Remove and migrate Passwordless setting #425
Conversation
cocojoe
changed the title
lib/WP_Auth0_Lock_Options.php
Outdated
| } else { | ||
| return 'show'; | ||
| } | ||
| return 'show'; |
lib/WP_Auth0_Options_Generic.php
Outdated
| if ( !isset( $options[$key] ) ) | ||
| return apply_filters( 'wp_auth0_get_option', $default, $key ); | ||
| return apply_filters( 'wp_auth0_get_option', $options[$key], $key ); | ||
| if ( 'passwordless_cdn_url' === $key ) { |
There was a problem hiding this comment.
So in a generic function for returning settings values, we are hacking in passwordless cdn url?
There was a problem hiding this comment.
Hence the TODO on the line below. There is another PR for changing how the scripts are being loaded and if I changed it everywhere, I'd have conflicts. I'll clear all the TODOs before release.
There was a problem hiding this comment.
I have the same concern. This key has been removed on this same PR, why are you catching that case here? And how are you tracking the pending TODOs? Would be nice to have a linter we can run locally to verify it before the release.
There was a problem hiding this comment.
This is just a stop-gap until #419 is merged. I'll resubmit this once that's been rebased against this one.
TODOs are just tracked in my IDE. I consider TODOs are requiring resolution before the release. If it's going to go past then, I'll create an issue here or Jira.
There was a problem hiding this comment.
Fixed this. Instead of deprecating the setting, I'm just replacing it and leaving it in the options array but without a field to update it. I'll merge these two settings once Lock 10 is deprecated and we can assume most folks are on a version that supports passwordless.
lib/WP_Auth0_Options.php
Outdated
| @@ -218,11 +218,9 @@ protected function defaults() { | |||
| 'remember_users_session' => false, | |||
| 'default_login_redirection' => home_url(), | |||
| 'passwordless_enabled' => false, | |||
| 'passwordless_method' => 'magiclink', | |||
| 'force_https_callback' => false, | |||
| 'cdn_url' => 'https://cdn.auth0.com/js/lock/11.1/lock.min.js', | |||
There was a problem hiding this comment.
Why can't you use this URL for passwordless?
There was a problem hiding this comment.
Passwordless was added in 11.2
joshcanhelp
force-pushed
the
remove-pwl-setting
branch
from
5bcd79f
to
9a55b5c
Compare
lib/WP_Auth0_DBManager.php
Outdated
| } | ||
|
|
||
| if ( in_array( $pwl_method, array( 'emailcode', 'socialOrEmailcode' ) ) ) { | ||
| $lock_json = trim( $options->get( 'extra_conf' ) ); |
There was a problem hiding this comment.
Is this extra_conf a generic extra configuration field, available to all other connections as well or only for passwordless? If you're only using this for passwordless I'd suggest renaming it to something more descriptive like extra_passwordless_configuration
There was a problem hiding this comment.
Generic for Lock
lib/WP_Auth0_DBManager.php
Outdated
| $options->set( 'extra_conf', '{"passwordlessMethod": "code"}' ); | ||
| } else { | ||
| $lock_json_decoded = json_decode( $lock_json, TRUE ); | ||
| $lock_json_decoded[ 'passwordlessMethod' ] = 'code'; |
There was a problem hiding this comment.
You're basically forcing pwdlessmethod=code. So link is not available? What if I have socialOrMagiclink enabled, wouldn't I expect to receive a link??
There was a problem hiding this comment.
I might not be understanding what you're asking or you might not be familiar with how passwordless is configured. Link is the default so I'm setting code if that's what it was set as before.
lib/WP_Auth0_DBManager.php
Outdated
|
|
||
| if ( in_array( $pwl_method, array( 'emailcode', 'socialOrEmailcode' ) ) ) { | ||
| $lock_json = trim( $options->get( 'extra_conf' ) ); | ||
| if ( empty( $lock_json ) ) { |
There was a problem hiding this comment.
I think this whole if/else can be simplified to:
$lock_json = trim( $options-> get( 'extra_conf', '{}') )
$lock_json_decoded = json_decode( $lock_json, TRUE );
$lock_json_decoded[ 'passwordlessMethod' ] = 'code';
$options->set( 'extra_conf', json_encode( $lock_json_decoded ) );There was a problem hiding this comment.
The second parameter in that get method isn't used if it's empty, only if it's not set. If we're doing an upgrade then it's set to something so that second parameter will not be used.
Still, could be improved ... fixed!
lib/WP_Auth0_DBManager.php
Outdated
|
|
||
| $update_options = $options->get_options(); | ||
| unset( $update_options[ 'passwordless_cdn_url' ] ); | ||
| unset( $update_options[ 'passwordless_method' ] ); |
There was a problem hiding this comment.
why? are this deprecated properties?
lib/WP_Auth0_Options_Generic.php
Outdated
| if ( !isset( $options[$key] ) ) | ||
| return apply_filters( 'wp_auth0_get_option', $default, $key ); | ||
| return apply_filters( 'wp_auth0_get_option', $options[$key], $key ); | ||
| if ( 'passwordless_cdn_url' === $key ) { |
There was a problem hiding this comment.
I have the same concern. This key has been removed on this same PR, why are you catching that case here? And how are you tracking the pending TODOs? Would be nice to have a linter we can run locally to verify it before the release.
| @@ -77,39 +75,8 @@ public function init() { | |||
| $this->init_option_section( '', 'advanced', $advancedOptions ); | |||
| } | |||
|
|
|||
| // TODO: Deprecate | |||
There was a problem hiding this comment.
