Skip to content

Jetpack SSO: Cleaning up the requestNonce API request. #16830

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sergeymitr merged 1 commit into from
Aug 18, 2020
Merged

Jetpack SSO: Cleaning up the requestNonce API request. #16830

sergeymitr merged 1 commit into from
Aug 18, 2020

Conversation

@sergeymitr
Copy link
Contributor

@sergeymitr sergeymitr commented Aug 13, 2020

Changes proposed in this Pull Request:

By the nature of the authentication form, user_id is unknown when it's opened, and blog_token is always used for the request even though the code attempts to use the user_token.
So this commit is janitorial and doesn't really affect the functionality.

Jetpack product discussion

Part of the issue #16709

Does this pull request change what data or activity we track or use?

No.

Testing instructions:

  1. Go to "Jetpack -> Settings -> Security" and enable the "WordPress.com login" feature.
  2. Open a private browser window and go to the wp-login.php page.
  3. Confirm that the cookie jetpack_sso_nonce was created and contains the actual nonce (e.g. kps0dsn9fqmxbxlzbtd9).
  4. Refresh the page, confirm the nonce hasn't changed.
  5. Remove the cookie, refresh the page, make sure it's regenerated.

Proposed changelog entry for your changes:

n/a.

@sergeymitr
Jetpack SSO: Cleaning up the requestNonce API request.
aedb5ef 
By the nature of the authentication form, `user_id` is unknown when it's opened, and `blog_token` is always used for the request even though the code attempts to use the `user_token`.
So this commit is janitorial and doesn't really affect the functionality.
@sergeymitr sergeymitr added [Status] Needs Review This PR is ready for review. [Type] Janitorial Connect Flow Connection banners, buttons, ... labels Aug 13, 2020
@sergeymitr sergeymitr added this to the 8.9 milestone Aug 13, 2020
@sergeymitr sergeymitr requested a review from a team August 13, 2020 21:13
@sergeymitr sergeymitr self-assigned this Aug 13, 2020
@fgiannar fgiannar mentioned this pull request Aug 13, 2020
Closed
10 tasks
@jetpackbot
Copy link
Collaborator

jetpackbot commented Aug 13, 2020

Thank you for the great PR description!

When this PR is ready for review, please apply the [Status] Needs Review label. If you are an a11n, please have someone from your team review the code if possible. The Jetpack team will also review this PR and merge it to be included in the next Jetpack release.

E2E results is available here (for debugging purposes): https://jetpack-e2e-dashboard.herokuapp.com/pr-16830

Scheduled Jetpack release: September 1, 2020.
Scheduled code freeze: August 25, 2020

Generated by 🚫 dangerJS against aedb5ef

leogermani
leogermani approved these changes Aug 18, 2020
View reviewed changes
Copy link
Contributor

@leogermani leogermani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested following the instructions and works as expected

@leogermani leogermani added [Status] Ready to Merge Go ahead, you can push that green button! and removed [Status] Needs Review This PR is ready for review. labels Aug 18, 2020
@sergeymitr sergeymitr merged commit b7583ec into master Aug 18, 2020
@sergeymitr sergeymitr deleted the update/blog-token-sso branch August 18, 2020 15:19
@matticbot matticbot added [Status] Needs Changelog and removed [Status] Ready to Merge Go ahead, you can push that green button! labels Aug 18, 2020
davidlonjon added a commit that referenced this pull request Aug 20, 2020
@davidlonjon
Merge branch 'master' into add/jetpack-lazy-images-package
ff30622 
* master: (23 commits)
  Premium Blocks: set blocks availability (#16898)
  Compat Package: Fix method declaration compatibility (#16900)
  Jetpack Dashboard: More meaningful error notices. (#16883)
  Connection REST API: Unit test for the `remote_authorize` request. (#16879)
  use blog token to request jetpack.updateBlog (#16698)
  Improve Story block media loading (#16663)
  Simplify error notices for broken connections (#16655)
  Use new heartbeat package (#16285)
  wrap-paid-block: remove component. deprecated. (#16895)
  Social Previews: improve preview description handling (#16889)
  Stats module use blog token (#16727)
  Form Block: add a new Consent Field, a new Newsletter setting, and a new newsletter variation (#16808)
  AAG: Backup card, fall back to VP content in case of /rewind API error. (#16867)
  Donations: Fix dependencies (#16892)
  Creative Mail: update option to lowercase (#16861)
  Premium Blocks: Implement the new design (#16611)
  Requests to Stats CSV use the blog token (#16716)
  Update spacing around sharing buttons to avoid no bottom margin below the customize link. (#16811)
  Jetpack SSO: Cleaning up the `requestNonce` API request. (#16830)
  Donations: Update plans when currency changes (#16844)
  ...
@sergeymitr sergeymitr added [Feature] SSO and removed Connect Flow Connection banners, buttons, ... labels Aug 20, 2020
@sergeymitr sergeymitr mentioned this pull request Aug 20, 2020
Merged
pereirinha pushed a commit that referenced this pull request Sep 10, 2020
@sergeymitr
[not verified] Jetpack SSO: Cleaning up the requestNonce API reques…
8072b79 
…t. (#16830)

By the nature of the authentication form, `user_id` is unknown when it's opened, and `blog_token` is always used for the request even though the code attempts to use the `user_token`.
So this commit is janitorial and doesn't really affect the functionality.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leogermani leogermani leogermani approved these changes

Assignees

@sergeymitr sergeymitr

Labels

[Feature] SSO [Type] Janitorial

Projects

None yet

Milestone

8.9

Development

Successfully merging this pull request may close these issues.

6 participants

@sergeymitr @jetpackbot @leogermani @jeherve @matticbot