Conversation
The inline-login flow in checkout.js previously read and reset reCAPTCHA / hCaptcha / Cap token inputs directly, coupling the core plugin to specific captcha providers. Replace that with generic wp.hooks extension points so any addon can participate in the lifecycle: * wu_inline_login_data (filter) — augment the AJAX request payload (e.g. append captcha tokens) * wu_inline_login_success (action) — react to a successful login * wu_inline_login_error (action) — react to a failed login (e.g. reset a captcha widget) * wu_inline_login_prompt_ready (action) — initialize widgets once the prompt container is live in the DOM The captcha addon now hooks these instead of relying on hardcoded selectors and a window.wuCaptchaResetInlineLogin global. Supersedes #901. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds a Promise-collecting pre-submission hook so addons can perform async work (like solving an invisible captcha) before the inline login AJAX request is built. Matches the existing `wu_before_form_submitted` pattern — addons push promises into the filter array; core awaits `Promise.all(...)` before proceeding. If any promise rejects, the error message is surfaced to the user and the request is aborted. This fixes a timing race where invisible reCAPTCHA / hCaptcha / Cap widgets had not yet populated their token input by the time the user clicked Submit on the inline login prompt. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughThe inline login flow in the checkout process is refactored to support asynchronous addon operations and extensible payload construction through WordPress-style hooks. The implementation now uses async/await patterns, runs pre-submission filters, removes client-side captcha harvesting, and allows payload manipulation via filters before submission, with success and failure actions emitted throughout. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
assets/js/checkout.js (1)
1251-1270:⚠️ Potential issue | 🟠 MajorHandle
success: falseAJAX responses in the inline login callback.The
handle_inline_login()PHP handler returnswp_send_json_error()responses with HTTP 200 status, which jQuery's AJAX success callback receives. The current code checksif (results.success)but lacks an else block, so invalid credentials silently clearlogging_inwithout displaying an error or firingwu_inline_login_error.Proposed fix
this.request('wu_inline_login', login_data, function(results) { that.logging_in = false; if (results.success) { /** * Fires when an inline login attempt succeeds. * * `@param` {Object} results The AJAX success response. * `@param` {string} field_type The field type ('email' or 'username'). */ hooks.doAction('wu_inline_login_success', results, field_type); // Login successful - reload page to show logged-in state window.location.reload(); + return; } + + that.login_error = results.data && results.data.message + ? results.data.message + : (wu_checkout.i18n.login_failed || 'Login failed. Please try again.'); + + hooks.doAction('wu_inline_login_error', results, field_type); }, function(error) {🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@assets/js/checkout.js` around lines 1251 - 1270, The AJAX success callback for this.request('wu_inline_login', ...) currently only handles results.success true and ignores wp_send_json_error responses; update the callback to add an else branch for when results.success is false that resets that.logging_in (if needed), fires the existing hook hooks.doAction('wu_inline_login_error', results, field_type) and surfaces the error to the user (reusing the same UI/error handling used in the error callback or the page's inline-login error display) so invalid credentials are not silently dropped; reference the AJAX handler handle_inline_login and ensure behavior mirrors the error callback path.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@assets/js/checkout.js`:
- Around line 1224-1233: When the Promise.all of
hooks.applyFilters('wu_before_inline_login_submitted', [], field_type) rejects
the catch block currently sets this.logging_in and this.login_error but does not
emit the failure hook; call the same failure handler used by the nested prompt
path (emit the 'wu_inline_login_error' hook or invoke the existing handleError
path) with the error and field_type so addons can reset captcha/widgets, then
preserve the existing this.logging_in=false and return false behavior. Ensure
you reference the rejection from
hooks.applyFilters('wu_before_inline_login_submitted', [], field_type) and emit
'wu_inline_login_error' (or call handleError) with err and field_type before
returning.
---
Outside diff comments:
In `@assets/js/checkout.js`:
- Around line 1251-1270: The AJAX success callback for
this.request('wu_inline_login', ...) currently only handles results.success true
and ignores wp_send_json_error responses; update the callback to add an else
branch for when results.success is false that resets that.logging_in (if
needed), fires the existing hook hooks.doAction('wu_inline_login_error',
results, field_type) and surfaces the error to the user (reusing the same
UI/error handling used in the error callback or the page's inline-login error
display) so invalid credentials are not silently dropped; reference the AJAX
handler handle_inline_login and ensure behavior mirrors the error callback path.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 77291f7d-f0fa-4d01-9a83-ecf6aa7f6fe7
⛔ Files ignored due to path filters (1)
assets/js/checkout.min.jsis excluded by!**/*.min.js
📒 Files selected for processing (1)
assets/js/checkout.js
| try { | ||
|
|
||
| if (hcaptcha_token) { | ||
| login_data[ 'h-captcha-response' ] = hcaptcha_token; | ||
| } | ||
| await Promise.all(hooks.applyFilters('wu_before_inline_login_submitted', [], field_type)); | ||
|
|
||
| } catch (err) { | ||
|
|
||
| this.logging_in = false; | ||
| this.login_error = (err && err.message) ? err.message : (wu_checkout.i18n.login_failed || 'Login failed. Please try again.'); | ||
| return false; | ||
|
|
There was a problem hiding this comment.
Emit the failure hook when pre-submit work rejects.
This failure path sets login_error but skips wu_inline_login_error, so addons that reset captcha/widgets on login failure will not run for rejected wu_before_inline_login_submitted promises. The nested prompt path already routes this through handleError.
Proposed fix
} catch (err) {
this.logging_in = false;
- this.login_error = (err && err.message) ? err.message : (wu_checkout.i18n.login_failed || 'Login failed. Please try again.');
+ this.login_error = (err && err.message) ? err.message : (wu_checkout.i18n.login_failed || 'Login failed. Please try again.');
+ hooks.doAction('wu_inline_login_error', {
+ data: {
+ message: this.login_error,
+ },
+ originalError: err,
+ }, field_type);
return false;
}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@assets/js/checkout.js` around lines 1224 - 1233, When the Promise.all of
hooks.applyFilters('wu_before_inline_login_submitted', [], field_type) rejects
the catch block currently sets this.logging_in and this.login_error but does not
emit the failure hook; call the same failure handler used by the nested prompt
path (emit the 'wu_inline_login_error' hook or invoke the existing handleError
path) with the error and field_type so addons can reset captcha/widgets, then
preserve the existing this.logging_in=false and return false behavior. Ensure
you reference the rejection from
hooks.applyFilters('wu_before_inline_login_submitted', [], field_type) and emit
'wu_inline_login_error' (or call handleError) with err and field_type before
returning.
|
Closing — this PR has merge conflicts with the base branch. If the linked issue is still open, a worker will be dispatched to re-attempt with a fresh branch. Closed by deterministic merge pass (pulse-wrapper.sh). |
🔨 Build Complete - Ready for Testing!📦 Download Build Artifact (Recommended)Download the zip build, upload to WordPress and test:
🌐 Test in WordPress Playground (Very Experimental)Click the link below to instantly test this PR in your browser - no installation needed! Login credentials: |
|
Performance Test Results Performance test results for b09ea53 are in 🛎️! Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown. URL:
|
1 participant
Summary by CodeRabbit