diff --git a/projects/packages/connection/changelog/fix-jetpack-sso-wpcom-classic b/projects/packages/connection/changelog/fix-jetpack-sso-wpcom-classic new file mode 100644 index 0000000000000..8f406c00c798d --- /dev/null +++ b/projects/packages/connection/changelog/fix-jetpack-sso-wpcom-classic @@ -0,0 +1,4 @@ +Significance: patch +Type: removed + +SSO: Removed the ability to skip the automatic login if site uses the WP.com classic interface diff --git a/projects/packages/connection/src/sso/class-sso.php b/projects/packages/connection/src/sso/class-sso.php index 2c04f13c7820e..b1c69934c0d16 100644 --- a/projects/packages/connection/src/sso/class-sso.php +++ b/projects/packages/connection/src/sso/class-sso.php @@ -446,13 +446,6 @@ private function wants_to_login() { return $wants_to_login; } - /** - * Checks to determine if the user has indicated they want to use the wp-admin interface. - */ - private function use_wp_admin_interface() { - return 'wp-admin' === get_option( 'wpcom_admin_interface' ); - } - /** * Initialization for a SSO request. */ @@ -510,7 +503,7 @@ public function login_init() { * to the WordPress.com login page AND that the request to wp-login.php * is not something other than login (Like logout!) */ - if ( ! $this->use_wp_admin_interface() && Helpers::bypass_login_forward_wpcom() && $this->wants_to_login() ) { + if ( Helpers::bypass_login_forward_wpcom() && $this->wants_to_login() ) { add_filter( 'allowed_redirect_hosts', array( Helpers::class, 'allowed_redirect_hosts' ) ); $reauth = ! empty( $_GET['force_reauth'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended $sso_url = $this->get_sso_url_or_die( $reauth ); diff --git a/projects/plugins/wpcomsh/changelog/fix-jetpack-sso-wpcom-classic b/projects/plugins/wpcomsh/changelog/fix-jetpack-sso-wpcom-classic new file mode 100644 index 0000000000000..0bab71346e03c --- /dev/null +++ b/projects/plugins/wpcomsh/changelog/fix-jetpack-sso-wpcom-classic @@ -0,0 +1,4 @@ +Significance: minor +Type: changed + +SSO: Automatic logic for Calypso users of classic sites diff --git a/projects/plugins/wpcomsh/composer.json b/projects/plugins/wpcomsh/composer.json index a242491ec9760..ad1e0de5a4658 100644 --- a/projects/plugins/wpcomsh/composer.json +++ b/projects/plugins/wpcomsh/composer.json @@ -127,7 +127,7 @@ "composer/installers": true, "roots/wordpress-core-installer": true }, - "autoloader-suffix": "26841ac2064774301cbe06d174833bfc_wpcomshⓥ5_5_1_alpha" + "autoloader-suffix": "26841ac2064774301cbe06d174833bfc_wpcomshⓥ5_6_0_alpha" }, "extra": { "mirror-repo": "Automattic/wpcom-site-helper", diff --git a/projects/plugins/wpcomsh/package.json b/projects/plugins/wpcomsh/package.json index c8a90ec001440..58970450f0966 100644 --- a/projects/plugins/wpcomsh/package.json +++ b/projects/plugins/wpcomsh/package.json @@ -3,7 +3,7 @@ "name": "@automattic/jetpack-wpcomsh", "description": "A helper for connecting WordPress.com sites to external host infrastructure.", "homepage": "https://jetpack.com", - "version": "5.5.1-alpha", + "version": "5.6.0-alpha", "bugs": { "url": "https://github.com/Automattic/jetpack/labels/[Plugin] Wpcomsh" }, diff --git a/projects/plugins/wpcomsh/wpcomsh.php b/projects/plugins/wpcomsh/wpcomsh.php index 927e38334a506..b4fa84bbc9465 100644 --- a/projects/plugins/wpcomsh/wpcomsh.php +++ b/projects/plugins/wpcomsh/wpcomsh.php @@ -2,14 +2,14 @@ /** * Plugin Name: WordPress.com Site Helper * Description: A helper for connecting WordPress.com sites to external host infrastructure. - * Version: 5.5.1-alpha + * Version: 5.6.0-alpha * Author: Automattic * Author URI: http://automattic.com/ * * @package wpcomsh */ -define( 'WPCOMSH_VERSION', '5.5.1-alpha' ); +define( 'WPCOMSH_VERSION', '5.6.0-alpha' ); // If true, Typekit fonts will be available in addition to Google fonts add_filter( 'jetpack_fonts_enable_typekit', '__return_true' ); @@ -217,9 +217,29 @@ function wpcomsh_jetpack_sso_auth_cookie_expiration( $seconds ) { add_filter( 'jetpack_sso_auth_cookie_expiration', 'wpcomsh_jetpack_sso_auth_cookie_expiration' ); /** - * If a user is logged in to WordPress.com, log him in automatically to wp-login + * Determine if users who are already logged in to WordPress.com are automatically logged in to wp-admin. */ -add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' ); +function wpcomsh_bypass_jetpack_sso_login() { + /** + * Sites with the classic interface: + * - Automatic login if they come from Calypso. + * - Otherwise we display the login form, so they can decide whether to use a WP.com account or a local account. + */ + if ( 'wp-admin' === get_option( 'wpcom_admin_interface' ) ) { + $calypso_domains = array( + 'https://wordpress.com/', + 'https://horizon.wordpress.com/', + 'https://wpcalypso.wordpress.com/', + 'http://calypso.localhost:3000/', + 'http://127.0.0.1:41050/', // Desktop App. + ); + return in_array( wp_get_referer(), $calypso_domains, true ); + } + + // Users of sites with the default interface are always logged in automatically. + return true; +} +add_filter( 'jetpack_sso_bypass_login_forward_wpcom', 'wpcomsh_bypass_jetpack_sso_login' ); /** * Overwrite the default value of SSO "Match by Email" setting.