Update/split site user connection mgt my jetpack #41520
Conversation
|
Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.
Interested in more tips and information?
|
github-actions
bot
added
[CRM] API
[CRM] Givewp Module
[CRM] MailPoet Module
[CRM] Portal Module
[Extension] AI Assistant Plugin
[Feature] Contact Form
[Feature] Google Analytics
[Feature] Masterbar
|
Here's an open question @jeherve and @bindlegirl This PR moves an API endpoint from the Jetpack plugin to the connection package (connection/user). The endpoint in the package has a version check so that it won't double-register the endpoint if an older version of Jetpack has already registered it. But this raises the issue - if a standalone plugin using the newer version of My Jetpack and newer connection package is installed on a site with an older version of the Jetpack plugin, the way My Jetpack is going to expect the I've tested and can verify this behavior with the Jetpack Beta plugin. An alternative could be to register the endpoint in the connection package as a "new" endpoint with a different name - but that feels counterproductive. Any ideas for the best way forward here? |
Would skipping the version check and setting the override parameter to I haven't checked the differences in the updated endpoint just yet so I am throwing out that suggestion. |
@bindlegirl - that sounds like it would be a good option. I've overlooked the The new endpoint should be compatible if called from the older version of the Jetpack plugin, the old behavior and arguments are still present, the updated version just adds a new optional parameter and uses a new mapped capability to allow for unlinking of non-admins w/o a connection owner. |
What if the new endpoint were to have a different slug? We'd keep the old Jetpack-only endpoint around, but stop using it in new versions of My Jetpack. Then in a few versions, we could get rid of the Jetpack-only version entirely. |
There was a problem hiding this comment.
I tested the changes thoroughly with both the Jetpack main plugin and then again with a standalone plugin (I did Protect) and it all works as expected. I couldn't find any issues!
I do have one question about the user disconnection. Is a page reload required for this? Or could we update all the data on the screen async? You obviously know more about this flow than me so I assume there probably needs to be one for some reason, but wanted to bring it up just in case 😄
I left some comments. None major, but there are enough I think it warrants requesting changes 😄
| { isCurrentUserAdmin && | ||
| connectedUser.currentUser?.isConnected && | ||
| connectedUser.currentUser?.isMaster && ( | ||
| <ManageConnectionActionCard |
There was a problem hiding this comment.
I know this is the same functionality as before, but I was wondering if we should open a new window when the user clicks this link? The "External link" icon generally means a new window will open as well in my experience
There was a problem hiding this comment.
Good thought, yes I think that makes sense
| onClick = () => null, | ||
| link = '#', | ||
| action, | ||
| disabled, |
There was a problem hiding this comment.
Should we have disabled be false by default? I guess an omission leaving it null would most likely have the same behavior, I guess I just prefer explicit defaults 😅
There was a problem hiding this comment.
yes, I agree adding false is more clear 👍
| */ | ||
| public static function unlink_user( $request ) { | ||
|
|
||
| if ( ! isset( $request['linked'] ) || false !== $request['linked'] ) { |
There was a problem hiding this comment.
I'm not running into issues while testing, so I assume this works correctly. I'm just having a hard time understanding why the correct thing to do is return an error if the user is linked in this case 🤔
Wouldn't false !== $request['linked'] be true if the user is linked? Or am I misunderstanding the linked parameter?
There was a problem hiding this comment.
It's kind of an odd parameter - if it's false it means we want the user to be unlinked from what I understand. At least that's the effect. It doesn't have to do with checking that the current user is connected already or not.
There was a problem hiding this comment.
Thank you for explaining! It is a very confusingly named param 😅 But it makes sense why it works correctly
|
|
||
| // Allow admins to force a disconnect by passing the "force" parameter | ||
| // This allows an admin to disconnect themselves | ||
| if ( isset( $request['force'] ) && false !== $request['force'] && current_user_can( 'manage_options' ) && ( new Manager( 'jetpack' ) )->disconnect_user_force( get_current_user_id() ) ) { |
There was a problem hiding this comment.
I'm finding it a bit weird to have the actual disconnect function be invoked in the if statement checks. I guess it works correctly, and I can see the benefit of a simpler hierarchy of if statements but I don't think it's best practices and, imo, it makes it harder to read and understand what's happening 🤔
There was a problem hiding this comment.
I disagree on this one - since the function returns a boolean, I think It's OK to run in as part of the if statement, given that the return value of the function is intended to be a rest_response object or WP_Error.
The first couple of checks in the if statement are used to bail early before trying the disconnect.
The second else if condition follows the same pattern to determine if the disconnect operation worked or failed.
There was a problem hiding this comment.
I don't think this is a big enough issue to push back too hard, so I won't block approval for it again 😄 However I just wanted to share an article I found that explains, in better words than I could, why I am on the other side of this debate: https://www.teamten.com/lawrence/programming/keep-if-clauses-side-effect-free.html
| @@ -63,7 +63,7 @@ const ConnectionListItem: ConnectionListItemType = ( { | |||
| <div className={ styles[ 'list-item' ] }> | |||
| <Text className={ clsx( styles[ 'list-item-text' ], statusStyles ) }> | |||
| { icon && <Icon icon={ icon } /> } | |||
| { text } | |||
| <span>{ text }</span> | |||
There was a problem hiding this comment.
