Skip to content

Commit 8a338c1

Browse files
kraftbjjeherve
kraftbj
authored and
jeherve
committed
SSO: Validate the wpcom_user_id
1 parent 6d5e67c commit 8a338c1

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

modules/sso.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -700,6 +700,15 @@ function handle_login() {
700700
$user_found_with = 'external_user_id';
701701
$user = get_user_by( 'id', intval( $user_data->external_user_id ) );
702702
if ( $user ) {
703+
$expected_id = get_user_meta( $user->ID, 'wpcom_user_id', true );
704+
if ( $expected_id && $expected_id != $user_data->ID ) { // phpcs:ignore WordPress.PHP.StrictComparisons.LooseComparison
705+
$error = new WP_Error( 'expected_wpcom_user', __( 'Something got a little mixed up and an unexpected WordPress.com user logged in.', 'jetpack' ) );
706+
707+
/** This filter is documented in core/src/wp-includes/pluggable.php */
708+
do_action( 'wp_login_failed', $user_data->login, $error );
709+
add_filter( 'login_message', array( 'Jetpack_SSO_Notices', 'error_invalid_response_data' ) ); // @todo Need to have a better notice. This is only for the sake of testing the validation.
710+
return;
711+
}
703712
update_user_meta( $user->ID, 'wpcom_user_id', $user_data->ID );
704713
}
705714
}

0 commit comments

Comments
 (0)