Login does not respect if the User belongs to the site in a multi-site network
natac13 opened this issue · comments
Sean Campbell commented
A user on one site in a multi-site network should not be able to login into another site via this plugin.
Currently that is the case.
Joel Cudmore commented
Also having the same issue, users can log into any of the multisite networks sites.
My fix:
In /src/Auth.php, in the login_and_get_token function after $user = self::authenticate_user( $username, $password ); I added the following:
`
if ( is_multisite() ) {
if ( ! is_user_member_of_blog( $user->data->ID ) ) {
return new UserError( __( 'The user could not be found', 'wp-graphql-jwt-authentication' ) );
}
}`