Jetpack Connect URL: use correct URL to auto-approve

[roccotripaldi]

already_authorized is a connection URL param that lets a connecting customer know they've already connected the site.

auth_approved is a connection URL param that let's a connecting customer skip
the screen that shows the terms-of-service-acceptance button.

In #8544 we meant to use auth_approved

Fixes #8783

To reproduce:

On an unconnected jetpack site, try connecting from the banner on the plugins page. Not that you get an odd "Already connected..." error when you land on wordpress.com

Then apply this patch to your jetpack site, and try again from the banner on the plugins page. You will not see the error, and you should skip the terms-of-service-acceptence and be auto authorized.

Proposed changelog entry for your changes:

We fixed an issue that sometimes resulted in a notice being shown about another user already having connected a Jetpack site when attempting to connect your site to WordPress.com

[oskosk]

Couldn't reproduce this the first times... And then I found a way to reproduce which is:

1. On a fresh site. Click the banner "Set Up Jetpack" button.
2. When arriving the first calypso screen, go back with the browser.
3. Click the Set Up Jetpack button again.
4. Expect to see the "already connected..." notice.

Then tested with this PR and didn't see that ^ behaviour.
But I don't see any approval screen being skipped as result of this other parameter either. I get to see this same screen regardless of the URL if I click the button.

[oskosk]

Approving because this actually fixes a bug which results in a dead end.

[oskosk]

I now got to see the step skipped after trying multiple times and going back and forward...

The only thing that made it work, was switching branches on Jetpack Beta from this branch to Bleeding Edge and back. After that, clicking the Setup Jetpack button I got to skip the authorize screen...
Then, disconnected again, clicked the banner button again (with this PR's changes) and got presented with the authorize screen. So looks like the feature is working randomly.

[sirreal]

It seems that this is the problem.

Thanks @roccotripaldi !

[sirreal]

I spent some time tracking down why this only happens before connection has been attempted.

Here's the short version:

The connection banner naïvely adds a query arg to the build_connection_url:

jetpack/class.jetpack-connection-banner.php

Lines 82 to 87 in b33be10

	$url = Jetpack::init()->build_connect_url(
	true,
	false,
	sprintf( 'banner-%s-slide-%s-%s', $jp_version_banner_added, $slide_num, $current_screen->base )
	);
	return add_query_arg( 'already_authorized', 'true', $url );

The URL may be WP Admin, which is required to get a client_id before going through the connection, but if the client_id is already known it will directly point to jetpack.wordpress.com:

jetpack/class.jetpack.php

Lines 4428 to 4432 in b33be10

	function build_connect_url( $raw = false, $redirect = false, $from = false, $register = false ) {
	$site_id = Jetpack_Options::get_option( 'id' );
	$token = Jetpack_Options::get_option( 'blog_token' );
	if ( $register || ! $token || ! $site_id ) {

That's why you must hit the endpoint at WP Admin once before this bug manifests.

The WP Admin endpoint silently discards unknown params and rebuilds the connection URL for redirection. Ideally this param would be part of build_connect_url.

I've pushed a commit to maintain the param through the WP Admin redirection (d8e7a6c)

See p1519119812000072-slack-luna

[sirreal]

I've tested and this works well, on first (WP Admin) and subsequent (jetpack.wordpress.com) auths.

I do think that the logic should be moved into build_connect_url.

[oskosk]

I do think that the logic should be moved into build_connect_url.

@tyxla what do you think about it? Something similar happened with the onboarding param, but in this case it was problematic when the logic was inside build_connect_url() and we ended up pulling it out.

[tyxla]

Tests well 👍 thank you!

[tyxla]

@oskosk it was problematic because we were adding some extra parameters every time the user has an onboarding token. That's not the case here, so it looks safe from that point of view 👍

I'd only be hesitant to introduce it to build_connect_url just because it's used in so many places, and we'd need to test a lot more cases before making sure it doesn't break anything else.

So, if we decide to move it to build_connect_url, let's make sure to test all places where it's called thoroughly and in an organized manner.