Skip to content

Commit 82900b0

Browse files
psignoretpsignoret
committed
Clarify some comments
1 parent c58fbbe commit 82900b0

File tree

1 file changed

+8
-10
lines changed

1 file changed

+8
-10
lines changed

aad-sso-wordpress.php

Lines changed: 8 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -298,12 +298,11 @@ function authenticate( $user, $username, $password ) {
298298
);
299299
}
300300

301-
// Set a default value for group_memberships.
301+
// Retrieve group membership details, if needed
302302
$group_memberships = false;
303-
304303
if ( true === $this->settings->enable_aad_group_to_wp_role ) {
305-
// 1. Retrieve the Groups for this user once here so we can pass them around as needed.
306-
// Pass the settings to GraphHelper
304+
305+
// If we're mapping Azure AD groups to WordPress roles, make the Graph API call here
307306
AADSSO_GraphHelper::$settings = $this->settings;
308307
AADSSO_GraphHelper::$tenant_id = $jwt->tid;
309308

@@ -312,9 +311,8 @@ function authenticate( $user, $username, $password ) {
312311
$group_memberships = AADSSO_GraphHelper::user_check_member_groups( $jwt->oid, $group_ids );
313312
}
314313

315-
316-
// Invoke any configured matching and auto-provisioning strategy and get the user.
317-
// 2. Pass the Group Membership to allow us to control when a user is created if auto-provisioning is enabled.
314+
// Invoke any configured matching and auto-provisioning strategy and get the user. We include
315+
// group membership details in case they're needed to decide whether or not to create the user.
318316
$user = $this->get_wp_user_from_aad_user( $jwt, $group_memberships );
319317

320318
if ( is_a( $user, 'WP_User' ) ) {
@@ -364,7 +362,7 @@ function authenticate( $user, $username, $password ) {
364362

365363
function get_wp_user_from_aad_user( $jwt, $group_memberships ) {
366364

367-
// Try to find an existing user in WP where the upn or unique_name of the current AAD user is
365+
// Try to find an existing user in WP where the upn or unique_name of the current Azure AD user is
368366
// (depending on config) the 'login' or 'email' field in WordPress
369367
$unique_name = isset( $jwt->upn ) ? $jwt->upn : ( isset( $jwt->unique_name ) ? $jwt->unique_name : null );
370368
if ( null === $unique_name ) {
@@ -389,8 +387,8 @@ function get_wp_user_from_aad_user( $jwt, $group_memberships ) {
389387
'Matched Azure AD user [%s] to existing WordPress user [%s].', $unique_name, $user->ID ), 10 );
390388
} else {
391389

392-
// Since the user was authenticated with AAD, but not found in WordPress,
393-
// need to decide whether to create a new user in WP on-the-fly, or to stop here.
390+
// Since the user was authenticated with Azure AD, but not found in WordPress,
391+
// need to decide whether to create a new user in WordPress on-the-fly, or to stop here.
394392
if ( true === $this->settings->enable_auto_provisioning ) {
395393

396394
// 3. If we are configured to check, and there are no groups for this user, we should not be creating it.

0 commit comments

Comments
 (0)