feat(reader-auth): send WP login reminder email to non-reader accounts#3796
Merged
Conversation
6 tasks
adekbadek
requested changes
Mar 21, 2025
adekbadek
left a comment
Member
There was a problem hiding this comment.
publishers who are trying to use reader-based login and registration flows to log into their non-reader (admin, editor, author, etc.) accounts
I assume the reason for the email solution is because we don't want to enable fishing for admin email addresses. Just noting because I'd expect that noted somewhere, preferably in the code.
I think the reminder email content should be more explicit about using the /wp-admin link and point out that the user tried to use a login flow reserved for readers.
Contributor
Author
|
Thanks for the feedback, @adekbadek! I've responded in the threads above. |
Contributor
Author
|
@adekbadek requesting another review on this when you have a chance! |
adekbadek
requested changes
Apr 7, 2025
Co-authored-by: Adam Cassis <adam@adamcassis.com>
adekbadek
approved these changes
Apr 8, 2025
|
Hey @dkoo, good job getting this PR merged! 🎉 Now, the Please check if this PR needs to be included in the "Upcoming Changes" and "Release Notes" doc. If it doesn't, simply remove the label. If it does, please add an entry to our shared document, with screenshots and testing instructions if applicable, then remove the label. Thank you! ❤️ |
6 tasks
miguelpeixe
reviewed
Apr 22, 2025
| return self::send_auth_form_response( new \WP_Error( 'unauthorized', wp_kses_post( __( 'Account not found. <a data-set-action="register" href="#register_modal">Create an account</a> instead?', 'newspack-plugin' ) ) ) ); | ||
| } | ||
|
|
||
| if ( ! self::is_user_reader( $user ) ) { |
Member
There was a problem hiding this comment.
This is not taking into account the account registration flow and will throw a fatal error if I attempt to register via the auth modal. Needs a ! $user check.
6 tasks
6 tasks
matticbot
pushed a commit
that referenced
this pull request
Apr 23, 2025
# [6.5.0-alpha.1](v6.4.4...v6.5.0-alpha.1) (2025-04-23) ### Bug Fixes * add white background to Newspack admin screens ([#3909](#3909)) ([4c8409e](4c8409e)) * allow guest contributors to have empty archives ([#3902](#3902)) ([af8bed9](af8bed9)) * **analytics:** migrate back-end GA4 events to front-end ([#3895](#3895)) ([7e18628](7e18628)) * **auth-form:** check user before is_user_reader() call ([#3944](#3944)) ([1cbb760](1cbb760)) * avoid warning for network event ([#3942](#3942)) ([60d0aa3](60d0aa3)) * **bylines:** avoid rerendering of editable area ([#3896](#3896)) ([9fdf659](9fdf659)) * **bylines:** custom edited state for modal ([#3919](#3919)) ([2a1a800](2a1a800)) * **bylines:** get CAP data from the plugin's store ([#3906](#3906)) ([0745113](0745113)) * **corrections:** Limit CPT to posts only ([#3927](#3927)) ([1d49c39](1d49c39)) * **corrections:** Use Corrections Archive template by default ([#3929](#3929)) ([c4c1925](c4c1925)) * **email-change:** ensure success and error messages persist after redirect ([#3913](#3913)) ([caf82a5](caf82a5)) * **email-change:** improve messaging for in-progress or expired change requests ([#3886](#3886)) ([02d2ea0](02d2ea0)) * **email-change:** typo in variable name ([#3941](#3941)) ([941dc21](941dc21)) * **google-login:** handle google oauth disabled state in the editor ([#3946](#3946)) ([0f9f7c6](0f9f7c6)) * hide campaigns menu when the Newspack Campaigns plugin is not activated ([#3922](#3922)) ([adcc21f](adcc21f)) * make front end not dependent on coauthors plus ([#3905](#3905)) ([dc96e5b](dc96e5b)) * **otp-input:** enhance OTP input handling for clipboard ([#3898](#3898)) ([a56328b](a56328b)) * reinstate the Add New Newsletter link in the admin menu ([#3926](#3926)) ([1c8c7d7](1c8c7d7)) * remove extra space above empty help text ([#3904](#3904)) ([6a4fe4f](6a4fe4f)) * remove import and route for Suppression ([#3894](#3894)) ([a2034e7](a2034e7)) * **setup-wizard:** prevent Yoast redirect ([#3940](#3940)) ([3461b5f](3461b5f)) ### Features * **auth:** OTP autocomplete integration ([#3888](#3888)) ([5a1d7a8](5a1d7a8)) * **bylines:** get post byline authors ([#3911](#3911)) ([17942a2](17942a2)) * **bylines:** useAuthorTokens() hook