EMail Verification with SSO


(Steven Greco) #1

Recently i have noticed that new users that register for my site are not able to verify their email address to create their account on the forums.

I am using Wordpress with the Latest version of the WP-Discourse plugin from the WP directory.

Steps taken:

User registers for site through wordpress and the account is created. They then go to the forums to login and are presented with the email verfiy screen when they click on the login in button.

The email they are getting has a very long unformated link to verfy their email with my wordpress site. The copy and paste the email into the broweser. A wp-login screen is presented saying login into to verify. This all works but when they go back to the forums it sill gives them the need to verify screen.

I made a test account to test for myself. Here is the email that is sent for email verify.

Username: Gtest To verify your email address, visit the following address: https://grimreapergamers.com/wp-login.php?action=login&mail_key=1470881304_XUwkZXYgHGvYjhIV8Jsk&error=emailnotverified&redirect_to=https%3A%2F%2Fgrimreapergamers.com%2F&login=Gtest https://grimreapergamers.com/wp-login.php

I dont see any link back to my forums at forums.grimreapergamers.com.

I also do not see this email in the log for sent emails from Discourse.


(Steven Greco) #2

i have tracked the email as it it coming from the email verifier function of the wp-discourse plugin.

@Simon_Cossar - I am using a thrid party user registration plugin for user control. Could this affect the user verifier function?

Edit: I have reverted back to older version 0.7.0 which works for me.


(Simon Cossar) #3

Yes that will be the problem. What is the registration plugin that you are using? Does it log users in directly after they register or does it require users to respond to an activation email before they are able to log in?

Unless you are certain that your registration process is confirming the users email address this may not be very secure.


(Steven Greco) #4

It is called userpro. It allows for various methods, direct, through email verfify and Admin approval. I am using admin approval as we want to see each application and manually approve after review.


(Simon Cossar) #5

Hmm, to be safe you need to be certain that the email address belongs to the user. At this point the wp-discourse plugin only fully supports SSO when the default WordPress registration is used. The problem is that WordPress doesn’t verify the user’s email address and Discourse relies on having a verified email address. There are two people asking about this right now, so I will add some documentation right away.


(Steven Greco) #6

I have no issue with using it just i cant seem to get it to work.


(Simon Cossar) #7

I’d like to test this, but the userpro plugin is $29.

I think it might be better to deal with cases where the email can’t be verified by requiring activation on the Discourse site. I’ll try doing something with that later today.


(Steven Greco) #8

i am going to set this up in my dev enviornment and see what i can do as well. will let you know if i figure anything out.


(Simon Cossar) #9

You could try taking a look to see if the userpro plugin is overriding the wp_new_user_notification function. It would probably start with something like this:

if ( ! function_exists( 'wp_new_user_notification' ) )

If it is doing this and it applies a filter to the message that is sent to a new user, it could be possible to override the message and send it in the form we need to verify the email.

Another thing to check is if the userpro plugin is adding an action to wp_login.

I’m working on a general solution for this that will require activation on Discourse for cases where the email address can’t be verified on WordPress. It seems like it should work quite well.


(Simon Cossar) #10

Here’s a simple fix. If the email address can’t be verified by WordPress it requires that the email address is verified by Discourse. The login.activate_email text can be edited on Discourse so that the user understands what is going on.

It is still possible to customize the email verification process in the wp-discourse plugin so that it will work with various plugins, but this is a general fix that will hopefully be good enough for most cases. I’ll test this a bit more over the next couple of days.


(Steven Greco) #11

Great. Thanks for the quick update and will give this a go.