YahnisElsts / plugin-update-checker

A custom update checker for WordPress plugins. Useful if you don't want to host your project in the official WP repository, but would still like it to support automatic updates. Despite the name, it also works with themes.
MIT License
2.26k stars 411 forks source link

License management #222

Open YahnisElsts opened 6 years ago

YahnisElsts commented 6 years ago

One of the more common questions I get is "how do I ensure that only users who have a valid license can download updates?". This includes tasks like asking the user to enter a license key, sending keys to the update server, validating keys, showing license errors to users, and so on.

Currently, the update checker doesn't do any of those things. I'm considering implementing some license management features, possibly as a separate component that you can include only when your plugin or theme needs it. If this is something that you're interested in, please post your ideas and feedback below.

Here are some questions to get you started:

I'm planning to leave this issue open for a good while to collect feedback and gauge interest.

DavidAnderson684 commented 6 years ago

I'm using your library in combination with my own (public/free) plugin to provide licences and updates, and have been for around 5 years: https://wordpress.org/plugins/simba-plugin-updates-manager/ . On the client side, there's an easy-to-use library: https://github.com/DavidAnderson684/simba-plugin-manager-updater (uses an email/password pair for veriifcation). Those two are shop-agnostic. I sell using WooCommerce. The licences are issued by a connector plugin which joins the two together: https://www.simbahosting.co.uk/s3/product/plugin-updates-licensing-and-renewals-manager-woocommerce-connector/

HowDoes commented 6 years ago

An all in one solution to sell plugins or themes would be great. Getting updates from github or bitbucket, possibility to check for a valid license, and send updates. And if there was a way to automatically generate licenses from woocommerce (or other shop systems) sales, even better.

wowthemesnet commented 5 years ago

What are you using to issue licenses, if anything? My product licenses are dynamically generated by FastSpring when an order is complete.

Does it have an API? Yes

What are you using to provide updates, if anything? An older solution.

Does it know how to check if a license is valid? No

What kind of information do you need to verify a license? Just a simple alphanumeric key, or a username/password pair, or something more complicated? Alphanumeric key

How does the user enter the license key? Or, if you haven't implemented that yet, how would you like it to work? The user would have to enter the theme's license key in WP Dashboard. Then checks for response on a script on my end which verifies if license is valid. Turns back: valid, invalid, expired etc. If valid, allow updates.

Why not use something like Envato, Freemius or Easy Digital Downloads? I sell in my own store only. Also, my shop is not on WordPress.

gaupoit commented 4 years ago

What are you using to issue licenses, if anything? We are using SendOwl to issue licenses when the order completed. The user will enter the license in the plugin and check with our built-in license server.

Does it have an API? Yes, they have the API to check whether the license is valid with the specific order ID.

What are you using to provide updates, if anything? We deployed your wp-update-server(https://github.com/YahnisElsts/wp-update-server) to AWS LAMBDA. When the plugin sends the update request, it will check whether the license is still valid. Otherwise, it will block the update.

Does it know how to check if a license is valid? Yes, it does.

What kind of information do you need to verify a license? Just a simple alphanumeric key, or a username/password pair, or something more complicated? Alphanumeric key

How does the user enter the license key? Or, if you haven't implemented that yet, how would you like it to work? The user will enter in WP dashboard.

Why not use something like Envato, Freemius or Easy Digital Downloads? One of my favorites is Freemius. However, we built our own on then we can add extra features such as deploy partially. It means once released only 20% of users can receive the updates.

mcnaveen commented 3 years ago

What are you using to issue licenses, if anything? I'm using Automation software like Zapier to do that. Once the order is complete it sends the License Key to the Purchased Email Inbox.

Does it have an API? No

What are you using to provide updates, if anything? I'm using GitLab

Does it know how to check if a license is valid? I built a Complete API System.

Here is how it works:

What kind of information do you need to verify a license? Just a simple alphanumeric key, or a username/password pair, or something more complicated?

How does the user enter the license key? Or, if you haven't implemented that yet, how would you like it to work? Inside Plugin Settings in WordPress Dashboard (Explained all the steps above)

Why not use something like Envato, Freemius, or Easy Digital Downloads? Because I want to make it on my own with all controls

Hope I covered everything @YahnisElsts

ddur commented 2 years ago

@YahnisElsts Hi, I'm working on WP plugin using your update server.

When update server and plugin (with update checker) are on same WP site, cannot get ?action=download working (503 Service unavailable) Any idea?

Thanks.

YahnisElsts commented 2 years ago

@ddur: That sounds unrelated to the topic of this issue; please make a new issue instead.

ddur commented 2 years ago

Thanks #489

ddur commented 2 years ago

@YahnisElsts

What are you using to issue licenses, if anything? WordPress built-in Application Passwords

What are you using to provide updates, if anything? https://github.com/YahnisElsts/wp-update-server

Does it know how to check if a license is valid? Yes, I taught him how to do it. :)

What kind of information do you need to verify a license? Just a simple alphanumeric key, or a username/password pair, or something more complicated? host-name/password

How does the user enter the license key? Or, if you haven't implemented that yet, how would you like it to work? User registers & login into server. In it's own user profile creates Application Password (since WP5.6) using host-name as application name. Copy generated password and paste it into dedicated field on plugin settings page.

