From 5aa9e8644301fbfa6cab6b58ca5018c5ff6fcf56 Mon Sep 17 00:00:00 2001 From: Miguel Torres <1233880+mmtr@users.noreply.github.com> Date: Wed, 4 Sep 2024 11:28:16 +0200 Subject: [PATCH] SSO: Show wp-admin login form if site has local users (#39139) Stops enforcing the WP.com login for Atomic sites with local users. Previously, we were disabling the enforced WP.com login on sites with the classic interface (except for users coming from Calypso), and kept it on sites with the default interface. However, sites with the default interface can have local users as well (users not connected to WP.com) who are unable to use their wp-admin credentials to log in into wp-admin. This commit fixes that by changing who is enforced to log in with a WP.com account: - Sites without local users: - WP.com login, always. - Sites with local users: - If user comes from Calypso: WP.com login - Otherwise: Jetpack SSO login, so they can decide whether to use a WP.com account or a local account. --- .../changelog/update-wpcom-sso-local-users | 4 ++ projects/plugins/wpcomsh/wpcomsh.php | 43 ++++++++++++------- 2 files changed, 31 insertions(+), 16 deletions(-) create mode 100644 projects/plugins/wpcomsh/changelog/update-wpcom-sso-local-users diff --git a/projects/plugins/wpcomsh/changelog/update-wpcom-sso-local-users b/projects/plugins/wpcomsh/changelog/update-wpcom-sso-local-users new file mode 100644 index 0000000000000..6e72b52b53e8b --- /dev/null +++ b/projects/plugins/wpcomsh/changelog/update-wpcom-sso-local-users @@ -0,0 +1,4 @@ +Significance: minor +Type: changed + +SSO: Show wp-admin login form if site has local users diff --git a/projects/plugins/wpcomsh/wpcomsh.php b/projects/plugins/wpcomsh/wpcomsh.php index b4e84db599544..0e269a92f0124 100644 --- a/projects/plugins/wpcomsh/wpcomsh.php +++ b/projects/plugins/wpcomsh/wpcomsh.php @@ -218,26 +218,37 @@ function wpcomsh_jetpack_sso_auth_cookie_expiration( $seconds ) { add_filter( 'jetpack_sso_auth_cookie_expiration', 'wpcomsh_jetpack_sso_auth_cookie_expiration' ); /** - * Determine if users who are already logged in to WordPress.com are automatically logged in to wp-admin. + * Determine if users should be enforced to log in with their WP.com account. + * + * Sites without local users: + * - WP.com login, always. + * + * Sites with local users: + * - If user comes from Calypso: WP.com login + * - Otherwise: Jetpack SSO login, so they can decide whether to use a WP.com account or a local account. */ function wpcomsh_bypass_jetpack_sso_login() { - /** - * Sites with the classic interface: - * - Automatic login if they come from Calypso. - * - Otherwise we display the login form, so they can decide whether to use a WP.com account or a local account. - */ - if ( 'wp-admin' === get_option( 'wpcom_admin_interface' ) ) { - $calypso_domains = array( - 'https://wordpress.com/', - 'https://horizon.wordpress.com/', - 'https://wpcalypso.wordpress.com/', - 'http://calypso.localhost:3000/', - 'http://127.0.0.1:41050/', // Desktop App. - ); - return in_array( wp_get_referer(), $calypso_domains, true ); + $calypso_domains = array( + 'https://wordpress.com/', + 'https://horizon.wordpress.com/', + 'https://wpcalypso.wordpress.com/', + 'http://calypso.localhost:3000/', + 'http://127.0.0.1:41050/', // Desktop App. + ); + if ( in_array( wp_get_referer(), $calypso_domains, true ) ) { + return true; + } + + if ( class_exists( '\Automattic\Jetpack\Connection\Manager' ) ) { + $connection_manager = new \Automattic\Jetpack\Connection\Manager( 'jetpack' ); + $users = get_users( array( 'fields' => array( 'ID' ) ) ); + foreach ( $users as $user ) { + if ( ! $connection_manager->is_user_connected( $user->ID ) ) { + return false; + } + } } - // Users of sites with the default interface are always logged in automatically. return true; } add_filter( 'jetpack_sso_bypass_login_forward_wpcom', 'wpcomsh_bypass_jetpack_sso_login' );