Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure we don't return the token of the wrong user #95

Merged
merged 11 commits into from
Sep 14, 2023
Merged

Make sure we don't return the token of the wrong user #95

merged 11 commits into from
Sep 14, 2023

Conversation

psrpinto
Copy link
Member

@psrpinto psrpinto commented Sep 14, 2023
edited
Loading

This shouldn't be possible, but just in case.

@akirk
Copy link
Member

akirk commented Sep 14, 2023

Could we also get the user_meta for the user and confirm that it exists?

@ashfame
Copy link
Member

ashfame commented Sep 14, 2023

We would need a change on L29 as well

@psrpinto
Copy link
Member Author

Could we also get the user_meta for the user and confirm that it exists?

I'm working on this.

@ashfame
Copy link
Member

ashfame commented Sep 14, 2023

Where would we dump this info though?

@psrpinto
Copy link
Member Author

psrpinto commented Sep 14, 2023
edited
Loading

Where would we dump this info though?

I think what Alex meant was check double-check that the user has the meta for the token. I did that in 92cc419.

psrpinto
psrpinto commented Sep 14, 2023
View reviewed changes
src/Storage/AuthorizationCodeStorage.php Outdated Show resolved Hide resolved
src/Storage/AuthorizationCodeStorage.php Outdated Show resolved Hide resolved
src/Storage/AuthorizationCodeStorage.php Outdated Show resolved Hide resolved
@ashfame ashfame requested a review from akirk September 14, 2023 16:13
akirk
akirk previously approved these changes Sep 14, 2023
View reviewed changes
Copy link
Member

@akirk akirk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, even if this adds a lot of complexity for now, we can remove it in a follow up if this helps us find the reason.

@psrpinto
Copy link
Member Author

Agree, we should remove/simplify some of this code once we identified the issue.

@psrpinto
Copy link
Member Author

Testing locally.

@psrpinto
Extract code to a function
18d03c0 
Didn't change any logic, just so that the "main path" of the code is clearer.
@psrpinto
Make clear what operation resulted in the error_log
1422beb
@ashfame ashfame self-requested a review September 14, 2023 16:46
@psrpinto psrpinto merged commit c90d9db into main Sep 14, 2023
1 check passed
@psrpinto psrpinto deleted the check-multiple-users branch September 14, 2023 16:58
@psrpinto psrpinto mentioned this pull request Sep 14, 2023
Merged
ashfame added a commit that referenced this pull request Sep 21, 2023
@ashfame
Revert "Merge pull request #95 from Automattic/check-multiple-users"
fce8ac5 
This reverts commit c90d9db, reversing
changes made to 53dc5b4.
ashfame added a commit that referenced this pull request Sep 21, 2023
@ashfame
Merge pull request #100 from Automattic/revert_multiple_users_checks
bdd68dd 
Revert "Merge pull request #95 from Automattic/check-multiple-users"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashfame ashfame ashfame approved these changes

@akirk akirk akirk left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@psrpinto @akirk @ashfame