-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make sure we don't return the token of the wrong user #95
Conversation
Could we also get the user_meta for the user and confirm that it exists? |
54d9fb5
to
0a62f5f
Compare
0a62f5f
to
ea29354
Compare
We would need a change on L29 as well |
I'm working on this. |
Where would we dump this info though? |
I think what Alex meant was check double-check that the user has the meta for the token. I did that in 92cc419. |
Co-authored-by: Paulo Pinto <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, even if this adds a lot of complexity for now, we can remove it in a follow up if this helps us find the reason.
Agree, we should remove/simplify some of this code once we identified the issue. |
Testing locally. |
Didn't change any logic, just so that the "main path" of the code is clearer.
Revert "Merge pull request #95 from Automattic/check-multiple-users"
This shouldn't be possible, but just in case.