SSO: switch from module codebase to Connection package, part 3

projects/packages/connection/changelog/update-sso-use-package

@@ -0,0 +1,4 @@
+Significance: patch
+Type: changed
+
+SSO: do not rely on the Jetpack class anymore.

projects/packages/connection/src/class-package-version.php

@@ -12,7 +12,7 @@
  */
 class Package_Version {
 
-	const PACKAGE_VERSION = '2.8.0';
+	const PACKAGE_VERSION = '2.8.1-alpha';
 
 	const PACKAGE_SLUG = 'connection';
 

projects/packages/connection/src/class-utils.php

@@ -83,4 +83,53 @@ public static function filter_register_request_body( $properties ) {
 			)
 		);
 	}
+
+	/**
+	 * Generate a new user from a SSO attempt.
+	 *
+	 * @param object $user_data WordPress.com user information.
+	 */
+	public static function generate_user( $user_data ) {
+		$username = $user_data->login;
+		/**
+		 * Determines how many times the SSO module can attempt to randomly generate a user.
+		 *
+		 * @module sso
+		 *
+		 * @since jetpack-4.3.2
+		 *
+		 * @param int 5 By default, SSO will attempt to random generate a user up to 5 times.
+		 */
+		$num_tries = (int) apply_filters( 'jetpack_sso_allowed_username_generate_retries', 5 );
+
+		$exists = username_exists( $username );
+		$tries  = 0;
+		while ( $exists && $tries++ < $num_tries ) {
+			$username = $user_data->login . '_' . $user_data->ID . '_' . wp_rand();
+			$exists   = username_exists( $username );
+		}
+
+		if ( $exists ) {
+			return false;
+		}
+
+		$user               = (object) array();
+		$user->user_pass    = wp_generate_password( 20 );
+		$user->user_login   = wp_slash( $username );
+		$user->user_email   = wp_slash( $user_data->email );
+		$user->display_name = $user_data->display_name;
+		$user->first_name   = $user_data->first_name;
+		$user->last_name    = $user_data->last_name;
+		$user->url          = $user_data->url;
+		$user->description  = $user_data->description;
+
+		if ( isset( $user_data->role ) && $user_data->role ) {
+			$user->role = $user_data->role;
+		}
+
+		$created_user_id = wp_insert_user( $user );
+
+		update_user_meta( $created_user_id, 'wpcom_user_id', $user_data->ID );
+		return get_userdata( $created_user_id );
+	}
 }

projects/packages/connection/src/sso/class-force-2fa.php

@@ -50,10 +50,7 @@ public function plugins_loaded() {
 		$this->role = apply_filters( 'jetpack_force_2fa_cap', 'manage_options' );
 
 		// Bail if Jetpack SSO is not active
-		if (
-			! class_exists( 'Jetpack' )
-			|| ! ( new Modules() )->is_active( 'sso' )
-		) {
+		if ( ! ( new Modules() )->is_active( 'sso' ) ) {
 			add_action( 'admin_notices', array( $this, 'admin_notice' ) );
 			return;
 		}
@@ -75,7 +72,12 @@ public function admin_notice() {
 		 * @module SSO
 		 */
 		if ( apply_filters( 'jetpack_force_2fa_dependency_notice', true ) && current_user_can( $this->role ) ) {
-			printf( '<div class="%1$s"><p>%2$s</p></div>', 'notice notice-warning', 'Jetpack Force 2FA requires Jetpack and the Jetpack SSO module.' );
+			wp_admin_notice(
+				esc_html__( 'Jetpack Force 2FA requires Jetpack’s SSO feature.', 'jetpack-connection' ),
+				array(
+					'type' => 'warning',
+				)
+			);
 		}
 	}
 

projects/packages/connection/src/sso/class-helpers.php

@@ -214,55 +214,6 @@ public static function allowed_redirect_hosts( $hosts, $api_base = '' ) {
 		return array_unique( $hosts );
 	}
 