Was this for some sort of styling change? I don't see any CSS changes related to this so I just wanted to make sure it wasn't leftover from a previous implementation
There was a problem hiding this comment.
It was to appease the tests 😅 They were having trouble locating an element with the specified text on the screen, adding a wrapping element helped the matching
| __( 'Connected as %1$s (Owner).', 'jetpack-my-jetpack' ), | ||
| userConnectionData.currentUser?.wpcomUser?.display_name | ||
| /* translators: %1$s is user name, %2$s is the user email */ | ||
| __( 'Connected as %1$s (Owner) ( %2$s ).', 'jetpack-my-jetpack' ), |
There was a problem hiding this comment.
I noticed the email here has spaces around it whereas the connected owner does not. Was this intentional?
There was a problem hiding this comment.
Not intentional, I'll remove those spaces!
|
In addition to the comments in my review, I just noticed it looks like a few of the connection tests are not passing |
|
I discussed this case with @fgiannar, and she shared some previous PRs where endpoints were moved to connection package #16384 and #20440 I think it would be best to follow the same procedure we used there (moving the endpoint, deprecating methods). The workings of the It seems the safest route would be to make sure the UI can support the edge case where the old endpoint is registered last. |
|
Another suggestion is to do the endpoint changes in a separate PR. |
|
Thanks for the review @CodeyGuyDylan
Sort of. After the user is disconnected, we can update the connection state on the front end but the red bubble alerts and the evaluation of "broken" modules that required a user connection are currently pulled from the initial react state - which is loaded in from PHP. The page "works" without reloading, the connection area still shows the user as disconnected, but there are a few things that are not fully up to date - card statuses, alert messages, etc. I do like the experience better without the reload, but I am in favor of accepting the tradeoff of reloading in order to update the product and alert information for now. Once we re-fetch that data async and aren't pulling it from the initial react state then the reload could be removed here. |
…d error handling in case the user disconnect fails
That makes sense, I guess it'd be quite a bit more work to make sure everything is in sync after that (if it's even possible to get all of it). I think it's okay in this case 😄 |
| 'jetpack-connection-js' | ||
| ); | ||
| } | ||
| setUnlinkError( errorMessage ); |
There was a problem hiding this comment.
Nice addition with the error message 😄
Proposed changes:
Does this pull request change what data or activity we track or use?
Yes, this PR adds one new click event for when someone clicks to disconnect their user account:
jetpack_manage_connection_dialog_disconnect_user_clickTesting instructions:
To test this PR fully, you will need a test site with a non admin user and an admin user along with two separate WPCOM accounts that you can use to connect these users individually.
Start by connecting both the admin and non-admin users with their respective WPCOM accounts
As the admin user, navigate to My Jetpack (Jetpack in the admin left nav)
Your connection area should look like below, showing both your wpcom username and email:
Now, check My Jetpack as the non-admin user. You should see your wpcom username and email as well as the local username of the connected site owner
As the non-admin user, click "Manage" next to the connection icons. You should get the manage connection dialog with only one option - disconnecting your user account:
Click on "Disconnect My User account". The modal should show in a "pending" state while the user disconnects and then close itself. The page will also reload after the modal closes
Now that the non-admin user has been disconnected, the connection area should no longer show the "Manage" link next to the connection icons. In place of the user information, there should be a prompt to sign back in.
Test that you can sign in again as the non-admin user. Leave the non-admin user connected for further testing later on.
Now, return to the site as the admin user
Click on "Manage" next to the connection icons to open the connection management modal
The admin user should have three options (assuming they are also the connection owner) - transfer ownership, disconnect user account, and Disconnect Jetpack
Go ahead and disconnect the admin user. The page will reload after disconnection. After reload, the connection area should look something like this (the message can differ depending on whether you had products that were previously relying on the user connection to work)
If you click "Manage" again as the admin user, there should only be one option, to Disconnect Jetpack. This will disconnect the site from Jetpack (removes the site token)
Go ahead and disconnect the site from Jetpack. The connection area should prompt for re-connection of the site after disconnection:
Re-connect the site by clicking "Connect"
After the site connects, before re-connecting the admin user, visit the site as the non-admin user (who we should have left in a connected state in our previous test)
For the connected non-admin, now that the admin user and connection owner has disconnected, the connection area should no longer show the connection owner as being "also connected"
The option to "Manage" and disconnect the non-admin user is still present - make sure that you can still disconnect the non-admin user here with no admin connection owner.
After the non-admin user disconnects, without the presence of a connection owner, the connection area should now indicate that an admin needs to connect before they can sign in again
Fiddle around with the different users and connection states and confirm that the copy and messaging makes sense for different states and roles.
Testing with an older version of the Jetpack plugin
Because this PR moves the
/connection/userAPI endpoint from the Jetpack plugin to the connection package, there are scenarios where both the Jetpack plugin and the connection package will register the same endpoint. To mitigate this, this PR makes sure the API endpoint registration for the connection package runs later than the registration for the Jetpack plugin by running on priority11for therest_api_inithook.To test that the new endpoint it still called when an older version of Jetpack is active: