SSO: Add integration with JSON API authorization #6194
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ebinnion
added
[Feature] SSO
[Status] In Progress
[Type] Bug
|
Sounds reasonable. We had problems in the past not accounting for changed actions when the action is register or forgotpassword or the like. |
|
As is, this PR makes the SSO form visible. But, I'm now trying to figure out how to integrate with the JSON API authorization flow. |
|
At this point, the PR is functional. BUT... it's definitely hacky since we're overriding superglobals. 🎉 From what I can tell, I'm not sure that JSON API auth and SSO ever worked together since SSO uses a completely different action when doing its auth. So, the hooks that are initialized for the |
ebinnion
added
[Status] Needs Review
ebinnion
force-pushed
the
update/sso-allow-3rd-party-actions
branch
2 times, most recently
from
92302f3 to
40bbb53
Compare
ebinnion
force-pushed
the
update/sso-allow-3rd-party-actions
branch
from
40bbb53 to
40a0c6e
Compare
ebinnion
changed the title
|
When I tried this out, I got to the point of the first request to log in/authorize access and saw the SSO button/UI (yay!) so I clicked to Log in with WordPress.com, and then it seemed to just reload the screen, but this time I was logged out of WP.com (I think, no avatar/name shown), but then it showed the SSO button again. So I clicked it again, and it loaded for a while, then just came back to that same state again, and now seems to be in a loop there (e.g. successive clicks of the SSO button just reload this page, asking me to log in and authorize access to my site's data). So: I clicked to Authorize access to one of my sites, and WP.com shows me this:
Then I pick my site from the list and click Authorize, so I'm sent to that (Jetpack) site to authorize:
but when I click to "Log in with WordPress.com", it just reloads to here:
|
jeherve
added
[Status] In Progress
[Status] Needs Author Reply
ebinnion
force-pushed
the
update/sso-allow-3rd-party-actions
branch
from
d0ce473 to
156f0b4
Compare
ebinnion
force-pushed
the
update/sso-allow-3rd-party-actions
branch
from
156f0b4 to
6b96a1f
Compare
|
I believe I found the issue that @beaulebens was running in to. When the I didn't catch this in my testing because I had previously used the standard username/password login form which set the Moving this back to |
ebinnion
added
[Status] Needs Review
enejb
reviewed
Jan 31, 2017
| return false; | ||
| } | ||
|
|
||
| if ( 'jetpack_json_api_authorization' != $args['action'] ) { |
There was a problem hiding this comment.
should we have a stricter comparison here?
There was a problem hiding this comment.
We could do !==, but I'm not sure it's necessary here since we're comparing strings.
There was a problem hiding this comment.
since we're comparing strings.
sure sure?
|
From a user-testing perspective, this is working perfectly for me now! |
dereksmart
pushed a commit
that referenced
this pull request
Feb 2, 2017
* Changelog: move 4.5 changelog to changelog.txt * Changelog: add #5603 * Changelog: add #6242 * Changelog: add #6104 * Changelog: add #6109 * Changelog: add #6118 * Changelog: adf #6122 * Changelog: add #6115 * Changelog: add #6126 * Changelog: add #6131 * Changelog: add #6140 * Testing list: add testing instructions for Widget fixes. * Changelog: add #6142 * Changelog: add #6149 * Changelog: add #6151 * Changelog: add #6153 * Changelog: add #6154 * Changelog: add #6155 * Changelog: add #6158 * Changelog: add #6170 * Changelog: add #6182 * Changelog: add #6183 * Changelog: add #5821 * Changelog: add #5953 * Changelog: add #5988 * Changelog: add #6002 * Changelog: add #6021 * Changelog: add #6038 * Changelog: add #6040 * Changelog: add #6060 * Changelog: add #6068 * Changelog: add #6083 * Changelog: add #6098 * Changelog: add #6186 * Testing list: add Publicize instructions. * Changelog: add #6190 * Changelog: add #6194 * Changelog: add #6230 * Changelog: add #6232 * Changelog: add #6234 * Testing list: add instructions to test Woo JITM. * Testing list: add PHP 7.1 testing. * Testing list: add compat tests for widgets and shortcodes. * Testing list: add wpcom REST API testing. * Missing word in testing list.
dereksmart
pushed a commit
that referenced
this pull request
Feb 2, 2017
* Changelog: move 4.5 changelog to changelog.txt * Changelog: add #5603 * Changelog: add #6242 * Changelog: add #6104 * Changelog: add #6109 * Changelog: add #6118 * Changelog: adf #6122 * Changelog: add #6115 * Changelog: add #6126 * Changelog: add #6131 * Changelog: add #6140 * Testing list: add testing instructions for Widget fixes. * Changelog: add #6142 * Changelog: add #6149 * Changelog: add #6151 * Changelog: add #6153 * Changelog: add #6154 * Changelog: add #6155 * Changelog: add #6158 * Changelog: add #6170 * Changelog: add #6182 * Changelog: add #6183 * Changelog: add #5821 * Changelog: add #5953 * Changelog: add #5988 * Changelog: add #6002 * Changelog: add #6021 * Changelog: add #6038 * Changelog: add #6040 * Changelog: add #6060 * Changelog: add #6068 * Changelog: add #6083 * Changelog: add #6098 * Changelog: add #6186 * Testing list: add Publicize instructions. * Changelog: add #6190 * Changelog: add #6194 * Changelog: add #6230 * Changelog: add #6232 * Changelog: add #6234 * Testing list: add instructions to test Woo JITM. * Testing list: add PHP 7.1 testing. * Testing list: add compat tests for widgets and shortcodes. * Testing list: add wpcom REST API testing. * Missing word in testing list.
samhotchkiss
pushed a commit
that referenced
this pull request
Feb 10, 2017
* update google analytics description (#6250) * Add user tracking for disconnecting site (#6248) * Minor whitespace cleanups * Changelog and Testing list for Jetpack 4.6 (#6245) * Changelog: move 4.5 changelog to changelog.txt * Changelog: add #5603 * Changelog: add #6242 * Changelog: add #6104 * Changelog: add #6109 * Changelog: add #6118 * Changelog: adf #6122 * Changelog: add #6115 * Changelog: add #6126 * Changelog: add #6131 * Changelog: add #6140 * Testing list: add testing instructions for Widget fixes. * Changelog: add #6142 * Changelog: add #6149 * Changelog: add #6151 * Changelog: add #6153 * Changelog: add #6154 * Changelog: add #6155 * Changelog: add #6158 * Changelog: add #6170 * Changelog: add #6182 * Changelog: add #6183 * Changelog: add #5821 * Changelog: add #5953 * Changelog: add #5988 * Changelog: add #6002 * Changelog: add #6021 * Changelog: add #6038 * Changelog: add #6040 * Changelog: add #6060 * Changelog: add #6068 * Changelog: add #6083 * Changelog: add #6098 * Changelog: add #6186 * Testing list: add Publicize instructions. * Changelog: add #6190 * Changelog: add #6194 * Changelog: add #6230 * Changelog: add #6232 * Changelog: add #6234 * Testing list: add instructions to test Woo JITM. * Testing list: add PHP 7.1 testing. * Testing list: add compat tests for widgets and shortcodes. * Testing list: add wpcom REST API testing. * Missing word in testing list. * generate new module headers (#6264) * Tracks: don't track during CI runs * WPCOM MERGE Infinite Scroll (#6246) * VIP: Query errors generated for HoopsHype are caused by the infinite scroll functionality. This filter will allow to use rewrite rules so that the infinity functions can be called by rewrite rules that will be cached by batcache. Merges r120201-wpcom. * Infinite Scroll: only disable in the Customizer when previewing a non-active theme. Fixes #7507 See [115743] #6795 Merges r122634-wpcom. * Infinite Scroll: allow `get_settings` to be filtered at later points than just `__construct`. See #7539. Merges r123819-wpcom. * Infinite Scroll: add translation function to credit line. Merges #2537 Fixes #2528 https://[private link] Merges r132540-wpcom. * Infinite Scroll: fix IS when content includes Curly Quotes (and other non-UTF8 chars) Using wp_json_encode instead of json_encode allowing us to replace invalid chars with HTML entities. Merges #1447 Fixes #1446 props jtsternberg https://[private link] Merges r132541-wpcom. * Infinite Scroll: add check on ob_end_clean for cases where output_buffering is disabled Merges #2545 Props drrobotnik https://[private link] Merges r132542-wpcom. * Infinite Scroll: check that search terms exist before matching against post title. Merges #2128 Fixes #2075 Props cainm https://[private link] Merges r132543-wpcom. * Infinite Scroll: Fatal error when calling protected method from WP_Query Since we already have wp_query() we can use its query_vars['search_terms'] property instead of calling parse_search_terms(). It gets populated on https://github.com/WordPress/WordPress/blob/4.3.1/wp-includes/query.php#L2075 with the same data. Merges #2827 Fixes #2255 Props osiux https://[private