feat(my-account): add email change cancellation option#3778
Conversation
dkoo
left a comment
There was a problem hiding this comment.
This is mostly working as described, except for one flow that I detailed below (when clicking a confirm or cancel link while not logged into the reader's account).
| } else { | ||
| \wc_add_notice( $error, 'error' ); | ||
| } | ||
| \wp_safe_redirect( \wc_get_endpoint_url( 'edit-account', '', \wc_get_page_permalink( 'myaccount' ) ) ); |
There was a problem hiding this comment.
I stumbled on this by accident, but if you click on the link while not logged in, it brings you to the site's homepage and doesn't seem to do anything, but the nonce/link then gets invalidated, so after logging in I can no longer click the cancellation link to cancel the request (I just get the "something went wrong" error message).
What if we tweaked this flow to check logged-in state before verifying the nonce? If not logged in, we should redirect to the My Account page so they user gets presented with a login screen, then after logging in, we can proceed with the nonce verification and cancellation logic.
There was a problem hiding this comment.
This is also the case for confirming an email change. I think the same flow during logged-out state would work for that, too.
There was a problem hiding this comment.
Oooh. Good catch @dkoo! We actually do perform the is_user_logged_in check before verifying the nonce in both handle_verify_email_change and handle_cancel_email_change.
But this issue will still happen since the nonce is tied to the session. So if the url is generated while the reader is logged in, then the reader logs out and logs back in, and finally the reader clicks the link, it will fail.
To get around this case, I've switched from using nonces to wp_hash in cc4111e. This commit also makes it so logged out readers are directed to my account when clicking these links as well.
Let me know if this works!
There was a problem hiding this comment.
Actually, I think I'm going to have to take this one out of review since doing away with the nonces opens us up to the issue you pointed out in slack here: https://a8c.slack.com/archives/C055SRT7WN4/p1740519700873229
I'll have to do some more thinking about this later this week. (I'm open to suggestions though!) I'll ping you once this is ready again. Sorry for the confusion @dkoo!
There was a problem hiding this comment.
Thanks, @chickenn00dle! If you want to separate out the refactoring of the nonce/logged-out state into another PR, we can proceed with this one as-is. Whatever you prefer!
There was a problem hiding this comment.
Alright, I've made a small change to always use a hash of the existing email address, this way only the logged in user with that email can complete the process. I think this should cover us, but let me know what you think @dkoo!
There was a problem hiding this comment.
Nice! This is working well with the email hash, but I think we just need one more change for the handling in a logged-out state. Using the following steps:
- From My Account, change your email address to get the verification email
- Log out of the reader account
- Click either the Confirm or Cancel links from the email: you'll get directed to log in at My Account, with the
?verify-email-change=tokenor?cancel-email-change=tokenparams still attached - Log into the account using this form and click "Continue" after logging in
At this point, the page reloads and you're logged into the account, but in the reload we lose the params on the URL, so the confirm/cancel request isn't handled. As the reader, I'll need to go back to the email and click the link again.
I think we should let these params pass through after the login so that the reader won't have to take that extra step to complete the intended action. Maybe we can detect the params on the referrer URL on a wp_login hook to handle them?
There was a problem hiding this comment.
Great idea! Unfortunately the auth form hijacks the wp_login flow, so I had to make changes to the redirect flow there in ae1217f
Let me know if this looks good to you!
There was a problem hiding this comment.
Nice, this accomplishes the task of making the flow more seamless for the reader, so I'm good with it!
cc4111e to
94a9bff
Compare
dkoo
left a comment
There was a problem hiding this comment.
@chickenn00dle we're almost there! I just have one more suggestion below before merging this. Let me know if you want to discuss further.
| } else { | ||
| \wc_add_notice( $error, 'error' ); | ||
| } | ||
| \wp_safe_redirect( \wc_get_endpoint_url( 'edit-account', '', \wc_get_page_permalink( 'myaccount' ) ) ); |
There was a problem hiding this comment.
Nice! This is working well with the email hash, but I think we just need one more change for the handling in a logged-out state. Using the following steps:
- From My Account, change your email address to get the verification email
- Log out of the reader account
- Click either the Confirm or Cancel links from the email: you'll get directed to log in at My Account, with the
?verify-email-change=tokenor?cancel-email-change=tokenparams still attached - Log into the account using this form and click "Continue" after logging in
At this point, the page reloads and you're logged into the account, but in the reload we lose the params on the URL, so the confirm/cancel request isn't handled. As the reader, I'll need to go back to the email and click the link again.