-	/**
-	 * Generate a new user from a SSO attempt.
-	 *
-	 * @param object $user_data WordPress.com user information.
-	 */
-	public static function generate_user( $user_data ) {
-		$username = $user_data->login;
-		/**
-		 * Determines how many times the SSO module can attempt to randomly generate a user.
-		 *
-		 * @module sso
-		 *
-		 * @since jetpack-4.3.2
-		 *
-		 * @param int 5 By default, SSO will attempt to random generate a user up to 5 times.
-		 */
-		$num_tries = (int) apply_filters( 'jetpack_sso_allowed_username_generate_retries', 5 );
-
-		$exists = username_exists( $username );
-		$tries  = 0;
-		while ( $exists && $tries++ < $num_tries ) {
-			$username = $user_data->login . '_' . $user_data->ID . '_' . wp_rand();
-			$exists   = username_exists( $username );
-		}
-
-		if ( $exists ) {
-			return false;
-		}
-
-		$user               = (object) array();
-		$user->user_pass    = wp_generate_password( 20 );
-		$user->user_login   = wp_slash( $username );
-		$user->user_email   = wp_slash( $user_data->email );
-		$user->display_name = $user_data->display_name;
-		$user->first_name   = $user_data->first_name;
-		$user->last_name    = $user_data->last_name;
-		$user->url          = $user_data->url;
-		$user->description  = $user_data->description;
-
-		if ( isset( $user_data->role ) && $user_data->role ) {
-			$user->role = $user_data->role;
-		}
-
-		$created_user_id = wp_insert_user( $user );
-
-		update_user_meta( $created_user_id, 'wpcom_user_id', $user_data->ID );
-		return get_userdata( $created_user_id );
-	}
-
 	/**
 	 * Determines how long the auth cookie is valid for when a user logs in with SSO.
 	 *

projects/packages/connection/src/sso/class-sso.php

@@ -47,14 +47,6 @@ private function __construct() {
 
 		self::$instance = $this;
 
-		/*
-		 * This feature currently relies on the Jetpack plugin.
-		 * Bail if Jetpack isn't installed.
-		 */
-		if ( ! class_exists( 'Jetpack' ) ) {
-			return;
-		}
-
 		add_action( 'admin_init', array( $this, 'maybe_authorize_user_after_sso' ), 1 );
 		add_action( 'admin_init', array( $this, 'register_settings' ) );
 		add_action( 'login_init', array( $this, 'login_init' ) );
@@ -71,6 +63,9 @@ private function __construct() {
 
 		add_filter( 'wp_login_errors', array( $this, 'sso_reminder_logout_wpcom' ) );
 
+		// Synchronize SSO options with WordPress.com.
+		add_filter( 'jetpack_sync_callable_whitelist', array( $this, 'sync_sso_callables' ), 10, 1 );
+
 		/**
 		 * Filter to include Force 2FA feature.
 		 *
@@ -134,6 +129,27 @@ public static function get_instance() {
 		return self::$instance;
 	}
 
+	/**
+	 * Add SSO callables to the sync whitelist.
+	 *
+	 * @since $$next-version$$
+	 *
+	 * @param array $callables list of callables.
+	 *
+	 * @return array list of callables.
+	 */
+	public function sync_sso_callables( $callables ) {
+		$sso_callables = array(
+			'sso_is_two_step_required'      => array( Helpers::class, 'is_two_step_required' ),
+			'sso_should_hide_login_form'    => array( Helpers::class, 'should_hide_login_form' ),
+			'sso_match_by_email'            => array( Helpers::class, 'match_by_email' ),
+			'sso_new_user_override'         => array( Helpers::class, 'new_user_override' ),
+			'sso_bypass_default_login_form' => array( Helpers::class, 'bypass_login_forward_wpcom' ),
+		);
+
+		return array_merge( $callables, $sso_callables );
+	}
+
 	/**
 	 * Safety heads-up added to the logout messages when SSO is enabled.
 	 * Some folks on a shared computer don't know that they need to log out of WordPress.com as well.
@@ -864,7 +880,7 @@ public function handle_login() {
 					$user_data->role = $new_user_override_role;
 				}
 