link] Merges r132544-wpcom. * Infinite Scroll: Hide infinite-scroll class if the option is disabled The Jetpack support page says that the infinite-scroll class should be used in a theme to hide the navigation links. However, even when disabled in the Reading page, the class is still visible and the CSS is applied just as if the scroll is enabled. This commit adds an option check before filtering the body_class classes. Merges #1208 Props mpeshev https://[private link] Merges r132546-wpcom. * Infinite Scroll: Don't clobber the posts_per_page option if provided Infinite Scroll currently clobbers any passed-in value for posts_per_page if the type is set to click. This commit changes the behavior to match the documentation: https://jetpack.me/support/infinite-scroll/ Merges #2808 Props codebykat https://[private link] Merges r132547-wpcom. * Infinite Scroll: document all filter and action hooks Merges #2852 https://[private link] Merges r132551-wpcom. * Infinite Scroll: favor user set settings over theme settings If user changed their posts_per_page option, use that in Infinite Scroll instead of the value set in theme's IS support declaration. Only true when IS is set to click. Related: r132547 Discussion: https://[private link]#comment-31306 Merges r132764-wpcom. * Infinite Scroll: Merge changes from Jetpack into wpcom Just removing some whitespace so the 2 files are exactly similar and do not trigger the build script anymore. Merges r132787-wpcom. * Infinite Scroll: Make sure the body class gets updated once we are done with IS even when we just click Merges r134572-wpcom. * Remove `target="_blank"` from internal link. Accidentally added by #3600, which was intended to add only to external links. * JSON API: Removes PHP notice when no taxonomy description provided Fixes #4424 * JSON API: Removes PHP notice when no term description provided Fixes: #5943 * Google Analytics: hook tracking code into wp_footer. (#6284) get_footer might not be compatible with every theme out there. * Google Analytics: add HTML comment before the script output. (#6288) * Sync: Return expected response on Jetpack side * GA: Update inactive description to match calypso (#6291) * lodash: import specific function (#6295) * Change Infinite Scroll Google Analytics option label (#6239) * Sync: Fixes an issue where sync_wait_time was immediately overwritten in sync sender (#6281) * Documentation: reorganize current docs and create new ones. (#5985) * Documentation: reorganize current docs and create new ones. - Make contributing less frightening and easier for all potential contributors. - Make our guidelines and requirements clearer. - Surface all data in our contributing guide. - Offer options to contribute to everyone, even if it's not via code. - Outline our release management process, and approach to code reviews and Pull Requests. * Documentation: fix typos, headings, wrong links. * Add PHPCS and ESLint to the development environment documentation. * Docs: include some information about PHP Unit Testing. Fixes #6236 * Docs: add "Development" section. @see #5985 (comment) * update languages (#6302) * Bump version to 4.7-alpha (#6301) * Fix: Use the site_icon id instead of the url (#6303) When $image_url is set to a photon image we are not able to deremine the $image_id. Instead we should use the option that stores the ID instead. This fixes the issue when we show the default image instead of the site icon as the open graph main image. When photon is enabled and the site icon is set. * Add unit test for Publicize (#6018) * Add the accessible-focus library from dops-components to enable keyboard focus styles (#6300) * Use shorter WooCommerce Services MC stat slug. * Track WooCommerce services install as a module activation, not a WPCOM tools event. * Track WooCommerce Services JITM click and activation separately. * Update printThis to v1.9.0 (#6263) * Update to printThis v1.9 Additional options, including: * base tag * preservation of form values * doctype * canvas (experimental) * Additional cleanup * Added jshint * Date update Update date for `wp_enqueue_script` for printThis to prevent caching issues * Add filter for WordPress Posts widget content * Replace esc_html_e with esc_html__. Change the initialization of . * Don't call site_url() twice Instead of calling the function twice, which is a waste, assign the value to a variable and use that value to check whether we're on a tld-less domain or not. * Upgrades yarn lock file and fixes builds for master branch. (#6309) * Fixing a