Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use wpcc onboarding flow for account creation during oauth login by default #83026

Merged
merged 7 commits into from
Oct 18, 2023

Conversation

lsl
Copy link
Contributor

@lsl lsl commented Oct 16, 2023

Fixes #71027

Proposed Changes

There are two issues being resolved here:

  • [Bug]: Redirect destinations are not preserved after user account creation #71027 outlines how redirect_to is ignored when creating an account from the login screen as the redirect_to param gets dropped when moving to /start. Even if it was passed in it would be ignored by the /start/onboarding flow. This PR both ensures the redirect_to is passed through and that /start/account is used in place of /start/onboarding (aka /start) when a redirect_to query param is provided.
  • p1697220716421119-slack-C02T4NVL4JJ discusses account creation when logging in to e.g. vaultpress via oauth. This PR routes all signups via oauth through /start/wpcc if there isn't a specific flow already defined in signupUrl

Todo:

Could use help testing

  • Each oauth client flow, especially jetpack and woocommerce.com
  • Jetpack connections
  • Comment / like signups

Testing Instructions

Redirect to & /start/account handling:

Wpcc login paths:

  • While logged out of wordpress.com visit:
  • https://vaultpress.com/
  • Click login
  • You'll be taken to wordpress.com login screen: e.g. https://wordpress.com/log-in?client_id=930&redirect_to=https%......
  • Change the wordpress.com part to calypso.localhost:3000 for testing.
  • Click "Create a new account"
  • You should be taken to the /start/wpcc sign up flow and ultimately logged in to vaultpress after signup.

Screenshot(33)

@github-actions
Copy link

github-actions bot commented Oct 16, 2023

@matticbot
Copy link
Contributor

matticbot commented Oct 16, 2023

Here is how your PR affects size of JS and CSS bundles shipped to the user's browser:

App Entrypoints (~12 bytes added 📈 [gzipped])

name         parsed_size           gzip_size
entry-login       +222 B  (+0.0%)      +12 B  (+0.0%)

Common code that is always downloaded and parsed every time the app is loaded, no matter which route is used.

Sections (~22 bytes added 📈 [gzipped])

name             parsed_size           gzip_size
security              +222 B  (+0.0%)      +13 B  (+0.0%)
jetpack-connect       +222 B  (+0.0%)       +9 B  (+0.0%)

Sections contain code specific for a given set of routes. Is downloaded and parsed only when a particular route is navigated to.

Async-loaded Components (~23 bytes added 📈 [gzipped])

name                          parsed_size           gzip_size
async-load-signup-steps-user       +222 B  (+0.2%)      +12 B  (+0.0%)
async-load-design-blocks           +222 B  (+0.0%)      +11 B  (+0.0%)

React components that are loaded lazily, when a certain part of UI is displayed for the first time.

Legend

What is parsed and gzip size?

Parsed Size: Uncompressed size of the JS and CSS files. This much code needs to be parsed and stored in memory.
Gzip Size: Compressed size of the JS and CSS files. This much data needs to be downloaded over network.

Generated by performance advisor bot at iscalypsofastyet.com.

Copy link
Contributor

@paulopmt1 paulopmt1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's working as expected on the Calypso private site link, vaultpress.com and WooCommerce login.
Nice fix @lsl!

Copy link
Member

@DustyReagan DustyReagan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested and added unit tests as I went. Looks good to me! Please feel free to edit the tests! 👍

@lsl lsl force-pushed the update/oauth-create-account branch from de8acf5 to 1f67936 Compare October 17, 2023 04:58
@lsl lsl requested a review from eoigal October 17, 2023 05:13
@matticbot matticbot added the [Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically. label Oct 17, 2023
} );
return `${ signupUrl }/${ signupFlow }?${ params.toString() }`;
}
return `${ signupUrl }/${ signupFlow }`;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved signupFlow down to here, maintaining redirectTo pass through for consistency, I can't actually see anything that uses it other than 3-4 instances in trunk that are only using it to bypass /start (they're setting signup_flow to account i.e. what we would return with the redirect_to anyway.)

@lsl
Copy link
Contributor Author

lsl commented Oct 17, 2023

@eoigal do you mind taking a look re the highlander comment login pathing through here?

@mdawaffe
Copy link
Member

Worked for me testing an OAuth2 app.

This PR directs the signup through a user-only flow (that is, no site is created). The use case I'm looking at is for an app that doesn't make sense to use unless the user has at least one site, but I think that's a separate issue. Thanks for fixing!

@lsl
Copy link
Contributor Author

lsl commented Oct 18, 2023

The use case I'm looking at is for an app that doesn't make sense to use unless the user has at least one site, but I think that's a separate issue. Thanks for fixing!

These are the use cases I'm worried about as we'll more or less be breaking them with this change. They should be fixable by passing in a ?singup_flow=onboarding query param to the login link. The issue being that the onboarding flow doesn't respect any redirect_to's passed in along with it. (I don't think it ever did)

@lsl lsl merged commit 7d8095f into trunk Oct 18, 2023
8 of 9 checks passed
@lsl lsl deleted the update/oauth-create-account branch October 18, 2023 02:46
@github-actions github-actions bot removed the [Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically. label Oct 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug]: Redirect destinations are not preserved after user account creation
5 participants