Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Masterbar: logging out logs out Jetpack Master User from WordPress.com #13680

Closed
jeherve opened this issue Oct 7, 2019 · 0 comments · Fixed by #13777
Closed

Masterbar: logging out logs out Jetpack Master User from WordPress.com #13680

jeherve opened this issue Oct 7, 2019 · 0 comments · Fixed by #13777
Assignees
@jeherve
Labels
[Feature] Masterbar WordPress.com Toolbar and Dashboard customizations [Pri] Low [Type] Bug When a feature is broken and / or not performing as intended

Comments

@jeherve
Copy link
Member

jeherve commented Oct 7, 2019

Steps to reproduce the issue

  1. Connect a site X to WP.com, keep this session active for the duration of the test.
  2. Activate the SSO/Masterbar modules
  3. Create a new (unprivileged) account on X with an email that matches a WP.com account
  4. On a private window, log in to X with the unprivileged account. Then, log out
  5. On the private window, navigate to wordpress.com and see that you are still logged in
  6. On the other tab/session, navigate to wordpress.com and you’ll see the logged out page.

Internal reference: p5TWut-lX-p2
@jeherve jeherve added [Type] Bug When a feature is broken and / or not performing as intended [Pri] Low [Feature] Masterbar WordPress.com Toolbar and Dashboard customizations labels Oct 7, 2019
@jeherve jeherve self-assigned this Oct 18, 2019
@jeherve jeherve added this to the 7.9 milestone Oct 18, 2019
jeherve added a commit that referenced this issue Oct 18, 2019
@jeherve
Masterbar: send wpcom user ID to wpcom when attempting to log out
0adb68a 
Fixes #13680

Until now, we would send a sync event to WordPress.com anytime someone attempted to log out from a site using the "Sign Out" button in the masterbar.
From now on, we'll only do that when we have info about the connected WordPress.com user linked to that local user, and we'll send their wpcom user ID to WordPress.com so WordPress.com can disconnect them (and no one else) from WordPress.com.
@jeherve jeherve mentioned this issue Oct 18, 2019
Merged
@jeherve jeherve modified the milestones: 7.9, 8.0 Oct 28, 2019
@jeherve jeherve modified the milestones: 8.0, 8.1 Nov 19, 2019
@jeherve jeherve removed this from the 8.1 milestone Dec 13, 2019
jeherve added a commit that referenced this issue Mar 11, 2020
@jeherve
Masterbar: send wpcom user ID to wpcom when attempting to log out
c93789a 
Fixes #13680

Until now, we would send a sync event to WordPress.com anytime someone attempted to log out from a site using the "Sign Out" button in the masterbar.
From now on, we'll only do that when we have info about the connected WordPress.com user linked to that local user, and we'll send their wpcom user ID to WordPress.com so WordPress.com can disconnect them (and no one else) from WordPress.com.
jeherve added a commit that referenced this issue Mar 18, 2020
@jeherve
Masterbar: send wpcom user ID to wpcom when attempting to log… (#13777)
84cd060 
* Masterbar: send wpcom user ID to wpcom when attempting to log out

Fixes #13680

Until now, we would send a sync event to WordPress.com anytime someone attempted to log out from a site using the "Sign Out" button in the masterbar.
From now on, we'll only do that when we have info about the connected WordPress.com user linked to that local user, and we'll send their wpcom user ID to WordPress.com so WordPress.com can disconnect them (and no one else) from WordPress.com.

* Masterbar: hook into logout_redirect to handle post logout action

WP 5.3 changed the way logouts worked:
https://core.trac.wordpress.org/changeset/46467

As a result we cannot pull the user's ID as they are logging out via the `wp_logout` filter anymore, because by then their info has already been cleared.

Let's instead hooked into `logout_redirect`, where we still have info about the user that logged out.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeherve jeherve

Labels
[Feature] Masterbar WordPress.com Toolbar and Dashboard customizations [Pri] Low [Type] Bug When a feature is broken and / or not performing as intended
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Masterbar: send wpcom user ID to wpcom when attempting to log out Automattic/jetpack
1 participant
@jeherve