If this is not going to be deprecated on this PR, don't remove the logic now. That's part of the deprecation :) It's OK to leave the TODO.
There was a problem hiding this comment.
@lbalmaceda - I went a little too far in the removal here :)
Should I add it back and do a deprecation PR? Or just deprecate here?
There was a problem hiding this comment.
Make a new separate PR for related deprecations.
Note that if the method can "still work well" you probably should just flag it as deprecated (docs, log a warning, etc) and keep the logic in there. Users who were using it should expect the same behavior. That's what deprecation means: We don't encourage the use but we don't break it. If by any reason you need to remove the logic, please describe future users which is the right method to call or make this old method call the new one inside so behavior is slightly maintained.
| @@ -546,51 +505,8 @@ public function link_accounts_validation( $old_options, $input ) { | |||
| return $this->rule_validation($old_options, $input, 'link_auth0_users', WP_Auth0_RulesLib::$link_accounts['name'] . '-' . get_auth0_curatedBlogName(), $link_script); | |||
| } | |||
|
|
|||
| // TODO: Deprecate | |||
joshcanhelp
force-pushed
the
remove-pwl-setting
branch
6 times, most recently
from
f91dffb
to
21d44e7
Compare
Removes the passwordless method and CDN URL settings. Method is removed to simplify the wp-admin and move passwordless management to the Dashbaord. Passwordless URL is hard-coded to new combined Lock, removing the settings field to change that as well. Going forward, Lock will use the same library for both login form types. Also added a DB version bump and migration script to modify the connections setting so the login form will work as expected after a plugin update. Added a handful of TODOs that will be better suited for a future branch (same release).
joshcanhelp
force-pushed
the
remove-pwl-setting
branch
from
21d44e7
to
17e4d99
Compare
|
|
||
| // Social + SMS means there are existing social connections we want to keep | ||
| case 'socialOrSms' : | ||
| $options->add_lock_connection( 'sms' ); |
There was a problem hiding this comment.
I guess this line works both for "sms" and "socialOrSms", so the switch could be simplified to:
case 'sms'
case 'socialOrSms'
$options->add_lock_connection( 'sms' );
case 'emailcode'
case 'magiclink'
case 'socialOrMagiclink'
case 'socialOrEmailcode'
$options->add_lock_connection( 'email' );There was a problem hiding this comment.
$options->set() !== $options->add_lock_connection() ... one replaces all saved connections, the other adds to existing.
| $options->set( 'passwordless_cdn_url', WPA0_LOCK_CDN_URL ); | ||
|
|
||
| // Force passwordless_method to delete | ||
| $update_options = $options->get_options(); |
There was a problem hiding this comment.
Just a vague comment. If you are doing this 3 liner logic in many places, might be good to consider adding a "remove_from_options (keys)" method
lib/WP_Auth0_DBManager.php
Outdated
| if ( in_array( $pwl_method, array( 'emailcode', 'socialOrEmailcode' ) ) ) { | ||
| $lock_json = trim( $options->get( 'extra_conf' ) ); | ||
| $lock_json_decoded = ! empty( $lock_json ) ? json_decode( $lock_json, TRUE ) : array(); | ||
| $lock_json_decoded[ 'passwordlessMethod' ] = 'code'; |
There was a problem hiding this comment.
above you're switching over $options->get( 'passwordless_method' ). Here you're setting options.extra_conf.passwordlessMethod to code/link. Since they are related but you're talking about actually different configurations of the flow (one is the channel sms/email and the other the type link/code), is there any change you can rename this parameters names, or would that be a breaking change?
There was a problem hiding this comment.
options.extra_conf.passwordlessMethod is defined by Lock:
https://github.com/auth0/lock#passwordless-options
... so no changing that. The passwordless_method option name in WP is going away with this PR so no need to worry about that.
lib/WP_Auth0_DBManager.php
Outdated
| } | ||
|
|
||
| // Need to set a special passwordlessMethod flag if using email code | ||
| if ( in_array( $pwl_method, array( 'emailcode', 'socialOrEmailcode' ) ) ) { |
There was a problem hiding this comment.
If I understand correctly, this if is checking if the selected type wishes a code instead of a link. Because you're relying on the auth0.js default value (currently link as you pointed out) this thing only changes that value if the type is "code". What if tomorrow that library changes the default?? ---> You should add an else to this if that sets the "link" type.
$lock_json = trim( $options->get( 'extra_conf' ) );
$lock_json_decoded = ! empty( $lock_json ) ? json_decode( $lock_json, TRUE ) : array();
$lock_json_decoded[ 'passwordlessMethod' ] = in_array( $pwl_method, array( 'emailcode', 'socialOrEmailcode' ) ) ? 'code' : 'link'; //or however it's called
$options->set( 'extra_conf', json_encode( $lock_json_decoded ) );
Removes the passwordless method and CDN URL settings. Method is removed to simplify the wp-admin and move passwordless management to the Dashbaord. Passwordless URL is hard-coded to new combined Lock, removing the settings field to change that as well. Going forward, Lock will use the same library for both login form types. Also added a DB version bump and migration script to modify the connections setting so the login form will work as expected after a plugin update. Added a handful of TODOs that will be better suited for a future branch (same release).