problem with local import. * Running yarn upgrade. * Added the print this library to jshint ignore. * Added a new generated RTL CSS file. * Changelog: update for release (#6280) * Changelog: add release post link. * Improved the changelog for readability and understanding * some minor adjustments were made to wording and to eliminate errors * Fix typos * update SSO changelog entry verbiage * changelogs edits per sdquirk * Adds vscode dir to ignore Visual Studio Code can store per-project settings in a .vscode folder; this updates .gitignore to ignore that, since it shouldn't be checked in. * Follow Widget: load translation files using wpcom language codes. (#5941) * Follow Widget: load translation files using wpcom language codes. Related: #2698 The widget previously used the site's language code to populate the `data-lang` parameter. that parameter is used to grab language files from WordPress.com, and should consequently use a language code that's available on WordPress.com. We consequently use the data available in locales.php to use the `slug` language code instead of `wp_locale` for each language. * Follow Widget / Notes: avoid calling get_locale() twice. It's been called before on the file. @see #5941 (review) * Remove Jetpack_Network::wp_get_sites in favor of core's wp_get_sites (#3405) * Removes Jetpack_Network::wp_get_sites and uses core's wp_get_sites instead. Changes usages of returned array since the one in Jetpack returned an array of objects and the one in core returns an array of arrays. Call to wp_get_sites has offset set to 1 to dismiss the first site since Function in Jetpack excluded the first site as well. * Make strings available for translation. * Use get_sites() instead of deprecated wp_get_sites() * Escape URLs in network admin, even though they are presumed safe * Network: introduce get_current_blog_id() when discarding the main site from sites table * Holiday Snow: remove settings outside of Holiday Snow period (#6298) * Only show holiday snow option 1 week before, through to 1 week after holiday snow period. Always show holiday snow option if custom rules have been set for holiday snow period. * Disable holiday snow option on Jan 4; not Jan 11 * Don't use Initial_State to fetch holiday snow option visibility * Media Summary: improve performance with single page load caching (#5938) * improve Jetpack_Media_Summary performance by caching result for a single pageload * spacing * no need to md5, also set cache to private * Remove unnecessary error_log (#6318) * Improve translatability of plurals and texts with variables (#6307) * Make gettext call plural aware * Add translator comments and convert plural strings * Slideshow: add filter to customize speed of the Slideshow. Suggested in https://wordpress.org/support/topic/gallery-slideshow-settings-editable-somehow * Slideshow: bump js version to bust cache. * Slideshow: use the timeout param instead of speed @see http://jquery.malsup.com/cycle/options.html * Slideshow shortcode: update version number in docblock. * Replace text labels with x and + icons. * Fix bug where wrong xmlrpc url was being sent to Jetpack Debugger (#6321) * Ignore GET parameters when checking an image's original file url matches container href (#6296) * Add email field to Contact Info Widget (#6275) * Add email field to Contact Info Widget * Replace admin email with sample email. Validate email and remove link if it is not * Display nothing when the email check fails * Remove email default value * Remove PHP error on uninstall, by making sure that jetpack includes all the required files (#6320) * Add image caching to jetpack_og_get_image() (#6297) * Add image caching to jetpack_og_get_image() This adds a transient to store the value of the $image_id to "speed up" the function to fix #6017 * Added missing semicolons at EOL on a couple lines * Adding some whitespace per coding standards * upgrade yarn.lock
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It was reported by @m and @beaulebens that the SSO form was not displaying when using Jetpack JSON API authorization. This seems to be because the action used was not
login.This patch adds the
jetpack_json_api_authorizationaction and provides a mechanism so plugins can add extra actions where the SSO form would show.This PR also adds integration for SSO and JSON API authorization. From what I could tell, the two never worked well together since they use separate values for the
$actionglobal.To test:
Here is an example of the various filters I use to test: