Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a redirect middleware to redirect /log-in/lostpassword for wordpress.com #98390

Open
wants to merge 5 commits into
base: trunk
Choose a base branch
from
Open

Add a redirect middleware to redirect /log-in/lostpassword for wordpress.com #98390

wants to merge 5 commits into from
+120 −3

Conversation

StevenDufresne
Copy link
Contributor

@StevenDufresne StevenDufresne commented Jan 15, 2025
edited
Loading

Fixes #96291

Proposed Changes

This PR adds a redirect function called redirectLostPassword to redirect WordPress.com users to wp-login.php?action=lostpassword.

Why are these changes being made?

You can read more details in #96291, but in short WooCommerce and Blaze Pro use /log-in/lostpassword for password resets. WordPress.com does not. Much of the functionality was introduced #68885, although originally limited to WooCommerce clients only. A regression was introduced in #93163 which exposed the "Forgot Password" URL on WordPress.com. That regression was fixed in #96506.

However, since the route is public to all Calypso clients, WordPress.com users can still navigate to that URL. If they navigate to that page, the styles and functionality are broken.

Considerations

This may be a naive approach.

It makes the assumption that blazepro.tumblr.com and woocommerce.com will exist in the redirect_to portion of the query. Should either of those clients update their redirect URLs to not include their domains, those users will be redirected to wp-login.php?action=lostpassword.

Ideally, the context would already be set, but I don't see that happening anywhere yet.

Alternatively, I could have updated WooCommerce and Blaze Pro's dynamic routes to identify themselves better but thought that may introduce more risk and I'm not that familiar with the codebase yet.

I'm open to other ideas.

Testing Instructions

Note: I was only able to set up testing by mapping WordPress.com to local calypso.

So assuming that configuration:

Test Default WordPress.com reset

  • Navigate to /log-in/ on WordPress.com.
  • Click "Lost your password?"
  • Expect to end up on wp-login.php?lostpassword.

Test Default WordPress.com reset redirect

  • Enter wordpress.com/log-in/lostpassword
  • Expect to end up on wp-login.php?lostpassword.

Test WooCommerce.com reset

  • Go to woocommerce.com
  • Click "Log in" in the header
  • Notice you are on WordPress.com
  • Click "Lost your password"
  • Expect to still be on wordpress.com/log-in/lostpassword

Test Blaze Pro reset

  • Go to https://blazepro.com/
  • Click "Get Started"
  • Click "Log in to Blaze Pro"
  • Notice you are on WordPress.com
  • Click "Lost your password"
  • Expect to still be on wordpress.com/log-in/lostpassword

Pre-merge Checklist

  • Has the general commit checklist been followed? (PCYsg-hS-p2)
  • Have you written new tests for your changes?
  • Have you tested the feature in Simple (P9HQHe-k8-p2), Atomic (P9HQHe-jW-p2), and self-hosted Jetpack sites (PCYsg-g6b-p2)?
  • Have you checked for TypeScript, React or other console errors?
  • Have you used memoizing on expensive computations? More info in Memoizing with create-selector and Using memoizing selectors and Our Approach to Data
  • Have we added the "[Status] String Freeze" label as soon as any new strings were ready for translation (p4TIVU-5Jq-p2)?
    • For UI changes, have we tested the change in various languages (for example, ES, PT, FR, or DE)? The length of text and words vary significantly between languages.
  • For changes affecting Jetpack: Have we added the "[Status] Needs Privacy Updates" label if this pull request changes what data or activity we track or use (p4TIVU-aUh-p2)?

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 15, 2025
edited by matticbot
Loading

Calypso Live (direct link)
https://calypso.live?image=registry.a8c.com/calypso/app:build-129923
Jetpack Cloud live (direct link)
https://calypso.live?image=registry.a8c.com/calypso/app:build-129923&env=jetpack
Automattic for Agencies live (direct link)
https://calypso.live?image=registry.a8c.com/calypso/app:build-129923&env=a8c-for-agencies

@matticbot
Copy link
Contributor

matticbot commented Jan 15, 2025
edited
Loading

Here is how your PR affects size of JS and CSS bundles shipped to the user's browser:

App Entrypoints (~73 bytes added 📈 [gzipped])

name         parsed_size           gzip_size
entry-login       +239 B  (+0.0%)      +73 B  (+0.0%)

Common code that is always downloaded and parsed every time the app is loaded, no matter which route is used.

Legend

What is parsed and gzip size?

Parsed Size: Uncompressed size of the JS and CSS files. This much code needs to be parsed and stored in memory.
Gzip Size: Compressed size of the JS and CSS files. This much data needs to be downloaded over network.

Generated by performance advisor bot at iscalypsofastyet.com.

@StevenDufresne StevenDufresne changed the title WIP: Add a redirect middelware for lostpassword. Add a redirect middleware to redirect /log-in/lostpassword for wordpress.com Jan 15, 2025
@matticbot matticbot added the [Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically. label Jan 15, 2025
@StevenDufresne StevenDufresne marked this pull request as ready for review January 15, 2025 05:24
chihsuan
chihsuan approved these changes Jan 16, 2025
View reviewed changes
Copy link
Member

@chihsuan chihsuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing the feedback! I tested WordPress.com, Woo, and Blaze Pro. It works as expected. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chihsuan chihsuan chihsuan approved these changes

@escapemanuele escapemanuele Awaiting requested review from escapemanuele

@gavande1 gavande1 Awaiting requested review from gavande1

Assignees
No one assigned
Labels
[Status] Needs Review The PR is ready for review. This also triggers e2e canary tests and wp-desktop tests automatically.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Forgot your password: Should we bring users to the old screen?
3 participants
@StevenDufresne @matticbot @chihsuan