-				$user = Helpers::generate_user( $user_data );
+				$user = Utils::generate_user( $user_data );
 				if ( ! $user ) {
 					$tracking->record_user_event(
 						'sso_login_failed',

projects/packages/connection/tests/php/sso/test_Helpers.php

@@ -9,6 +9,7 @@
 
 namespace Automattic\Jetpack\Connection\SSO;
 
+use Automattic\Jetpack\Connection\Utils;
 use Automattic\Jetpack\Constants;
 use WorDBless\BaseTestCase;
 
@@ -259,7 +260,7 @@ public function test_allowed_redirect_hosts_api_base_added_on_dev_version() {
 	 * Test "generate_user_returns_user_when_username_not_exists".
 	 */
 	public function test_generate_user_returns_user_when_username_not_exists() {
-		$user = Helpers::generate_user( $this->user_data );
+		$user = Utils::generate_user( $this->user_data );
 		$this->assertIsObject( $user );
 		$this->assertInstanceOf( 'WP_User', $user );
 
@@ -273,7 +274,7 @@ public function test_generate_user_returns_user_if_username_exists_and_has_tries
 		add_filter( 'jetpack_sso_allowed_username_generate_retries', array( $this, 'return_one' ) );
 		wp_insert_user( $this->user_data );
 
-		$user = Helpers::generate_user( $this->user_data );
+		$user = Utils::generate_user( $this->user_data );
 
 		$this->assertIsObject( $user );
 		$this->assertInstanceOf( 'WP_User', $user );
@@ -289,7 +290,7 @@ public function test_generate_user_returns_user_if_username_exists_and_has_tries
 	 */
 	public function test_generate_user_sets_user_role_when_provided() {
 		$this->user_data->role = 'administrator';
-		$user                  = Helpers::generate_user( $this->user_data );
+		$user                  = Utils::generate_user( $this->user_data );
 		$this->assertContains( 'administrator', get_userdata( $user->ID )->roles );
 	}
 

projects/plugins/jetpack/.phan/baseline.php

@@ -65,7 +65,6 @@
     // PhanUndeclaredVariableDim : 6 occurrences
     // PhanImpossibleCondition : 5 occurrences
     // PhanNonClassMethodCall : 5 occurrences
-    // PhanPluginUnreachableCode : 5 occurrences
     // PhanTypeMismatchDimAssignment : 5 occurrences
     // PhanTypeSuspiciousStringExpression : 5 occurrences
     // PhanUndeclaredStaticProperty : 5 occurrences
@@ -79,6 +78,7 @@
     // PhanTypeInvalidRightOperandOfNumericOp : 4 occurrences
     // PhanDeprecatedFunctionInternal : 3 occurrences
     // PhanDeprecatedTrait : 3 occurrences
+    // PhanPluginUnreachableCode : 3 occurrences
     // PhanStaticPropIsStaticType : 3 occurrences
     // PhanTypeConversionFromArray : 3 occurrences
     // PhanTypeMismatchArgumentReal : 3 occurrences
@@ -459,10 +459,6 @@
         'modules/sitemaps/sitemap-librarian.php' => ['PhanTypeMismatchArgument', 'PhanTypeMismatchReturnProbablyReal'],
         'modules/sitemaps/sitemap-logger.php' => ['PhanTypeMismatchProperty'],
         'modules/sitemaps/sitemaps.php' => ['PhanNoopNew', 'PhanTypeMismatchArgument'],
-        'modules/sso.php' => ['PhanNoopNew', 'PhanRedundantCondition', 'PhanTypeMismatchArgument', 'PhanTypeMismatchArgumentProbablyReal', 'PhanTypeMismatchReturn', 'PhanTypeMismatchReturnProbablyReal'],
-        'modules/sso/class-jetpack-force-2fa.php' => ['PhanDeprecatedFunction'],
-        'modules/sso/class.jetpack-sso-helpers.php' => ['PhanTypeMismatchArgumentProbablyReal', 'PhanTypeMismatchReturn'],
-        'modules/sso/class.jetpack-sso-user-admin.php' => ['PhanPluginUnreachableCode', 'PhanTypeArraySuspiciousNullable', 'PhanTypeMismatchArgument', 'PhanTypeMismatchArgumentInternal'],
         'modules/stats.php' => ['PhanDeprecatedFunction', 'PhanPossiblyUndeclaredVariable', 'PhanRedundantCondition', 'PhanSuspiciousMagicConstant', 'PhanTypeMismatchArgument', 'PhanTypeMismatchArgumentProbablyReal', 'PhanTypeMismatchReturn', 'PhanTypeMismatchReturnNullable', 'PhanTypeMismatchReturnProbablyReal', 'PhanTypeMissingReturn'],
         'modules/subscriptions.php' => ['PhanPossiblyUndeclaredVariable', 'PhanTypeMismatchArgument', 'PhanTypeMismatchArgumentInternal', 'PhanTypeMismatchArgumentProbablyReal', 'PhanTypeMismatchDefault', 'PhanTypeMismatchReturnProbablyReal', 'PhanTypeSuspiciousNonTraversableForeach'],
         'modules/subscriptions/subscribe-modal/class-jetpack-subscribe-modal.php' => ['PhanTypeMismatchReturnNullable'],

