Change how Advanced admin settings fields are output #429
Conversation
Switch Advanced admin settings to use new render functions. Reword confusing and incorrect descriptions. Renamed incorrect protected vars. Add check for function_exists to use hooks for settings callbacks.
| array( 'name' => __( 'Force HTTPS Callback', 'wp-auth0' ), 'opt' => 'force_https_callback', | ||
| 'id' => 'wpa0_force_https_callback', 'function' => 'render_force_https_callback' ), | ||
| array( 'name' => __( 'Lock JS CDN URL', 'wp-auth0' ), 'opt' => 'passwordless_enabled', | ||
| array( 'name' => __( 'Lock JS CDN URL', 'wp-auth0' ), 'opt' => 'cdn_url', |
There was a problem hiding this comment.
can these 2 var renaming changes be considered breaking changes?
There was a problem hiding this comment.
They were incorrect in a previous (unreleased) branch. More testing found the incorrect option name.
| <?php | ||
| public function render_jwt_auth_integration( $args ) { | ||
| $this->render_switch( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
| $this->render_field_description( __( 'This will enable the JWT Auth Users Repository override', 'wp-auth0' ) ); |
There was a problem hiding this comment.
Previous string had a 's after JWT. Is this intentional? and btw, what does this string mean?
There was a problem hiding this comment.
Yes, intentional. Sounded awkward.
JWT Auth is an unsupported plugin we put out a while ago. So this is saying if that plugin is installed and this option is on, use the "user repository" from the plugin.
| public function render_custom_signup_fields( $args ) { | ||
| $this->render_textarea_field( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
| $this->render_field_description( | ||
| __( 'Valid JSON for custom signup fields in the Auth0 signup form. ', 'wp-auth0' ) . |
There was a problem hiding this comment.
I'd use the same name as in the docs
custom additional signup fields
| public function render_link_auth0_users( $args ) { | ||
| $this->render_switch( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
| $this->render_field_description( | ||
| __( 'Links accounts with the same e-mail address (emails must be verified)', 'wp-auth0' ) |
There was a problem hiding this comment.
If possible, add a small sentence telling when an email is considered verified. Such as: "An email is verified when the user was created using a social provider that shared the account's email or when a user receives a verification email and proceeds with the verify flow."
There was a problem hiding this comment.
Added this to the "Require Verified Email" setting and mentioned it here.
| public function render_auto_provisioning( $args ) { | ||
| $this->render_switch( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
| $this->render_field_description( | ||
| __( 'Create new users in the WordPress database when signups are off. ', 'wp-auth0' ) . |
There was a problem hiding this comment.
if here you refer to the "auth0 database signups" I'd clarify that:
Create new users in the WordPress database when signups are disabled in the auth0 database connection and an existing auth0 user logs in. Or something like that. It's not clearer my suggestion, sorry haha.
There was a problem hiding this comment.
Not clear or correct :)
This is ... WordPress registrations are off, user is added to Auth0 and logs in, user is added to WordPress. I think what I have is about as straightforward as I can get (after a few revisions) but open to suggestions.
There was a problem hiding this comment.
How can users be "added to wordpress" if "wordpress registrations are off"?
There was a problem hiding this comment.
You add in Auth0, successfully login, then they are added to WP
There was a problem hiding this comment.
Is that expected? I understand there are 2 different user databases, with duplicated info IMO. What's the point on keeping a "auth0 user" that would never be able to "create a wordpress account"?
There was a problem hiding this comment.
Looking through how this operates ... the scenario here is that WP registrations are turned off so the Lock form hides the Signup tab and the WP registration form is off. This means that no one can register themselves in WP (users can still be added by an admin). Now, an Auth0 admin adds a user in Auth0 and provides them their username and password. If the setting is turned:
- off (default) then the login is blocked (
throw new WP_Auth0_RegistrationNotEnabledException();inWP_Auth0_UsersRepo::create()) - on then the user is created as usual and life continues
I'm not saying this is how it should work, just how it currently does. IMHO, this should at least be turned on by default, maybe just forced to be the case.
| public function render_connections( $args ) { | ||
| $this->render_text_field( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
| $this->render_field_description( | ||
| __( 'Connections the Auth0 login form should show (separate multiple with commas). ', 'wp-auth0' ) . |
There was a problem hiding this comment.