with user entity validation ([#3907](#3907)) ([3d1feee](3d1feee)) * **email-change:** allow old email to cancel email change only, not confirm ([#3912](#3912)) ([92413e3](92413e3)) * **ga4:** np_newsletter_subscribed event upon front-end signup ([#3938](#3938)) ([2295277](2295277)) * **ras-newsletter:** Newsletters list progressive disclosure ([#3887](#3887)) ([53f4eed](53f4eed)) * **reader-auth:** send WP login reminder email to non-reader accounts ([#3796](#3796)) ([d1af25e](d1af25e)), closes [#3823](#3823) * **scss:** export colors as module for JS consumption ([#3910](#3910)) ([81da8f0](81da8f0)) * **segments:** add filter for device segment ([#3880](#3880)) ([d465726](d465726)) * update colors and add all design system variables ([#3882](#3882)) ([6ee8e30](6ee8e30))
Contributor
|
🎉 This PR is included in version 6.5.0-alpha.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
matticbot
pushed a commit
that referenced
this pull request
May 8, 2025
# [6.6.0-alpha.1](v6.5.0...v6.6.0-alpha.1) (2025-05-08) ### Bug Fixes * add white background to Newspack admin screens ([#3909](#3909)) ([4c8409e](4c8409e)) * allow guest contributors to have empty archives ([#3902](#3902)) ([af8bed9](af8bed9)) * **analytics:** migrate back-end GA4 events to front-end ([#3895](#3895)) ([7e18628](7e18628)) * **auth-form:** check user before is_user_reader() call ([#3944](#3944)) ([1cbb760](1cbb760)) * avoid warning for network event ([#3942](#3942)) ([60d0aa3](60d0aa3)) * **bylines:** avoid rerendering of editable area ([#3896](#3896)) ([9fdf659](9fdf659)) * **bylines:** custom edited state for modal ([#3919](#3919)) ([2a1a800](2a1a800)) * **bylines:** get CAP data from the plugin's store ([#3906](#3906)) ([0745113](0745113)) * **corrections:** Limit CPT to posts only ([#3927](#3927)) ([1d49c39](1d49c39)) * **corrections:** Use Corrections Archive template by default ([#3929](#3929)) ([c4c1925](c4c1925)) * **email-change:** ensure success and error messages persist after redirect ([#3913](#3913)) ([caf82a5](caf82a5)) * **email-change:** improve messaging for in-progress or expired change requests ([#3886](#3886)) ([02d2ea0](02d2ea0)) * **email-change:** typo in variable name ([#3941](#3941)) ([941dc21](941dc21)) * **ga4:** ensure gate_post_id and newspack_popup_id are passed to activities ([#3956](#3956)) ([fadaa4d](fadaa4d)) * **google-login:** handle google oauth disabled state in the editor ([#3946](#3946)) ([0f9f7c6](0f9f7c6)) * hide campaigns menu when the Newspack Campaigns plugin is not activated ([#3922](#3922)) ([adcc21f](adcc21f)) * make front end not dependent on coauthors plus ([#3905](#3905)) ([dc96e5b](dc96e5b)) * **newsletters-wizard:** remove advertisers menu item ([#3948](#3948)) ([2fddbd6](2fddbd6)) * **otp-input:** enhance OTP input handling for clipboard ([#3898](#3898)) ([a56328b](a56328b)) * reinstate the Add New Newsletter link in the admin menu ([#3926](#3926)) ([1c8c7d7](1c8c7d7)) * remove extra space above empty help text ([#3904](#3904)) ([6a4fe4f](6a4fe4f)) * remove import and route for Suppression ([#3894](#3894)) ([a2034e7](a2034e7)) * **setup-wizard:** prevent Yoast redirect ([#3940](#3940)) ([3461b5f](3461b5f)) ### Features * **auth:** OTP autocomplete integration ([#3888](#3888)) ([5a1d7a8](5a1d7a8)) * **bylines:** get post byline authors ([#3911](#3911)) ([17942a2](17942a2)) * **bylines:** useAuthorTokens() hook with user entity validation ([#3907](#3907)) ([3d1feee](3d1feee)) * **email-change:** allow old email to cancel email change only, not confirm ([#3912](#3912)) ([92413e3](92413e3)) * **ga4:** np_newsletter_subscribed event upon front-end signup ([#3938](#3938)) ([2295277](2295277)) * **ras-newsletter:** Newsletters list progressive disclosure ([#3887](#3887)) ([53f4eed](53f4eed)) * **reader-auth:** send WP login reminder email to non-reader accounts ([#3796](#3796)) ([d1af25e](d1af25e)), closes [#3823](#3823) * **scss:** export colors as module for JS consumption ([#3910](#3910)) ([81da8f0](81da8f0)) * **segments:** add filter for device segment ([#3880](#3880)) ([d465726](d465726)) * update colors and add all design system variables ([#3882](#3882)) ([6ee8e30](6ee8e30))
Contributor
