Add support for SSO without a connection/confirmation.

[jaswrks]

Changes proposed in this Pull Request:

• Allow site "connections" to be bypassed in favor of just the SSO login action itself whenever the original login URL contains ?connect=false.
  e.g., https://example.com/wp-login.php?connect=false

Testing instructions

• See D19940-code for example a8c use case.
• Patch D19940-code and follow test instructions there.

Proposed changelog entry for your changes:

• No changelog entry necessary.

[ebinnion]

This seems reasonable. Would you write some tests for this please?

https://github.com/Automattic/jetpack/blob/master/tests/php/modules/sso/test_class.jetpack-sso-helpers.php

[jetpackbot]

Thank you for the great PR description!

When this PR is ready for review, please apply the [Status] Needs Review label. If you are an a11n, please have someone from your team review the code if possible. The Jetpack team will also review this PR and merge it to be included in the next Jetpack release.

Scheduled Jetpack release: November 6, 2018.
Scheduled code freeze: October 30, 2018

Generated by 🚫 dangerJS

[jaswrks]

Great. Thanks for the initial review!

Would you write some tests for this please?

• Unit tests added.

[ebinnion]

I left a minor comment about the docblock. Besides that, this looks good to me and tests well. 👍

[jaswrks]

@ebinnion Should we adjust this line that pulls the current user ID?
To clarify, should we set user_id => 0 when it's a user that was intentionally not connected?

jetpack/modules/sso.php

Line 630 in 60a18ad

'user_id' => get_current_user_id(),

I ask because I noticed a missing_token error whenever I was testing with a user who was already logged-in and found their way back to wp-login.php?action=jetpack-sso again.

[ebinnion]

Ahh nice catch sir! Yes, we probably do need to change that. We can probably force it user_id => 0 to use the blog token or we can first check to see if the current user has a token.

[jaswrks]

@ebinnion Got it, thanks for confirming!

Also, does this look like a bug to you?

jetpack/modules/sso.php

Line 606 in 7ce8c1a

'wpcom_user_id' => $user_id,

Shouldn't it be user_id => $user_id instead of wpcom_user_id?

[ebinnion]

It looks like I did that for a specific reason:

#3756

On XML-RPC server, it looks like we just need to send a user ID in an array and it doesn't necessarily matter what key is used.

[stale]

This PR has been marked as stale. This happened because:

• It has been inactive in the past 3 months.
• It hasn’t been labeled `[Pri] Blocker`, `[Pri] High`.

No further action is needed. But it's worth checking if this PR has clear testing instructions, is it up to date with master, and it is still valid. Feel free to close this issue if you think it's not valid anymore — if you do, please add a brief explanation.

[jeherve]

I'll close this PR for now because of the lack of activity on this. We can always reopen in the future if needed, but it will need a rebase, so it may be easier to start a new PR at this point.