How to prevent some WP users from being able to login to Discourse


(Leah Kramer) #1

We have WordPress and Discourse working together nicely with the WP-Discourse plugin. BUT there’s one thing we’d ideally like to do and I’m not sure what the most unobtrusive way to do it is.

We have several membership levels in WordPress and one of them is sort of a “Guest Access” membership. We don’t want people who have Guest Access membership to be able to login to Discourse.

The only way I can think of handling would be to edit the WP-Discouse plugin just at the one line where attempts to do the SSO and return false if the member is part of the Guest Access membership group but it’s less than ideal.

Any other ideas? Thanks!


Keeping user deletion in sync with SSO
(Simon Cossar) #2

There is a wpdc_sso_provider_before_sso_redirect action hook that can be used to bypass SSO. The hook is fired right before the SSO login redirect to Discourse. It is passed the current WordPress user_id and user object as parameters: wp-discourse/discourse-sso.php at master · discourse/wp-discourse · GitHub.

The basic idea is that if a user doesn’t meet the condition you have set for logging into Discourse, you redirect them to some page and then call exit. If the user does meet your condition, do nothing.

add_action( 'wpdc_sso_provider_before_sso_redirect', 'wpdc_custom_check_user_membership', 10, 2 );
function wpdc_custom_check_user_membership( $user_id, $user ) {
    if ( /* Some condition that returns true if the user doesn't meet the membership requirement */ ) {
	    wp_safe_redirect( home_url() );

	    exit;

    }
}

If you have enabled the Create or Sync Discourse Users on Login option, you will also need to prevent WordPress users from being automatically created on Discourse when they login to your WordPress site. As of WP Discourse version 1.6.9 you can do this by hooking into the wpdc_bypass_sync_sso filter. That filter hook is passed three parameters: $bypass_sync (defaults to false), $user_id, and $user (a WordPress user object.) The code for it is here.

To bypass the sync_sso_record function, you need to hook into the filter with a function that will return true for users you would like to not be synced with Discourse.

add_filter( 'wpdc_bypass_sync_sso', 'wpdc_custom_bypass_sync_sso', 10, 3 );
function wpdc_custom_bypass_sync_sso( $bypass_sync, $user_id, $user ) {
    if ( /* Some condition that returns true if the user doesn't meet the membership requirement */  ) {

        $bypass_sync = true;
    }

    return $bypass_sync;
}

(Leah Kramer) #3

Hi @Simon_Cossar. Thx! That action works in terms of preventing the user from logging in which is awesome! However, the wp-discourse plugin seems to still automatically create the user in Discourse (I think it happens upon them logging in). Is there a way to prevent that from happening? I see that there’s a action called wpdc_sso_provider_before_create_user which I tried using but no dice. I tried using it like so:

add_action( 'wpdc_sso_provider_before_create_user', 'wpdc_custom_before_create_user', 10, 2 );
function wpdc_custom_before_create_user( $user_login, $user ) {
	
	if ( ...my condition here... ) {
	    return(false);	
	}

}

(we don’t want to them to be a member of the forum at all because they’ll get the summary emails and so forth)


(Simon Cossar) #4

Right, if the Create or Sync Discourse Users on Login option is set, users will be automatically created on Discourse when they login to WordPress. There isn’t a great way to override this for a specific user yet. I’m going to update the plugin today. I’ll add a hook to the sync_sso_record function that can be used to keep specific WordPress users from being created on Discourse. I’ll update this topic when that has been done.


(Simon Cossar) #5

Have a look at the updated topic to see how to prevent users from being automatically created on Discourse when they login to WordPress. You’ll need to get the latest version of the plugin from the WordPress repo for this to work.


(Leah Kramer) #6

Fantastic! This seems to work. Thanks so much!