projects/plugins/jetpack/changelog/update-sso-use-package

@@ -0,0 +1,4 @@
+Significance: patch
+Type: other
+
+SSO: switch to loading feature from the Connection package.

projects/plugins/jetpack/class.jetpack.php

@@ -1079,28 +1079,13 @@ public function point_edit_comment_links_to_calypso( $url ) {
 	 * @return array list of callables.
 	 */
 	public function filter_sync_callable_whitelist( $callables ) {
-
 		// Jetpack Functions.
 		$jetpack_callables = array(
 			'single_user_site'         => array( 'Jetpack', 'is_single_user_site' ),
 			'updates'                  => array( 'Jetpack', 'get_updates' ),
 			'available_jetpack_blocks' => array( 'Jetpack_Gutenberg', 'get_availability' ), // Includes both Gutenberg blocks *and* plugins.
 		);
-		$callables         = array_merge( $callables, $jetpack_callables );
-
-		// Jetpack_SSO_Helpers.
-		if ( include_once JETPACK__PLUGIN_DIR . 'modules/sso/class.jetpack-sso-helpers.php' ) {
-			$sso_helpers = array(
-				'sso_is_two_step_required'      => array( 'Jetpack_SSO_Helpers', 'is_two_step_required' ),
-				'sso_should_hide_login_form'    => array( 'Jetpack_SSO_Helpers', 'should_hide_login_form' ),
-				'sso_match_by_email'            => array( 'Jetpack_SSO_Helpers', 'match_by_email' ),
-				'sso_new_user_override'         => array( 'Jetpack_SSO_Helpers', 'new_user_override' ),
-				'sso_bypass_default_login_form' => array( 'Jetpack_SSO_Helpers', 'bypass_login_forward_wpcom' ),
-			);
-			$callables   = array_merge( $callables, $sso_helpers );
-		}
-
-		return $callables;
+		return array_merge( $callables, $jetpack_callables );
 	}
 
 	/**

projects/plugins/jetpack/json-endpoints/jetpack/class.jetpack-json-api-user-create-endpoint.php

@@ -1,5 +1,6 @@
 <?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
 
+use Automattic\Jetpack\Connection\Utils;
 use Automattic\Jetpack\Constants;
 
 /**
@@ -58,7 +59,6 @@ public function validate_input( $object ) {
 	 * @return object|false
 	 */
 	public function create_or_get_user() {
-		require_once JETPACK__PLUGIN_DIR . 'modules/sso/class.jetpack-sso-helpers.php';
 		// Check for an existing user
 		$user  = get_user_by( 'email', $this->user_data['email'] );
 		$roles = (array) $this->user_data['roles'];
@@ -76,7 +76,7 @@ public function create_or_get_user() {
 			$this->user_data->url          = isset( $this->user_data->URL ) ? $this->user_data->URL : '';
 			$this->user_data->display_name = $this->user_data->name;
 			$this->user_data->description  = '';
-			$user                          = Jetpack_SSO_Helpers::generate_user( $this->user_data );
+			$user                          = Utils::generate_user( $this->user_data );
 		}
 
 		if ( is_multisite() ) {