": {
 		"php": ">=7.0",
-		"automattic/jetpack-connection": "^2.8.0"
+		"automattic/jetpack-connection": "^2.8.1-alpha"
 	},
 	"require-dev": {
 		"yoast/phpunit-polyfills": "1.1.0",