Prevent access to OpenAI endpoint from outside WPCOM #28309
Conversation
|
Are you an Automattician? You can now test your Pull Request on WordPress.com. On your sandbox, run |
github-actions
bot
added
the
[Plugin] Jetpack
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available. 🔴 Action required: We would recommend that you add a section to the PR description to specify whether this PR includes any changes to data or privacy, like so: Once your PR is ready for review, check one last time that all required checks (other than "Required review") appearing at the bottom of this PR are passing or skipped. Jetpack plugin:
|
github-actions
bot
added
the
[Status] Needs Author Reply
jeherve
added
[Type] Enhancement
|
Related discussion: p1673452156937829-slack-CBG1CP4EN |
| } | ||
|
|
||
| $response = Client::wpcom_json_api_request_as_user( | ||
| $response = Client::wpcom_json_api_request_as_blog( |
There was a problem hiding this comment.
No, we want to be able to pinpoint loggedin users for security purposes I think
There was a problem hiding this comment.
I followed those instructions: p1673510335525029/1673452156.937829-slack-CBG1CP4EN
But I am happy to revert...
There was a problem hiding this comment.
If you prefer to make this feature available to only Jetpack connected users (aka excluding admins that haven't connected their WP.com account) then you might take this into account in the permission checks (non WPCOM ones) as well (also the UI but this is out of this PR's scope).
In general, this decision also affects the permission checks so it would be nice to reach a decision before further reviewing.
cc @jeherve
fgiannar
left a comment
fgiannar
left a comment
There was a problem hiding this comment.
Many thanks for working on this!
Left a couple of inline comments :)
| } | ||
|
|
||
| $response = Client::wpcom_json_api_request_as_user( | ||
| $response = Client::wpcom_json_api_request_as_blog( |
There was a problem hiding this comment.
If you prefer to make this feature available to only Jetpack connected users (aka excluding admins that haven't connected their WP.com account) then you might take this into account in the permission checks (non WPCOM ones) as well (also the UI but this is out of this PR's scope).
In general, this decision also affects the permission checks so it would be nice to reach a decision before further reviewing.
cc @jeherve
| */ | ||
| public function __construct() { | ||
| $this->is_wpcom = false; | ||
| $this->is_wpcom = false; |
There was a problem hiding this comment.
Do we actually use/need this?
There was a problem hiding this comment.
I checked and it does not seem to be used anywhere...
CC @artpi
There was a problem hiding this comment.
I think when @jeherve introduced this he meant to use wpcom_is_wpcom_only_endpoint. I think we could remove it
| */ | ||
| public function permissions_check() { | ||
|
|
||
| if ( ! current_user_can( 'edit_posts' ) ) { |
There was a problem hiding this comment.
Assuming we agree to make the request to WPCOM using wpcom_json_api_request_as_blog this wouldn't work as in such cases (blog token used) we'd get the rest_forbidden error
There was a problem hiding this comment.
Yes, that is why we are not wpcom_json_api_request_as_blog
|
|
||
| if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { | ||
| // Only allow WPCOM simple sites and Atomic | ||
| if ( get_current_site()->id !== 1 ) { |
There was a problem hiding this comment.
You might want to check the suggested implementation in Slack, in terms of allowing site level authentication (blog token) for AT site on WPCOM: p1673521187444489/1673452156.937829-slack-CBG1CP4EN
| if ( get_current_site()->id !== 1 ) { | ||
| return true; | ||
| } | ||
| } elseif ( ( new Automattic\Jetpack\Status\Host() )->is_woa_site() ) { |
There was a problem hiding this comment.
To ensure backwards compatibility you might prefer to only keep the WoA check on WPCOM context only. This way, when you decide to make the feature available to self-hosted sites, it will also be available in previous versions of the Jetpack plugin. Not a blocker though!
artpi
left a comment
artpi
left a comment
There was a problem hiding this comment.
I am not a fan of this approach at all.
- This prevention check is something that Jetpack code should not even be aware of
- We need a way to quickly and dynamically change the value of it.
#28338 introduced the jetpack_ai_enabled filter which we can use to implement this check on the WPCOM end just by overriding the value to false for Jetpack sites (unless they have a special sticker?)
|
I would close this PR and make a diff on wpcom end. |
I'll let @fgiannar weigh in on that, but I don't believe the filter is enough for our needs here.
This is indeed what we were discussing in p1673452156937829-slack-CBG1CP4EN |
Stepping through code:
Yes, I know, that would be a vote for decoupling syncing of this endpoint :D. |
I think that would be easier to decide once we reach a decision on blog vs user tokens used to proxy the request to WPCOM |
I am deciding here that we are not going to
It is safer for now to request as user, so that we can see the usage in the wild. Once we see actual usage, we can revisit this decision of course. |
Thank you, Artur! That will indeed simplify the permission callback on both envs. Just making sure here that on Atomic and self hosted (future) sites, we need to make sure the current user is connected in order to provide this feature. |
|
Closing in favor of a WPCOM-based filter. See previous comments |
github-actions
bot
removed
[Status] Needs Author Reply
@millerf Can we please make sure to address the part of sanitizing request parameters in a follow up PR? |
Proposed changes:
Prevent access to WPCOM endpoint
Testing instructions
On your sandbox, use
Make sure the AI blocks work from a WPCOM site ( sandbox your site and test ).
Following this comment, test that the blocks WORK on an Atomic site (or any jetpack site)
Now apply this patch:
Make sure the AI blocks work from a WPCOM site ( sandbox your site and test ).
But now you should not be able to make the blocks work on Atomic or Jetpack site.