Skip to content

Commit

Permalink
SSO: Show wp-admin login form if site has local users (#39139)
Browse files Browse the repository at this point in the history
Stops enforcing the WP.com login for Atomic sites with local users.

Previously, we were disabling the enforced WP.com login on sites with the classic interface (except for users coming from Calypso), and kept it on sites with the default interface.

However, sites with the default interface can have local users as well (users not connected to WP.com) who are unable to use their wp-admin credentials to log in into wp-admin.

This commit fixes that by changing who is enforced to log in with a WP.com account:

- Sites without local users:
  - WP.com login, always.
- Sites with local users:
  - If user comes from Calypso: WP.com login
  - Otherwise: Jetpack SSO login, so they can decide whether to use a WP.com account or a local account.
  • Loading branch information
mmtr authored Sep 4, 2024
1 parent 1062ceb commit 5aa9e86
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 16 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Significance: minor
Type: changed

SSO: Show wp-admin login form if site has local users
43 changes: 27 additions & 16 deletions projects/plugins/wpcomsh/wpcomsh.php
Original file line number Diff line number Diff line change
Expand Up @@ -218,26 +218,37 @@ function wpcomsh_jetpack_sso_auth_cookie_expiration( $seconds ) {
add_filter( 'jetpack_sso_auth_cookie_expiration', 'wpcomsh_jetpack_sso_auth_cookie_expiration' );

/**
* Determine if users who are already logged in to WordPress.com are automatically logged in to wp-admin.
* Determine if users should be enforced to log in with their WP.com account.
*
* Sites without local users:
* - WP.com login, always.
*
* Sites with local users:
* - If user comes from Calypso: WP.com login
* - Otherwise: Jetpack SSO login, so they can decide whether to use a WP.com account or a local account.
*/
function wpcomsh_bypass_jetpack_sso_login() {
/**
* Sites with the classic interface:
* - Automatic login if they come from Calypso.
* - Otherwise we display the login form, so they can decide whether to use a WP.com account or a local account.
*/
if ( 'wp-admin' === get_option( 'wpcom_admin_interface' ) ) {
$calypso_domains = array(
'https://wordpress.com/',
'https://horizon.wordpress.com/',
'https://wpcalypso.wordpress.com/',
'http://calypso.localhost:3000/',
'http://127.0.0.1:41050/', // Desktop App.
);
return in_array( wp_get_referer(), $calypso_domains, true );
$calypso_domains = array(
'https://wordpress.com/',
'https://horizon.wordpress.com/',
'https://wpcalypso.wordpress.com/',
'http://calypso.localhost:3000/',
'http://127.0.0.1:41050/', // Desktop App.
);
if ( in_array( wp_get_referer(), $calypso_domains, true ) ) {
return true;
}

if ( class_exists( '\Automattic\Jetpack\Connection\Manager' ) ) {
$connection_manager = new \Automattic\Jetpack\Connection\Manager( 'jetpack' );
$users = get_users( array( 'fields' => array( 'ID' ) ) );
foreach ( $users as $user ) {
if ( ! $connection_manager->is_user_connected( $user->ID ) ) {
return false;
}
}
}

// Users of sites with the default interface are always logged in automatically.
return true;
}
add_filter( 'jetpack_sso_bypass_login_forward_wpcom', 'wpcomsh_bypass_jetpack_sso_login' );
Expand Down

0 comments on commit 5aa9e86

Please sign in to comment.