Connections that the ..
and then
separate multiple connections with commas
(Same as in the IP text)
| $this->render_field_description( | ||
| __( 'Connections the Auth0 login form should show (separate multiple with commas). ', 'wp-auth0' ) . | ||
| __( 'If this is empty, all active connections will be shown. ', 'wp-auth0' ) . | ||
| __( 'Connections listed here must already be active under Connections in your ', 'wp-auth0' ) . |
There was a problem hiding this comment.
dashboard/connections/social would be enabling those for the TENANT scope, but then each CLIENT must enable those too. Make sure this is clearer please.
| $this->render_switch( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
| $this->render_field_description( | ||
| __( 'Require new users to verify their email before logging in. ', 'wp-auth0' ) . | ||
| __( 'This will disallow logins from social connections that do not provide email (like Twitter)', 'wp-auth0' ) |
There was a problem hiding this comment.
Are users even created when this case happens? i.e. I sign up using Twitter. I won't be able to log in ever??
There was a problem hiding this comment.
Users are created if an email is present in their userinfo. If this is on and you sign in with Twitter, you're rejected, correct.
There was a problem hiding this comment.
@joshcanhelp But is the "wordpress user" created in that case?
There was a problem hiding this comment.
No. No user created, no login allowed
| @@ -133,7 +137,7 @@ protected function render_switch( $id, $input_name, $expand_id = '' ) { | |||
| printf( | |||
| '<div class="a0-switch"><input type="checkbox" name="%s[%s]" id="%s" data-expand="%s" value="1"%s> | |||
| <label for="%s"></label></div>', | |||
| esc_attr( $this->option_name ), | |||
| esc_attr( $this->_option_name ), | |||
There was a problem hiding this comment.
Line 30 declares this
$options_name = $this->_option_name . '_' . strtolower( $id );
Why is this getting renamed to _option_name ? I'm not following that
There was a problem hiding this comment.
Renamed in a previous PR but these functions were added after that.
lib/admin/WP_Auth0_Admin_Generic.php
Outdated
| * | ||
| * @return string | ||
| */ | ||
| protected function get_dashboard_link( $path = '' ) { | ||
| return sprintf( '<a href="https://manage.auth0.com/#/%s" target="_blank">%s</a>', | ||
| protected function get_dashboard_link( $path = '', $append_period = FALSE ) { |
There was a problem hiding this comment.
I don't think this is necessary or part of this method logic. The method who is calling it must be completing the format. BTW it's only used 2 times on this doc, both of which have a follow up text that can easily contain those ". " you are adding in here. On the contrary, this line would have made sense that it called this method passing true since it doesn't have a follow up text, but it's not. 😂
There was a problem hiding this comment.
The description method auto-adds periods. This is mainly to not screw up translation too much. A translate-able text string that just starts with a period and a space is hard to re-use in any context.
There was a problem hiding this comment.
Slept on it ... this is goofy. Removing.
There was a problem hiding this comment.
A translate-able text string that just starts with a period and a space is hard to re-use in any context.
This is true 100%. But then you can split ". The text to be translated" in ". "and"The text to be translated"`, fixing both what I pointed out and the translation inconvenience.
There was a problem hiding this comment.
But then you're not able to change the period, if needed. Tradeoffs 🤷♂️
There was a problem hiding this comment.
How so?
"Text with placeholder on my right" . <placeholder var> . ". " . "Other translatable text".
Something like this would work fine. Both the first and last texts could be translated just fine. The dot is a dot, it will never change at least not if you want to keep the original redaction of the message.
|
@lbalmaceda - I saw your main review comment re: https://github.com/auth0/wp-auth0/blob/master/lib/admin/WP_Auth0_Admin_Generic.php#L30 So that has always been passed, I just added another key, |
|
How was that passed, if I see the method's signature is changing?? See line 137 doesn't include the parameter but now after the changes, that same line now receives
What I meant is that whoever was calling that public function in the past, would find that broken after this change. |
|
@lbalmaceda - The function is called by WP core, it's public so that can happen. No one should be calling these directly. I could make the parameter default I see what you're saying here but if someone is re-using a render callback directly, they're definitely doing it wrong. I guess I could just return if the array is empty to avoid a fatal but that would have to be in every function. |
This commit will: