WP and Discourse not in sync using SSO


(James Cook) #1

I’ve been playing around with the WP plugin and SSO this evening but it’s not as great as I’d hoped. I’m hoping I’m doing something wrong as there are a few things I’ve noticed which are less than ideal.

  1. When I log out of Discourse, it redirects me to Wordpress where I am still logged in
  2. If I log out of Wordpress, my Discourse account stays logged in until I click Log out.
  3. Human verification check appears to be ignored when accessing Wordpress login page from Discourse Login link. (However I’ve not investigated this and it may be an issue with my Wordpress setup)
  4. If I log in on Wordpress and click a link to Discourse, I still have to click the ‘Login’ button on Discourse to be logged in (unless I click a link with session/sso at the end, obviously). For me, Discourse should recognise I’m logged in automatically.

From my understanding the two should stay in sync. This doesn’t appear to be happening. Has anyone else encountered these issues?

This post appears to be talking about a similar thing, albeit it in a custom implementation of SSO, not the WP plugin. It’s my assumption that these issues would have been ironed out by now, but maybe not?


2 questions about WP Discourse
SSO using WP-discourse plugin
(Simon Cossar) #2

If you add the path http://your-blog.com/?request=logout to the ‘logout redirect’ setting in Discourse logging out from Discourse will log you out from WordPress. I’ll add that to the documentation.

Yes, that’s the way it works. But to me it seems that logging out of WordPress should also log you out of Discourse.

Can you check that out some more? Is there a plugin that you are using for this? I’d like to try it out.

This should only be the case if the setting ‘Redirect Without Login’ is enabled on WordPress. Otherwise, you should be logged in automatically.


2 questions about WP Discourse
(Simon Cossar) #3

Here is a fix for that.


(James Cook) #4

Apparently it was the Jetpack ‘prove your humanity’ math question that I encountered. As I was using a password manager it automatically filled in my login details and hit submit without answering the question. However it still logged me in without error. This will need investigating.

I don’t have this box checked and it’s only for the comment link anyway. My issue is when i have a custom link to my forum. I have got round this by using a plugin that lets me change the menu links depending on whether somebody is logged in or not.

The reason I want this is because I don’t want to force people to login just to read the forum. So if somebody is not logged in they go to the forum as normal, if they are logged in I change my menu link to include /session/sso.

This is the best solution for now I’m assuming but would be great to get this included as an option in the Discourse plugin so I don’t have to mess around with menu links. I would do it myself but I’m quite a PHP noob and don’t have a Wordpress dev setup currently.


(James Cook) #5

@Simon_Cossar I’d like to change the text ‘Notable Replies’ to simply ‘Comments’ on my page.

What is the best way to do this in your opinion? I’ve seen suggestions of using i18n plugins to change the text but is this really the correct way of doing it?

I want to try and get up to speed with Wordpress/PHP development so don’t mind giving it a shot if you can point me in the right direction. I’m thinking add fields in the plugin options to allow people to input their own heading. What do you think?

Thanks for all your help so far!


(James Cook) #6

For anyone that finds this through search looking for the same thing, I achieved this by using Say What? plugin. Remember to add the ‘wp-discourse’ text domain when using the plugin.


(James Cook) #7

Just replying to myself again.

I took the time to read up on how filters work in the code that allows you to hook in and change what the plugin outputs.

For anyone wanting to change the markup that the plugin returns please take a look at this article. It explains the concept of filters and how they work in Wordpress. This will allow you to place a function in your child theme’s functions.php file to modify or completely swap out any content that is being passed through a filter, something which the wp-discourse plugin takes full advantage of.

You can see an example of that in the wp-discourse code on github.


(Simon Cossar) #8

I’ve made a shortcode plugin that extends the wp-discourse plugin for making links back to the Discourse forum that log in the user. It will also make links that start a topic on the forum. I’ll publish it soon.


(James Cook) #9

@Simon_Cossar have you published this plugin yet? Thanks


(Nicolas Sebastiani) #10

Hey there, I see @Simon_Cossar proposed a fix to get Discourse and WP logins in sync, but it looks like the fix has been dropped because it wasn’t working.

And my discourse and WP are not in sync when I logout from either one of the installation.

So is this issue fixed and I missed something in the config or is it still an ongoing thing.

Thanks

Edit

Ok, I think I spoke too soon and need to be more specific on the issue.

I guess the synchronization is kinda of working, but not as I expect it.

If a user is logged in WP and then clicks on a discourse link, (from the main WP site) he won’t be automatically logged in. So I assume I have to force the current users credential in the URL to make sure he gets logged in on the discourse site. If so, how should I be doing this? Do I need to add a query string payload to each discourse links when a user is logged in (seems to be counter intuitive)? I need to point out that if I click on the discourse log in button the credential are automatically passed on, so it’s not that annoying but still, not automatically synced. How can I support that?

I a user logs out of discourse, he is not automatically logged out of WP. This should be synced to WP IMO. Is this currently supported?

This just happened, so it might not be related to the current issue. If I log in from WP and then try to access discourse… It seems I get a server error

500 Internal Server Error
If you are the administrator of this website, then please read this web application's log file and/or the web server's log file to find out what went wrong.

the logs

Started GET "/" for xxx.xxx.xxx.xxx at 2017-03-09 19:57:06 +0000
ActionController::RoutingError (No route matches [GET] "/")
/var/www/discourse/vendor/bundle/ruby/2.3.0/gems/actionpack-4.2.7.1/lib/action_dispatch/middleware/debug_exceptions.rb:21:in `call'
Processing by ExceptionsController#not_found as HTML
 Rendered exceptions/not_found.html.erb within layouts/application (4.8ms)
Completed 500 Internal Server Error in 43ms (ActiveRecord: 12.4ms)

The server recovered in about 1-2 minutes.


(Simon Cossar) #11

Are you using WordPress as the SSO provider for Discourse? If that is the case, when you logout of WordPress, you should be also logged out of Discourse.

If you would also like to have it so that when you log out of Discourse, you will be logged out of WordPress, you need to add a URL to the ‘logout redirect’ setting on your Discourse installation. The URL should be set to example.com/?request=logout

This needs to be better documented.

Can you double check that logging out of WordPress is not logging the user out of Discourse? I haven’t heard of any problems with this since it was implemented. It works correctly on both my development and production sites.


(Nicolas Sebastiani) #12

You are right, it does log out of discourse if I log out of WP. I edited my comment when I realized that.

about the logout redirect setting, I didn’t find it at first because it was on the user tab and not grouped with the other SSO settings. It was a reason for me believing the patch wasn’t implemented yet! sorry about that.

But I still have the issue of when I am currently logged in WP, and I click on a discourse link, I am not automatically logged in (if I didn’t use the log in button from discourse that uses redirects and transports the SSO payload from one installation to the other. Is this achievable?


(Simon Cossar) #13

This should only be the case if you have this setting enabled:

If it’s not enabled, clicking on the Discourse link should be logging you into Discourse.


(Nicolas Sebastiani) #14

Ok, I think I get a better understanding now. Thanks for helping me out.

It did work with the generated link under a WP post. But it wasn’t working for a custom link I added because I was sending the click right to the home page of the forum instead of the sso session handler exemple.com/session/sso?return_path=exemple.com.

This link was on my WP main menu, and I want current users to be automatically logged in if they have an account but I want first time visitors and not logged in user to still be able to access the forums without being redirected to the login page.

I guess I’m going to have to write up a bit of code to make that happen.

If you know of a way of doing that with a current setting, let me know.

In any case, thanks again for helping me better understand this.

cheers :beers:


(Simon Cossar) #15

You can create custom login links. Inspect one of the links that are created by the plugin to see how.


(Nicolas Sebastiani) #16

Excellent, I’ll start working on that… Thanks for your time

Edit

I thought I’d share this, it saved me a ton of time.

I managed to show one menu item containing the discourse SSO handler link to logged in users and another menu item containing the direct link for visitors by using the If Menu plugin.

It seems to work pretty well, I just needed to add a custom condition using the available filter.

here’s the new custom condition snippet

// Modify the If Menu plugin by adding conditions
add_filter( 'if_menu_conditions', 'spb_add_if_menu_conditions' );
function spb_add_if_menu_conditions( $conditions ) {
  $conditions[] = [
    'name'    =>  'User is not logged in',
    'condition' =>  function() {
      if( !is_user_logged_in() ) return true;
     },
    'group' => 'User state & roles',
  ];

  return $conditions;

}

Simple and neat!