Closed malinajirka closed 2 years ago
@malinajirka, I think this could use a design review from Garance and Adam. Initially, we had screens like this where the error message was displayed before the site url edittext. But later changed that to be on a separate screen with specific actions for the user to do in order to fix that issue. This improved the login flow a bit and I wonder if we want to do something similar here 😅
@anitaa1990 I was thinking about it when I saw the "Jetpack not connected/Not a wordpress site" errors. However, I won't be able to improve the designs during this hackweek. Imho showing at least some msg to the users is still better than showing a completely unrelated message(eg. jetpack not connected instead of xmlrpc error). We could improve the designs during the next hackweek, wdyt?
@anitaa1990 I was thinking about it when I saw the "Jetpack not connected/Not a wordpress site" errors. However, I won't be able to improve the designs during this hackweek. Imho showing at least some msg to the users is still better than showing a completely unrelated message(eg. jetpack not connected instead of xmlrpc error). We could improve the designs during the next hackweek, wdyt?
That makes sense! Thanks @malinajirka!
I'll be afk next week - please feel free to fix issues found during the review but also feel free to leave it up to me when I get back. Thanks 🙇
I think this could use a design review from Garance and Adam.
FWIW, I asked them to review the iOS designs in https://github.com/woocommerce/woocommerce-ios/pull/3957#issuecomment-819829489 and Garance was fine with it. 🙂 On iOS, those designs are also embedded tightly in WPAuth, and changing them might affect WP so it's quite risky to change them.
I am so sorry for the delay in response here! I fully expected to get to this earlier after being at a team meetup last week and I should have communicated better.
@malinajirka! This is brilliant! I tested with the sites from FluxC's testing properties and got all the expected errors in all the right places. I tested several normal login flows and didn't find any regressions. I also tried testing using the following plugins to disable XML-RPC and got a couple interesting results. I saw that https://github.com/woocommerce/woocommerce-android/pull/4799 did get merged and I don't think these are blocking but they might be worth looking into depending on whether we continue to see user feedback about getting blocked on sign-in with a perceived wrong error message. The only one that might be worth looking into sooner than later is the case where I got an error about the site not being a WordPress site when it is a WordPress site because that case does come up in app reviews from time to time.
I saw a fullscreen error about XML-RPC after activating this plugin and attempting to log in using the store address > site credentials flow. If I instead selected the store address > Wordpress.com login option, then I was able to log in no problem.
When I tried to use the store address > site credentials flow to log in while this plugin is enabled, the error incorrectly tells me that the site at my address is not a valid WordPress site.
I was able to log in normally using the store address > site credentials flow with those two. 👍
Tested with WCAndroid pr-4799-build-49185 via this generated APK on Pixel 3 Android 11 trying to log in with store credentials on site strong-huntsman.jurassic.ninja running WordPress 5.8.1, Jetpack 10.1, WooCommerce 5.7.1.
Thanks so much for the thorough testing @designsimply! ;)
https://wordpress.org/plugins/disable-xml-rpc/ I saw a fullscreen error about XML-RPC after activating this plugin and attempting to log in using the store address > site credentials flow. If I instead selected the store address > Wordpress.com login option, then I was able to log in no problem.
This is imo expected - the plugin by default whitelists connection from Jetpack's IP address. In other words it disables xmlrpc for all connections expect of Jetpack connection. When you try to login using using self-hosted credentials with xmlrpc dissbled the app can't communicate with the site. However, if you login using .com credentials - jetpack is able to communicate with the site's xmlrpc since it's whitelisted.
https://wordpress.org/plugins/disable-xml-rpc-api/ When I tried to use the store address > site credentials flow to log in while this plugin is enabled, the error incorrectly tells me that the site at my address is not a valid WordPress site.
It seems the code which wrongly assumes the site is not a wordpress site has been there since 2016. AFAICT the app is looking for a RSD link to get xmlrpc url of the site - if that link is not available on the homepage it considers the site as a non-wordpress site. My guess is that the disable-xml-rpc
plugin removes this link and the app stops considering it as a wordpress site. I've created a workaround in this PR which skips the xmlrpc check if jetpack responds with "connected and active". That should fix this issue.
Fixes https://github.com/woocommerce/woocommerce-android/issues/3767
WCAndroid PR here
This PR fixes WCAndroid app which is showing "Jetpack not connected" screen even when Jetpack is connected. This is caused by a bug on the api -
isJetpackConnected
returnsfalse
when xml-rpc is disabled.This PR fixes this issue by always running "xml-rpc discovery" in the SiteAddress login flow. This will have some performance impact, since we'll need to run an extra request, but should significantly help with login issues as the error messages contain specific instructions.
Some more details on p91TBi-5Y9-p2
Heads-up: I'm not too familiar with the login flows and I might be missing something, so please review this PR carefully. Thanks ;).
To test:
I tested
http auth
dialog and accepts only valid credentials -> but/v1.1/connect/site-info/
returns "jetpack not connected" even though jetpack is connected (Ticket here)cc @designsimply I'm not too familiar with the login flow and this change feels a bit risky. Could you perhaps find someone who could thoroughly test this to limit the chance we'll need to work on time-critical beta fixes? Thank you!
P.S. I plan to log the remaining issues
when this PR is merged. In case we'd find some more errors or someone would have an idea for an easy fix.