|
🎉 This PR is included in version 6.6.0-alpha.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
matticbot
pushed a commit
that referenced
this pull request
May 14, 2025
# [6.6.0](v6.5.1...v6.6.0) (2025-05-14) ### Bug Fixes * add white background to Newspack admin screens ([#3909](#3909)) ([4c8409e](4c8409e)) * allow guest contributors to have empty archives ([#3902](#3902)) ([af8bed9](af8bed9)) * **analytics:** migrate back-end GA4 events to front-end ([#3895](#3895)) ([7e18628](7e18628)) * **auth-form:** check user before is_user_reader() call ([#3944](#3944)) ([1cbb760](1cbb760)) * avoid warning for network event ([#3942](#3942)) ([60d0aa3](60d0aa3)) * **bylines:** avoid rerendering of editable area ([#3896](#3896)) ([9fdf659](9fdf659)) * **bylines:** custom edited state for modal ([#3919](#3919)) ([2a1a800](2a1a800)) * **bylines:** get CAP data from the plugin's store ([#3906](#3906)) ([0745113](0745113)) * **corrections:** Limit CPT to posts only ([#3927](#3927)) ([1d49c39](1d49c39)) * **corrections:** Use Corrections Archive template by default ([#3929](#3929)) ([c4c1925](c4c1925)) * **email-change:** ensure success and error messages persist after redirect ([#3913](#3913)) ([caf82a5](caf82a5)) * **email-change:** improve messaging for in-progress or expired change requests ([#3886](#3886)) ([02d2ea0](02d2ea0)) * **email-change:** typo in variable name ([#3941](#3941)) ([941dc21](941dc21)) * **ga4:** ensure gate_post_id and newspack_popup_id are passed to activities ([#3956](#3956)) ([fadaa4d](fadaa4d)) * **google-login:** handle google oauth disabled state in the editor ([#3946](#3946)) ([0f9f7c6](0f9f7c6)) * hide campaigns menu when the Newspack Campaigns plugin is not activated ([#3922](#3922)) ([adcc21f](adcc21f)) * make front end not dependent on coauthors plus ([#3905](#3905)) ([dc96e5b](dc96e5b)) * **newsletters-wizard:** remove advertisers menu item ([#3948](#3948)) ([2fddbd6](2fddbd6)) * **otp-input:** enhance OTP input handling for clipboard ([#3898](#3898)) ([a56328b](a56328b)) * reinstate the Add New Newsletter link in the admin menu ([#3926](#3926)) ([1c8c7d7](1c8c7d7)) * remove extra space above empty help text ([#3904](#3904)) ([6a4fe4f](6a4fe4f)) * remove import and route for Suppression ([#3894](#3894)) ([a2034e7](a2034e7)) * **setup-wizard:** prevent Yoast redirect ([#3940](#3940)) ([3461b5f](3461b5f)) ### Features * **auth:** OTP autocomplete integration ([#3888](#3888)) ([5a1d7a8](5a1d7a8)) * **bylines:** get post byline authors ([#3911](#3911)) ([17942a2](17942a2)) * **bylines:** useAuthorTokens() hook with user entity validation ([#3907](#3907)) ([3d1feee](3d1feee)) * **email-change:** allow old email to cancel email change only, not confirm ([#3912](#3912)) ([92413e3](92413e3)) * **email-change:** remove env constant requirement ([#3943](#3943)) ([f04e58f](f04e58f)) * **ga4:** np_newsletter_subscribed event upon front-end signup ([#3938](#3938)) ([2295277](2295277)) * **ras-newsletter:** Newsletters list progressive disclosure ([#3887](#3887)) ([53f4eed](53f4eed)) * **reader-auth:** send WP login reminder email to non-reader accounts ([#3796](#3796)) ([d1af25e](d1af25e)), closes [#3823](#3823) * **scss:** export colors as module for JS consumption ([#3910](#3910)) ([81da8f0](81da8f0)) * **segments:** add filter for device segment ([#3880](#3880)) ([d465726](d465726)) * update colors and add all design system variables ([#3882](#3882)) ([6ee8e30](6ee8e30))
Contributor
|
🎉 This PR is included in version 6.6.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
All Submissions:
Changes proposed in this Pull Request:
Addresses some persistent confusion expressed by publishers who are trying to use reader-based login and registration flows to log into their non-reader (admin, editor, author, etc.) accounts. In this scenario, we can send the user an email to remind them to log in via the regular WP login page instead of reader-facing UIs.
How to test the changes in this Pull Request:
Logging in (note: we could show a message directing the user to check their email here instead, if desired):
Registering:
Has a password:
No password:
Other information: