Get Discourse to recognize accounts verified in Wordpress (and WooCommerce) for SSO

jord8on · January 2, 2020, 6:51am

Continuing the discussion from How to turn off Discourse email verification?:

Discourse is not recognizing our verified accounts. Here’s some context around our current site setup:

I’m using the WP Discourse Plugin with WP as SSO Provider

Current SSO Settings <img>

I’m currently using WooCommerce (WC) to manage new user registrations, here: https://pickleballist.com/my-account

I’m using a plugin called Booster for WC, which adds additional functionality to WC, including the ability to require email verification before a user can access their account.

Plugin Options <img>

Verification Email received <img>

After the user clicks the link in their Account Activation email, they are taken to their /my-account/ page, in Wordpress. If a person tries to login with their registration credentials without clicking the verification link, they are told that their account first needs to be verified, and they get a link they can click to “resend verification email”

If you visit the “Users” page in the Admin console, you can easily see whose accounts have been verified and which ones have not.

User Accounts with Verification depiction <img>

Unfortunately, after this user has verified their email and then tries to visit our forums over at https://forums.pickleballist.com, they are not automagically logged in. But the worst part is that when they click the “Login” button on the forums, they are required to check their email and click the Discourse “Confirm your new account” email link.

Is there a way to get Discourse to check who is actually verified based on the metadata that is being received from WooCommerce?

I’m guessing this “Email Verification Module” is not touching wp_new_user_notification or else Discourse would see that, right? Can we have Discourse look for some other hook?

Looking forward to any insight here!

jord8on · January 2, 2020, 5:36pm

@simon I just noticed your comment here:

Would using that ︎ code snippet be the solution to what I’m trying to accomplish?

simon · January 2, 2020, 6:12pm

As long as the Booster for WC plugin prevents users from being able to login to WordPress before they have verified their email address, that code will be safe to use. When added to your theme, or to a plugin, it will allow users to login to your Discourse site without having to re-verify their email address.

This would also be possible. If you know the name of the metadata key that is being set by Woocommerce and the expected return value for users with verified email addresses, you could add a check for that to the function. Something like this:

add_filter( 'discourse_email_verification', 'wpdc_custom_discourse_email_verification', 10, 2 );
function wpdc_custom_discourse_email_verification( $require_activation, $user_id ) {
    if ( 1 === get_user_meta( $user_id, 'wc_metadata_key', true ) ) {
        $require_activation = false;
    }

    return $require_activation;
}

If you are running into any SSO login redirect issues with Woocommerce, you may need to install this plugin on your site: https://github.com/scossar/wp-discourse-woocommerce-support. Have a look at the plugin’s readme for details about what it does.

jord8on · January 3, 2020, 11:14pm

That code did the trick! Users now only have to click the WP generated verification link. Thank you!

I just added this but when the user clicks the WP generated Verification link, it just takes them to their /my-account page in WP, after they verify. It doesn’t take them back to the Discourse forums. What is the expected behavior here?

simon · January 3, 2020, 11:42pm

I think the verification link is being generated by the Booster for WC plugin. If this is the case, then it’s not something that I’ve tested. The issue that the wp-discourse-woocommerce-support plugin is meant to solve is overriding a login redirect that is set by Woocommerce on every login attempt. I haven’t tested it with Woocommerce recently, but in the past when Woocommerce is installed on a site it prevented non-logged in users from being redirected to Discourse when they attempt to login through WordPress.

The expected bahaviour is that when a user who isn’t logged into WordPress clicks either the login button on Discourse, or an SSO login link that’s been generated below a post that’s been published to Discourse, the user will be taken through the WordPress login process and then redirected to the correct Discourse URL. Let me know if this isn’t working correctly for users who have verified their email address.

It may be possible to get this to work with the verification link your users are clicking, but I think that’s a seperate issue.

system · February 11, 2020, 9:09am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auto activated accounts for WP Discourse SSO? wordpress	11	1576	June 20, 2018
Does a social login WP plugin address Discourse expectation for email verification? (with WP as SSO provider) wordpress	3	1530	October 1, 2018
Redirect to Discourse page after logging in to Wordpress as SSO Provider (via WooCommerce) wordpress	2	1458	November 4, 2020
How to prevent some WP users from being able to login to Discourse wordpress	8	2702	December 19, 2018
Disable account activation email with SSO wordpress	16	2742	June 7, 2018

Get Discourse to recognize accounts verified in Wordpress (and WooCommerce) for SSO

Related Topics