From 761e15cac3fca9d213c33610ab2c6084e24062fd Mon Sep 17 00:00:00 2001 From: mmtr <1233880+mmtr@users.noreply.github.com> Date: Thu, 29 Aug 2024 16:06:58 +0200 Subject: [PATCH 1/2] SSO: Show wp-admin login form if site has local users --- .../changelog/update-wpcom-sso-local-users | 4 ++ projects/plugins/wpcomsh/wpcomsh.php | 41 ++++++++++++------- 2 files changed, 30 insertions(+), 15 deletions(-) create mode 100644 projects/plugins/wpcomsh/changelog/update-wpcom-sso-local-users diff --git a/projects/plugins/wpcomsh/changelog/update-wpcom-sso-local-users b/projects/plugins/wpcomsh/changelog/update-wpcom-sso-local-users new file mode 100644 index 0000000000000..6e72b52b53e8b --- /dev/null +++ b/projects/plugins/wpcomsh/changelog/update-wpcom-sso-local-users @@ -0,0 +1,4 @@ +Significance: minor +Type: changed + +SSO: Show wp-admin login form if site has local users diff --git a/projects/plugins/wpcomsh/wpcomsh.php b/projects/plugins/wpcomsh/wpcomsh.php index fce7f8c0d00aa..794b5b40be312 100644 --- a/projects/plugins/wpcomsh/wpcomsh.php +++ b/projects/plugins/wpcomsh/wpcomsh.php @@ -218,25 +218,36 @@ function wpcomsh_jetpack_sso_auth_cookie_expiration( $seconds ) { /** * Determine if users who are already logged in to WordPress.com are automatically logged in to wp-admin. + * + * Sites without local users: + * - Automatic login, always. + * + * Sites with local users: + * - If user comes from Calypso: Automatic login + * - Otherwise: Show the login form, so they can decide whether to use a WP.com account or a local account. */ function wpcomsh_bypass_jetpack_sso_login() { - /** - * Sites with the classic interface: - * - Automatic login if they come from Calypso. - * - Otherwise we display the login form, so they can decide whether to use a WP.com account or a local account. - */ - if ( 'wp-admin' === get_option( 'wpcom_admin_interface' ) ) { - $calypso_domains = array( - 'https://wordpress.com/', - 'https://horizon.wordpress.com/', - 'https://wpcalypso.wordpress.com/', - 'http://calypso.localhost:3000/', - 'http://127.0.0.1:41050/', // Desktop App. - ); - return in_array( wp_get_referer(), $calypso_domains, true ); + $calypso_domains = array( + 'https://wordpress.com/', + 'https://horizon.wordpress.com/', + 'https://wpcalypso.wordpress.com/', + 'http://calypso.localhost:3000/', + 'http://127.0.0.1:41050/', // Desktop App. + ); + if ( in_array( wp_get_referer(), $calypso_domains, true ) ) { + return true; + } + + if ( class_exists( '\Automattic\Jetpack\Connection\Manager' ) ) { + $connection_manager = new \Automattic\Jetpack\Connection\Manager( 'jetpack' ); + $users = get_users( array( 'fields' => array( 'ID' ) ) ); + foreach ( $users as $user ) { + if ( ! $connection_manager->is_user_connected( $user->ID ) ) { + return false; + } + } } - // Users of sites with the default interface are always logged in automatically. return true; } add_filter( 'jetpack_sso_bypass_login_forward_wpcom', 'wpcomsh_bypass_jetpack_sso_login' ); From 88b9205b77672698ba664faba686e91ec1214a55 Mon Sep 17 00:00:00 2001 From: mmtr <1233880+mmtr@users.noreply.github.com> Date: Thu, 29 Aug 2024 16:26:23 +0200 Subject: [PATCH 2/2] Improve docstring --- projects/plugins/wpcomsh/wpcomsh.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/projects/plugins/wpcomsh/wpcomsh.php b/projects/plugins/wpcomsh/wpcomsh.php index 794b5b40be312..bed04b4a47d26 100644 --- a/projects/plugins/wpcomsh/wpcomsh.php +++ b/projects/plugins/wpcomsh/wpcomsh.php @@ -217,14 +217,14 @@ function wpcomsh_jetpack_sso_auth_cookie_expiration( $seconds ) { add_filter( 'jetpack_sso_auth_cookie_expiration', 'wpcomsh_jetpack_sso_auth_cookie_expiration' ); /** - * Determine if users who are already logged in to WordPress.com are automatically logged in to wp-admin. + * Determine if users should be enforced to log in with their WP.com account. * * Sites without local users: - * - Automatic login, always. + * - WP.com login, always. * * Sites with local users: - * - If user comes from Calypso: Automatic login - * - Otherwise: Show the login form, so they can decide whether to use a WP.com account or a local account. + * - If user comes from Calypso: WP.com login + * - Otherwise: Jetpack SSO login, so they can decide whether to use a WP.com account or a local account. */ function wpcomsh_bypass_jetpack_sso_login() { $calypso_domains = array(