[wp-meta] [Making WordPress.org] #4691: Break Password Hash when user is blocked
Making WordPress.org
noreply at wordpress.org
Thu Aug 29 17:26:28 UTC 2019
#4691: Break Password Hash when user is blocked
----------------------------+---------------------
Reporter: Ipstenu | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Support Forums | Resolution:
Keywords: |
----------------------------+---------------------
Comment (by johnjamesjacoby):
> My understanding of it was to block accesss for all the sites connected
via SSO
It is.
> The role I mentioned could prevent access by removing all the user's
capabilities, clearing all sessions, and checking for that role upon login
It is not that simple. All of those things are possible (and will likely
happen) but the role is mostly irrelevant.
WordPress Roles are per-site. There is no such thing as an "installation
wide" user role. There is no code to check if a user is blocked on any of
dozens of sites that currently exist.
(For example, if I block a user from bbPress.org, they are not
automatically blocked on WordPress.org.)
Code needs to written to prevent access globally, across everything, no
matter what WordPress Site they are misbehaving on, and a single Role on a
single Site cannot do that by itself.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/4691#comment:11>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list