TL2 welcome message sent every time on SSO login

The following is happening:

Some users are getting the TL2 welcome notification (“we promoted you up a trust level”) on every login.

This happens under the following circumstances:

  • SSO login is enabled where Discourse is the SSO client
  • “Sync User Data” is enabled in WP-Discourse so it issues a sync_sso call every time the user logs into Wordpress
  • sync_sso is setting a group that has a grant_trust_level which is lower than the current trust level of the user

This causes the trust levels for the user to be recalculated from the ground up and the welcome message to be sent every time.

6 Likes

Hey there,

Thanks for sharing this bug! I’ve attempted to reproduce this bug but am not able to do so locally, here’s what my setup looks like:


(Wordpress)

  • Set up wordpress user “Steaky” with email steaky@cat.com
  • add wpdc_custom_sso_params to set cats group to all users who sign in with $params['groups'] = 'cats';

(Discourse)

  • Create a user “Steaky” with email steaky@cat.com
  • Make Steaky trust_level_3 legitimately (not locked)
  • create group “cats” and set “Trust level automatically granted to members" to 2 for “cats”

Wordpress & Discourse connected :ok_hand: also :ballot_box_with_check: Sync user data.

(Discourse)

  • log Steaky in, gets redirected to Wordpress and signs in, redirected back to Discourse
  • (confirm that “cats” is set to Steaky)
  • Steaky does not see welcome message

^ repeat above with SiteSetting.discourse_connect_overrides_groups, same result.


I suspect you’ve got a more detailed setup going on. It would be great if you could share more details about the setup of your affected users:

  • Which other “Discourse Connect” site settings do you have turned on?
  • Are your affected users separately joining groups which may grant them certain trust levels?
  • Are your affected users trust level locked? What kind of groups are they in?
  • any other information that would be useful

Thanks!

3 Likes

This bug is over one year old and in the meanwhile the client moved away from Discourse, so I cannot fully reproduce this anymore. However, I always take extensive notes so I even have record of the SSO payloads from back then. I am unable to inspect any other settings and/or try to repro on that exact instance though.

Back to my notes. What happened was a bit different from what you are doing. The SSO was passing an empty groups field (just groups=). But the users in question were members of another group, unknown to the SSO provider, which was forcing its members to TL2.

Additionally, the TL2 and TL3 welcome messages act differently as far as I recall, so you might have to use TL2 instead of TL3 if you attempt to reproduce this.

So to reproduce, I think you need to do the following: (note that I introduced a second group)

(Wordpress)

  • Set up wordpress user “Steaky” with email steaky@cat.com
  • add wpdc_custom_sso_params to set dogs group to all users who sign in with $params['groups'] = 'dogs';

(Discourse)

  • Create a user “Steaky” with email steaky@cat.com
  • Make Steaky trust_level_1 legitimately (not locked)
  • create group “cats” and “dogs” and set “Trust level automatically granted to members" to 2 for “cats”
  • make Steaky member of group cats
2 Likes