Why not use something like Envato, Freemius or Easy Digital Downloads?

EDD: does not emulate WP.org server and cant provide automatic update Fremius: requires WP.org server (BTW currently it is not accepted there). Envato: Don't know, didn't check, not interested depending on commercial (or other peoples) repositories and rules. AFAIK Envato is only for commercial plugins?

ddur commented 2 years ago

Hi @YahnisElsts &all

You may try (and comment) implementation of license management using WordPress (>=5.6) Application Passwords live in action.

Warp iMagick WordPress plugin is just published with update support by License Managed Update Server based on Yahnis Update Server. Thank You!

YahnisElsts commented 2 years ago

@ddur: Thanks, I'll take a look later,

slimanehma commented 1 year ago

Hi @YahnisElsts Does update checker still not support licenses Search can't download updates unless it's allowed? I have a suggestion for this Is it possible to add domain names that are allowed to be updated so that the domain is checked before updating if it is allowed to install updates?

YahnisElsts commented 1 year ago

@slimanehma: No, there's still no built-in support for licenses. While there has been some demand for it, it doesn't like a hugely popular or time-sensitive feature, so I haven't prioritized it so far.

jaybuys commented 1 year ago

I use Software License Manager to do some simple license key management, and it works well enough. I'd love to have some hooks in PluginUpdateChecker that I could use to display messages like "There is a new version available, but you need an active license key," etc. Just something simple to display info and prevent unlicensed users from getting updates. Right now, I'm just wrapping the PluginUpdateChecker code in a conditional so that it won't execute if no license key is present, but it'd be nicer to have it inform the user that an update is available if they obtain a license.

Overall this is an excellent library. Thank you @YahnisElsts for creating such a valuable tool.

YahnisElsts commented 1 year ago

The actual update message is displayed by WordPress core, not this update checker, so it's not straightforward to add new hooks for that. It would really depend on what hooks WordPress itself offers for this purpose.

jaybuys commented 1 year ago

The actual update message is displayed by WordPress core, not this update checker, so it's not straightforward to add new hooks for that. It would really depend on what hooks WordPress itself offers for this purpose.

Thanks. I'll do some digging into the WordPress hooks. Keep up the great work!

DavidAnderson684 commented 1 year ago

Here's an example of code that pulls (added) properties out of the returned response in order to display dashboard messages: https://github.com/DavidAnderson684/simba-plugin-manager-updater/blob/0c60c166db9a553c567207133a5644c3f55356ed/class-udm-updater.php#L314

Hummelpups commented 1 year ago

Is there a way to just add a new request field to the actual download request? I found that the first filter just adds the licence key to the get_metadata action but there seem to be no filter for adding headers to the actual download request:

$myUpdateChecker->addQueryArgFilter(); $myUpdateChecker->addHttpRequestArgFilter();

i want the get_metadata to be called publicly but the licence should be included in the actual download. With some kind of API or filter on the server-side one could easily extend the requestHandler to check for valid licences and return the download or an error.

YahnisElsts commented 1 year ago

You can use one of the following filters to change the metadata and modify the download URL:

The first two filters only apply to plugins, while the last one also works for themes.

Each of the filters receives one argument which is a metadata object. The available properties can vary depending on whether its for a plugin or theme, but the download URL is always in $metadata->download_url. You can modify that property before you return the object.

Hummelpups commented 1 year ago

Works, first try. Thank you very much! The code for reference:

Theme Client Side: $myUpdateChecker->addFilter('pre_inject_update', function($metadata){ $metadata->download_url = $metadata->download_url . (get_theme_mod( 'licence_key') != "" ? "&licence=" . urlencode(get_theme_mod( 'licence_key')) : ""); return $metadata; });

YahnisElsts commented 1 year ago

Just a minor note: since the URL will be used to send an HTTP request (instead of simply being modified for display purposes), it's probably better to use urlencode or add_query_arg there, not htmlspecialchars.

manu225 commented 6 months ago

What are you using to issue licenses, if anything? License manager for Woocommerce

Does it have an API? Yes REST API

What are you using to provide updates, if anything? A custom PHP script that check the license before allowing to download the ZIP of the plugin

Does it know how to check if a license is valid? Yes with custom functions given by License manager for Woocommerce

What kind of information do you need to verify a license? Just a simple alphanumeric key, or a username/password pair, or something more complicated? Alphanumeric key generated by License manager for Woocommerce and the domain binded to the license key to avoid multiple use of it (need to add the referer in request. See here)

How does the user enter the license key? Or, if you haven't implemented that yet, how would you like it to work? Custom settings page in my plugin.

Why not use something like Envato, Freemius or Easy Digital Downloads? I think it's more interesting for me to have my own store.