Login does not respect if the User belongs to the site in a multi-site network

Question

Login does not respect if the User belongs to the site in a multi-site network

natac13 opened this issue 3 years ago · comments

Sean Campbell commented 3 years ago

A user on one site in a multi-site network should not be able to login into another site via this plugin.

Currently that is the case.

Joel Cudmore · Answer 1 · Tue Feb 01 2022 17:36:18 GMT+0800 (China Standard Time)

Also having the same issue, users can log into any of the multisite networks sites.

My fix:

In /src/Auth.php, in the login_and_get_token function after $user = self::authenticate_user( $username, $password ); I added the following:

`

	if ( is_multisite() ) {  
		if ( ! is_user_member_of_blog( $user->data->ID ) ) {  
			return new UserError( __( 'The user could not be found', 'wp-graphql-jwt-authentication' ) );  
		}  
	}`