-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change how Advanced admin settings fields are output #429
Conversation
Switch Advanced admin settings to use new render functions. Reword confusing and incorrect descriptions. Renamed incorrect protected vars. Add check for function_exists to use hooks for settings callbacks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Many of the functions modified here previously received no args. Shouldn't you have $args = {}
as parameter for retro compatibility? (methods are public). I see this repeats along the PR. Please check them all if this applies.
array( 'name' => __( 'Force HTTPS Callback', 'wp-auth0' ), 'opt' => 'force_https_callback', | ||
'id' => 'wpa0_force_https_callback', 'function' => 'render_force_https_callback' ), | ||
array( 'name' => __( 'Lock JS CDN URL', 'wp-auth0' ), 'opt' => 'passwordless_enabled', | ||
array( 'name' => __( 'Lock JS CDN URL', 'wp-auth0' ), 'opt' => 'cdn_url', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can these 2 var renaming changes be considered breaking changes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They were incorrect in a previous (unreleased) branch. More testing found the incorrect option name.
<?php | ||
public function render_jwt_auth_integration( $args ) { | ||
$this->render_switch( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
$this->render_field_description( __( 'This will enable the JWT Auth Users Repository override', 'wp-auth0' ) ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Previous string had a 's
after JWT
. Is this intentional? and btw, what does this string mean?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, intentional. Sounded awkward.
JWT Auth is an unsupported plugin we put out a while ago. So this is saying if that plugin is installed and this option is on, use the "user repository" from the plugin.
public function render_custom_signup_fields( $args ) { | ||
$this->render_textarea_field( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
$this->render_field_description( | ||
__( 'Valid JSON for custom signup fields in the Auth0 signup form. ', 'wp-auth0' ) . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd use the same name as in the docs
custom additional signup fields
public function render_link_auth0_users( $args ) { | ||
$this->render_switch( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
$this->render_field_description( | ||
__( 'Links accounts with the same e-mail address (emails must be verified)', 'wp-auth0' ) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If possible, add a small sentence telling when an email is considered verified. Such as: "An email is verified when the user was created using a social provider that shared the account's email or when a user receives a verification email and proceeds with the verify flow."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added this to the "Require Verified Email" setting and mentioned it here.
public function render_auto_provisioning( $args ) { | ||
$this->render_switch( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
$this->render_field_description( | ||
__( 'Create new users in the WordPress database when signups are off. ', 'wp-auth0' ) . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if here you refer to the "auth0 database signups" I'd clarify that:
Create new users in the WordPress database when signups are disabled in the auth0 database connection and an existing auth0 user logs in. Or something like that. It's not clearer my suggestion, sorry haha.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not clear or correct :)
This is ... WordPress registrations are off, user is added to Auth0 and logs in, user is added to WordPress. I think what I have is about as straightforward as I can get (after a few revisions) but open to suggestions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How can users be "added to wordpress" if "wordpress registrations are off"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You add in Auth0, successfully login, then they are added to WP
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is that expected? I understand there are 2 different user databases, with duplicated info IMO. What's the point on keeping a "auth0 user" that would never be able to "create a wordpress account"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking through how this operates ... the scenario here is that WP registrations are turned off so the Lock form hides the Signup tab and the WP registration form is off. This means that no one can register themselves in WP (users can still be added by an admin). Now, an Auth0 admin adds a user in Auth0 and provides them their username and password. If the setting is turned:
- off (default) then the login is blocked (
throw new WP_Auth0_RegistrationNotEnabledException();
inWP_Auth0_UsersRepo::create()
) - on then the user is created as usual and life continues
I'm not saying this is how it should work, just how it currently does. IMHO, this should at least be turned on by default, maybe just forced to be the case.
public function render_connections( $args ) { | ||
$this->render_text_field( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
$this->render_field_description( | ||
__( 'Connections the Auth0 login form should show (separate multiple with commas). ', 'wp-auth0' ) . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Connections that the ..
and then
separate multiple connections with commas
(Same as in the IP text)
$this->render_field_description( | ||
__( 'Connections the Auth0 login form should show (separate multiple with commas). ', 'wp-auth0' ) . | ||
__( 'If this is empty, all active connections will be shown. ', 'wp-auth0' ) . | ||
__( 'Connections listed here must already be active under Connections in your ', 'wp-auth0' ) . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dashboard/connections/social would be enabling those for the TENANT scope, but then each CLIENT must enable those too. Make sure this is clearer please.
$this->render_switch( $args[ 'label_for' ], $args[ 'opt_name' ] ); | ||
$this->render_field_description( | ||
__( 'Require new users to verify their email before logging in. ', 'wp-auth0' ) . | ||
__( 'This will disallow logins from social connections that do not provide email (like Twitter)', 'wp-auth0' ) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are users even created when this case happens? i.e. I sign up using Twitter. I won't be able to log in ever??
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Users are created if an email is present in their userinfo. If this is on and you sign in with Twitter, you're rejected, correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joshcanhelp But is the "wordpress user" created in that case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No. No user created, no login allowed
@@ -133,7 +137,7 @@ protected function render_switch( $id, $input_name, $expand_id = '' ) { | |||
printf( | |||
'<div class="a0-switch"><input type="checkbox" name="%s[%s]" id="%s" data-expand="%s" value="1"%s> | |||
<label for="%s"></label></div>', | |||
esc_attr( $this->option_name ), | |||
esc_attr( $this->_option_name ), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Line 30 declares this
$options_name = $this->_option_name . '_' . strtolower( $id );
Why is this getting renamed to _option_name
? I'm not following that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Renamed in a previous PR but these functions were added after that.
lib/admin/WP_Auth0_Admin_Generic.php
Outdated
* | ||
* @return string | ||
*/ | ||
protected function get_dashboard_link( $path = '' ) { | ||
return sprintf( '<a href="https://manage.auth0.com/#/%s" target="_blank">%s</a>', | ||
protected function get_dashboard_link( $path = '', $append_period = FALSE ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is necessary or part of this method logic. The method who is calling it must be completing the format. BTW it's only used 2 times on this doc, both of which have a follow up text that can easily contain those ". " you are adding in here. On the contrary, this line would have made sense that it called this method passing true since it doesn't have a follow up text, but it's not. 😂
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The description method auto-adds periods. This is mainly to not screw up translation too much. A translate-able text string that just starts with a period and a space is hard to re-use in any context.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Slept on it ... this is goofy. Removing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A translate-able text string that just starts with a period and a space is hard to re-use in any context.
This is true 100%. But then you can split ". The text to be translated" in
". "and
"The text to be translated"`, fixing both what I pointed out and the translation inconvenience.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But then you're not able to change the period, if needed. Tradeoffs 🤷♂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How so?
"Text with placeholder on my right" . <placeholder var> . ". " . "Other translatable text".
Something like this would work fine. Both the first and last texts could be translated just fine. The dot is a dot, it will never change at least not if you want to keep the original redaction of the message.
@lbalmaceda - I saw your main review comment re: https://github.com/auth0/wp-auth0/blob/master/lib/admin/WP_Auth0_Admin_Generic.php#L30 So that has always been passed, I just added another key, |
@lbalmaceda - The function is called by WP core, it's public so that can happen. No one should be calling these directly. I could make the parameter default I see what you're saying here but if someone is re-using a render callback directly, they're definitely doing it wrong. I guess I could just return if the array is empty to avoid a fatal but that would have to be in every function. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the record. I don't agree changing those public methods signature, but a future PR will include docs over the methods to warn users who use them directly.
This commit will: