Skip to content

Connection: include connection-using plugin slugs on every authorize URL#48713

Open
bindlegirl wants to merge 3 commits into
trunkfrom
add/plugins-on-all-auth-urls
Open

Connection: include connection-using plugin slugs on every authorize URL#48713
bindlegirl wants to merge 3 commits into
trunkfrom
add/plugins-on-all-auth-urls

Conversation

@bindlegirl
Copy link
Copy Markdown
Contributor

@bindlegirl bindlegirl commented May 12, 2026
edited
Loading

Related CONNECT-186

Proposed changes

  • Centralize the plugins query arg on every Jetpack authorize URL by populating it once inside Manager::get_authorization_url() from Plugin_Storage::get_all(). Every existing caller (My Jetpack, SSO, Identity Crisis, the Connection Notice, the connectors card, Publicize, Post-by-Email) now picks the slug list up automatically — previously only the new connectors-card flow sent it.
  • Drop the now-redundant plugins request param from the /connection/register and /connection/authorize_url REST endpoints plus the JS callers in connectors-card.js that used to send it. The single server-side source replaces both.
  • Add a ManagerTest case for the new behavior end-to-end and update the affected REST_Endpoints_Test cases to seed Plugin_Storage directly. A tearDown reset hook keeps the class's private static state from leaking between tests.

Related product discussion/links

Does this pull request change what data or activity we track or use?

No — the same plugins query arg is already sent today via the /connection/register and /connection/authorize_url REST endpoints (when called from the connectors card). This PR just makes the value emitted on every authorize URL flow rather than only that one. The data itself is unchanged: a comma-separated list of slugs from Plugin_Storage::get_all(), which already feeds the jetpack_connection_active_plugins option synced to WPCOM.

One subtle wire-format change worth flagging for reviewers: the comma between slugs now arrives at WPCOM URL-encoded once (plugins=jetpack%2Cwoocommerce) instead of literal (plugins=jetpack,woocommerce), because the value goes through urlencode_deep() inside get_authorization_url() before add_query_arg. WPCOM decodes query args normally so this is functionally equivalent.

Testing instructions

  • On a fresh site with the connection package, trigger any of these flows and confirm the resulting wordpress.com/jetpack/connect/authorize?... URL has a plugins=... query arg:
    • My Jetpack -> Connect button
    • Connectors card on the WP core Settings > Connectors page (WP 7.0+)
    • SSO -> first connect
    • Connection Notice (admin notice when not connected)
    • Disconnect -> reconnect from any of the above

Made with Cursor

@bindlegirl @cursoragent
Connection: include connection-using plugin slugs on every authorize URL
f319aac 
Centralize the `plugins` query arg on every Jetpack authorize URL by
populating it once inside `Manager::get_authorization_url()` from
`Plugin_Storage::get_all()`. Every existing call site (My Jetpack,
SSO, Identity Crisis, the Connection Notice, the connectors card,
Publicize, Post-by-Email) now picks the value up automatically.

Drop the now-redundant `plugins` request param from the
`/connection/register` and `/connection/authorize_url` REST endpoints
plus the JS callers in `connectors-card.js` that used to send it -
the single server-side source replaces both.

Tests for the two REST endpoints now seed `Plugin_Storage` instead
of passing the param, with a `tearDown` reset so the static state
does not leak between tests. New `ManagerTest::test_get_authorization_url_includes_plugins_from_storage`
covers the new behavior end-to-end.

Co-authored-by: Cursor <cursoragent@cursor.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026
edited
Loading

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

  • To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack or WordPress.com Site Helper), and enable the add/plugins-on-all-auth-urls branch.
  • To test on Simple, run the following command on your sandbox:
bin/jetpack-downloader test jetpack add/plugins-on-all-auth-urls

bin/jetpack-downloader test jetpack-mu-wpcom-plugin add/plugins-on-all-auth-urls

Interested in more tips and information?

  • In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
  • Read more about our development workflow here: PCYsg-eg0-p2
  • Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026
edited
Loading

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

Follow this PR Review Process:

  1. Ensure all required checks appearing at the bottom of this PR are passing.
  2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
  3. You can use GitHub's Reviewers functionality to request a review.
  4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

@github-actions github-actions Bot added the [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. label May 12, 2026
@jp-launch-control
Copy link
Copy Markdown

jp-launch-control Bot commented May 12, 2026
edited
Loading

Code Coverage Summary

Coverage changed in 3 files.

File Coverage Δ% Δ Uncovered
projects/packages/connection/src/class-manager.php 612/1016 (60.24%) 0.04% 0 💚
projects/packages/connection/src/class-rest-connector.php 489/513 (95.32%) -0.12% 0 💚
projects/packages/connection/src/class-plugin-storage.php 56/72 (77.78%) 1.39% -1 💚

Full summary · PHP report · JS report

@bindlegirl bindlegirl self-assigned this May 12, 2026
bindlegirl and others added 2 commits May 12, 2026 11:52
@bindlegirl @cursoragent
Tests: handle private static props on PHP <8.1 in ManagerTest
7459fba 
`ReflectionClass::setStaticPropertyValue()` cannot reach private static
properties on PHP <8.1 without going through `getProperty()` +
`setAccessible(true)` first. The new
`test_get_authorization_url_includes_plugins_from_storage` was calling
the former directly and tripped CI on the lower PHP versions in the
matrix.

Factor the existing fallback (already used in `REST_Endpoints_Test`
and `Plugin_Storage_Test`) into a small helper on the test class and
route the four call sites in the new test through it.

Co-authored-by: Cursor <cursoragent@cursor.com>
@bindlegirl @cursoragent
Tests: keep Plugin_Storage::$configured = true when resetting
60b8a77 
The reset_plugin_storage() helpers in ManagerTest and REST_Endpoints_Test
were flipping the static $configured flag back to false between tests.
That makes Plugin_Storage::get_all() hand back a WP_Error object instead
of an array, and Manager::register() then stuffs that object into the
HTTP request body it passes to wp_remote_request().

On PHP 8.5, the Requests library bundled with WordPress core walks that
body via RecursiveArrayIterator (Requests/src/Transport/Curl.php:630),
which now emits a deprecation when an object is used as the backing
array. With phpunit.xml's failOnDeprecation=true, that single deprecation
fails the whole connection package test run -- specifically attributed
to Webhooks_Test::test_handle_connect_url_redirect, an unrelated test
that just happens to call register() during the redirect flow.

Resetting to a "post-plugins_loaded" state ($configured = true, empty
$plugins) keeps get_all() returning a plain array, matches what
production code sees once plugins_loaded has fired, and lets the
downstream test continue to work on PHP 8.5.

Also simplifies the new ManagerTest case: with $configured already
true, we can drop the back-and-forth configure() / set_plugin_storage_configured()
dance and let Plugin::add() seed plugins directly via Plugin_Storage::upsert().

Co-authored-by: Cursor <cursoragent@cursor.com>
@bindlegirl bindlegirl requested a review from darssen May 12, 2026 12:10
@bindlegirl bindlegirl marked this pull request as ready for review May 12, 2026 12:10
@bindlegirl bindlegirl requested a review from a team as a code owner May 12, 2026 12:10
@bindlegirl bindlegirl added [Status] Needs Review This PR is ready for review. and removed [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. [Status] In Progress labels May 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@darssen darssen Awaiting requested review from darssen

Assignees

@bindlegirl bindlegirl

Labels

[Package] Connection [Status] Needs Review This PR is ready for review. [Tests] Includes Tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bindlegirl