I think we should let these params pass through after the login so that the reader won't have to take that extra step to complete the intended action. Maybe we can detect the params on the referrer URL on a wp_login hook to handle them?
dbc893d to
ae1217f
Compare
ae1217f to
96fd016
Compare
|
Hey @chickenn00dle, good job getting this PR merged! 🎉 Now, the Please check if this PR needs to be included in the "Upcoming Changes" and "Release Notes" doc. If it doesn't, simply remove the label. If it does, please add an entry to our shared document, with screenshots and testing instructions if applicable, then remove the label. Thank you! ❤️ |
# [6.1.0-alpha.1](v6.0.1...v6.1.0-alpha.1) (2025-03-06) ### Bug Fixes * **modal-checkout:** password setup ([8fbfabd](8fbfabd)) * **my-account:** handle email change esp sync errors ([#3792](#3792)) ([3d9f294](3d9f294)) * **my-account:** send change email to old and new emails ([#3786](#3786)) ([710d53d](710d53d)) * **premium-newsletters:** show premium lists in post-checkout signup ([#3788](#3788)) ([ccb1526](ccb1526)) * spacer block handling with registration block ([e9b7beb](e9b7beb)) ### Features * **correction-blocks:** Correction box & Loop item + Template ([#3787](#3787)) ([c215dc2](c215dc2)) * **correction-blocks:** update corrections template ([#3793](#3793)) ([c7aea33](c7aea33)) * **my-account:** add email change cancellation option ([#3778](#3778)) ([600ad61](600ad61)) * **my-account:** sync admin email change with ESP/stripe ([#3799](#3799)) ([7179ffd](7179ffd)) * **my-account:** sync email change with esp ([#3780](#3780)) ([983c087](983c087)) * **my-account:** sync email change with stripe ([#3789](#3789)) ([4f45795](4f45795))
|
🎉 This PR is included in version 6.1.0-alpha.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
# [6.1.0](v6.0.5...v6.1.0) (2025-03-18) ### Bug Fixes * **modal-checkout:** endpoint to refresh newsletter lists via REST ([#3841](#3841)) ([2b294e0](2b294e0)) * **modal-checkout:** password setup ([8fbfabd](8fbfabd)) * **my-account:** handle email change esp sync errors ([#3792](#3792)) ([3d9f294](3d9f294)) * **my-account:** send change email to old and new emails ([#3786](#3786)) ([710d53d](710d53d)) * **premium-newsletters:** show premium lists in post-checkout signup ([#3788](#3788)) ([ccb1526](ccb1526)) * spacer block handling with registration block ([e9b7beb](e9b7beb)) ### Features * **correction-blocks:** Correction box & Loop item + Template ([#3787](#3787)) ([c215dc2](c215dc2)) * **correction-blocks:** update corrections template ([#3793](#3793)) ([c7aea33](c7aea33)) * enable email change for newspack users ([#3824](#3824)) ([9c152a8](9c152a8)) * **my-account:** add email change cancellation option ([#3778](#3778)) ([600ad61](600ad61)) * **my-account:** sync admin email change with ESP/stripe ([#3799](#3799)) ([7179ffd](7179ffd)) * **my-account:** sync email change with esp ([#3780](#3780)) ([983c087](983c087)) * **my-account:** sync email change with stripe ([#3789](#3789)) ([4f45795](4f45795)) * **woo-member-commenting:** optional module for member commenting ([#3783](#3783)) ([90746c8](90746c8)) ### Reverts * Revert "refactor(corrections): remove corrections feature flag (#3797)" (#3825) ([afd01f2](afd01f2)), closes [#3797](#3797) [#3825](#3825)
|
🎉 This PR is included in version 6.1.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
All Submissions:
Changes proposed in this Pull Request:
Closes https://app.asana.com/0/1208993180326452/1209468700585359/f
This PR adds the option to cancel an email change request after one has been submitted:
How to test the changes in this Pull Request:
NEWSPACK_EMAIL_CHANGE_ENABLEDFF is added in wp-configChange emailtemplateEMAIL_CANCELLATION_URLtemplate tagCancel email changebutton appears next to theSave changesbutton.Other information: