fix: auto-login after checkout when no password field is present

[superdav42]

What

Fixes the "You need to be logged in to complete a payment" error shown on the finish-checkout page when using the simple preset or any checkout form with auto_generate_password enabled.

Root cause

The simple preset's password field has auto_generate_password: true, so no password input is rendered or submitted. After signup, the auto-login block in process_checkout() called wp_signon() with user_password => false (the request_or_session('password') default). WordPress silently rejects that credential and returns a WP_Error, leaving the user logged out. On the subsequent redirect to wu-finish-checkout, is_user_logged_in() returns false and the element shows the login-required error instead of the success state.

Fix

Extract the auto-login block into a new protected method login_customer_after_checkout().

• Password present (standard form): delegates to wp_signon() unchanged.
• No password (email-only / auto_generate_password forms): logs the user in directly via wp_set_auth_cookie() using the customer's user_id. The user was just created in this very request so no credential round-trip is needed. do_action('wp_login', ...) is fired for consistency with the normal path.

Files changed

• EDIT: inc/checkout/class-checkout.php — replace inline auto-login block with $this->login_customer_after_checkout() call; add the new protected method.
• EDIT: tests/WP_Ultimo/Checkout/Checkout_Test.php — four new tests for login_customer_after_checkout: no-password path fires wp_login, with-password path fires wp_login, already-logged-in is a no-op, and zero user_id is handled gracefully.

Testing

vendor/bin/phpunit --filter Checkout_Test
# Tests: 212, Assertions: 337, Skipped: 1 (pre-existing), Failures: 0

The four new cases all pass:

• test_login_customer_after_checkout_no_password_fires_wp_login
• test_login_customer_after_checkout_with_password_fires_wp_login
• test_login_customer_after_checkout_noop_when_logged_in
• test_login_customer_after_checkout_missing_wp_user_is_safe

---

aidevops.sh v3.13.1 plugin for OpenCode v1.3.17 with claude-sonnet-4-6 spent 11h 32m and 30,592 tokens on this with the user in an interactive session.

[coderabbitai]

Warning

Rate limit exceeded

@superdav42 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 20 minutes and 9 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: aea8da32-40c4-4c36-afcd-4003ae513bb9

📥 Commits

Reviewing files that changed from the base of the PR and between 9911f4b and 4ec209f.

📒 Files selected for processing (2)

• inc/checkout/class-checkout.php
• tests/WP_Ultimo/Checkout/Checkout_Test.php

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bugfix/checkout-auto-login-no-password

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔨 Build Complete - Ready for Testing!

📦 Download Build Artifact (Recommended)

Download the zip build, upload to WordPress and test:

• Build: ultimate-multisite
• ⬇️ Download from GitHub Actions
• ⬇️ Download without Github Account (nightly.link)

🌐 Test in WordPress Playground (Very Experimental)

Click the link below to instantly test this PR in your browser - no installation needed!
Playground support for multisite is very limitied, hopefully it will get better in the future.

🚀 Launch in Playground

Login credentials: admin / password

[github-actions]

Performance Test Results

Performance test results for 88be131 are in 🛎️!

Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown.

URL: /

Run	DB Queries	Memory	Before Template	Template	WP Total	LCP	TTFB	LCP - TTFB
0	41	37.80 MB	830.00 ms (+24.50 ms / +3% )	157.50 ms	1041.00 ms	2034.00 ms	1947.30 ms	89.25 ms
1	56	49.03 MB	945.50 ms	141.00 ms	1087.00 ms	2072.00 ms	1991.20 ms	80.15 ms (-2.15 ms / -3% )