Skip to content

Jetpack Protect: Replace user_token with blog_token. #16758

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sergeymitr merged 1 commit into from
Aug 7, 2020
Merged

Jetpack Protect: Replace user_token with blog_token. #16758

sergeymitr merged 1 commit into from
Aug 7, 2020

Conversation

@sergeymitr
Copy link
Contributor

@sergeymitr sergeymitr commented Aug 7, 2020

Changes proposed in this Pull Request:

  • The WP.com API endpoint jetpack.protect.requestKey does not use the user ID, and can be authenticated using blog_token.

Jetpack product discussion

Part of the #16709.

Does this pull request change what data or activity we track or use?

No.

Testing instructions:

  1. Go to "Jetpack Settings -> Security" and confirm that "Brute force attack protection" is disabled.
  2. Delete the existing Protect key:
delete from wp_options where option_name = 'jetpack_protect_key';
  1. Enable "Brute force attack protection".
  2. Confirm that the key was created and saved into the database:
select * from wp_options where option_name = 'jetpack_protect_key';

Proposed changelog entry for your changes:

n/a

@sergeymitr
Jetpack Protect: Replace user_token with blog_token.
267dec3 
The API request `jetpack.protect.requestKey` does not use the user ID, and can be authenticated using `blog_token`.
@sergeymitr sergeymitr added [Status] Needs Review This PR is ready for review. Connect Flow Connection banners, buttons, ... labels Aug 7, 2020
@sergeymitr sergeymitr added this to the 8.9 milestone Aug 7, 2020
@sergeymitr sergeymitr requested a review from a team August 7, 2020 17:52
@sergeymitr sergeymitr self-assigned this Aug 7, 2020
@fgiannar fgiannar mentioned this pull request Aug 7, 2020
Closed
10 tasks
@jetpackbot
Copy link
Collaborator

jetpackbot commented Aug 7, 2020

Thank you for the great PR description!

When this PR is ready for review, please apply the [Status] Needs Review label. If you are an a11n, please have someone from your team review the code if possible. The Jetpack team will also review this PR and merge it to be included in the next Jetpack release.

E2E results is available here (for debugging purposes): https://jetpack-e2e-dashboard.herokuapp.com/pr-16758

Scheduled Jetpack release: September 1, 2020.
Scheduled code freeze: August 25, 2020

Generated by 🚫 dangerJS against 267dec3

leogermani
leogermani approved these changes Aug 7, 2020
View reviewed changes
Copy link
Contributor

@leogermani leogermani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested following the instructions and it worked as expected

@leogermani leogermani added [Status] Ready to Merge Go ahead, you can push that green button! and removed [Status] Needs Review This PR is ready for review. labels Aug 7, 2020
@leogermani leogermani mentioned this pull request Aug 7, 2020
Merged
@sergeymitr sergeymitr merged commit b96e08f into master Aug 7, 2020
@sergeymitr sergeymitr deleted the update/blog-token-protect branch August 7, 2020 19:14
@matticbot matticbot added [Status] Needs Changelog and removed [Status] Ready to Merge Go ahead, you can push that green button! labels Aug 7, 2020
jeherve added a commit that referenced this pull request Aug 25, 2020
@jeherve
Changelog: add #16758
8f8b992
pereirinha pushed a commit that referenced this pull request Sep 10, 2020
@sergeymitr
[not verified] Jetpack Protect: Replace user_token with `blog_token…
198ad52 
…`. (#16758)

The API request `jetpack.protect.requestKey` does not use the user ID, and can be authenticated using `blog_token`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leogermani leogermani leogermani approved these changes

Assignees

@sergeymitr sergeymitr

Labels

Connect Flow Connection banners, buttons, ...

Projects

None yet

Milestone

8.9

Development

Successfully merging this pull request may close these issues.

6 participants

@sergeymitr @jetpackbot @leogermani @jeherve @matticbot