Premium WordPress Integration

clarkwinkelmann · Aug 8, 2020

[deleted] yes I'm aware of that. The problem is that the session time is currently not easily customized in Flarum, so I want to wait until the session refactor I'm working on in Flarum to implement the feature better in the Wordpress integration.

I might be able to implement a customizable session duration that's customizable in the extension settings though, and you could manually match that with Wordpress. But all of this will break with the planned changes in core so I will really try to get those changes in beta 14 first, then adapt the Wordpress extension.

[deleted] To log back in to flarum, I have to logout of WordPress then back in again

That's actually one of the few integration issues with WP-Members I couldn't fix. When using wp-login.php, if you're logged in Wordpress but logged out of Flarum, clicking login will open a modal that will immediately close and connect you with the current Wordpress account. Unfortunately I found no way of making that work with WP-Members so you end up in this situation where logging out is required in order to show the login form again.

[deleted] · Aug 8, 2020

clarkwinkelmann thanks. Any ideas what the session lifetime is in flarum currently ? I could fairly easily make WordPress match that as a workaround

clarkwinkelmann · Aug 8, 2020

[deleted] I'll need to do some research to find the actual values, but I know the issue is complex because there are multiple lifetimes:

There is the access token lifetime which currently only has an impact on remember_me sessions. The lifetime is 5 years. The Wordpress extension uses 5 year remember_me access tokens as well for the cross-site login
There's the remember_me cookie lifetime, which should automatically match the access token's lifetime
There's the flarum_session cookie lifetime for the active session, I'm not sure where it's configured
There's the PHP/Symfony's session lifetime, which has a value configured somewhere in the Laravel app's config array. I think it can be customized from config.php or extend.php but I can't find the thread where this was discussed. I think the cookie session also matches with that value

I think there's a consistency issue when logging in from Flarum to Wordpress vs Wordpress to Flarum because the remember_me cookie is not actually set when connecting from Flarum.

I'll try to get the behavior consistent and ideally, customizable.

I will try to get away from using the remember_me cookie and instead use my own cookie, that way I can avoid all Flarum sessions becoming remember_me sessions when connecting from Wordpress.

[deleted] · Aug 8, 2020

clarkwinkelmann thanks very much. Sounds promising. Not an immediate slow stopper but my forum is staying to gain serious traction with tens of new signups in the past few days alone, so I know it won't be long before someone mentions this

JJinJiaoHuan · Sep 9, 2020

After installing the plugin cannot post anything and shows POST api/discussions 500 error.

clarkwinkelmann · Sep 9, 2020

JinJiaoHuan please follow https://kilowhat.net/flarum/extensions/wordpress#troubleshooting and send me the full error message from the logs, preferably via the provided support email or Discord, or here if you don't mind posting your logs and forum info publicly.

hrvoje_hr · Sep 16, 2020

Does anyone else have bad results with posting times on Wordpress synced discussions?

On regular Flarum discussions posting time is instant, but on WP synced discussions posting times wait are anywhere from 3-10 seconds.

clarkwinkelmann · Sep 16, 2020

hrvoje_hr there is an extra behind the scene request to WordPress on each new post as well as post hide/restore (to update comment count)

Those requests are made in queueable jobs. If you install the redis queue extension, those should start running on their own without slowing Flarum requests. This is still a bit experimental and not covered by the documentation because I've not had an opportunity to test that on a production forum myself yet.

FebriTriHarmoko · Sep 30, 2020

Nice work, finally

andreherberth · Oct 1, 2020

clarkwinkelmann I might be an idiot for even suggesting it,
But maybe the comment sync should happen from the wordpress end? With the possibility to turn it on/off, and maybe tie into https://developer.wordpress.org/plugins/cron/scheduling-wp-cron-events/ with a configurable timer for those that want it to not happen on every post visit.

If the comment sync have a API endpoint at the forum side, it would make it fairly easy for the end user to create a wp plugin to override sync?

This might also make it easier if you ever decide to implement support for several wordpress sites. (I would use this plugin if that ever happens).

clarkwinkelmann · Oct 1, 2020

andreherberth thanks for the suggestions!

I have made the choice to delegate most of the logic on the Flarum side because it's the stack I'm most comfortable with and I have access to all the libraries from Packagist there to make the code easier to maintain.

The plan regarding comment count synchronization is to make the queued sync an official feature (as described above, it already works but isn't documented). If some high traffic website requires it, I could also move this to a CRON job to reduce the number of API requests to Wordpress. But I would most likely make the CRON on Flarum side.

Do you have an example of something the owner might want to change during the comment count synchronization?

I also plan to make some changes to the API between Wordpress and Flarum, because the current solution has the side effect of editing the Wordpress post update time whenever the comment count change. This will go in a larger rewrite where I lock down the API between the two to prevent a compromised key to be able to perform other actions via the API.

Regarding supporting multiple Wordpress websites, I haven't ruled that feature out. But I'm not sure there's enough demand at this time to justify adding the feature.

Amarok · Oct 9, 2020

Hey,

I had a little problem if I want to use reCaptcha in wordpress when I want to login. This message appear :

{"success":false,"data":[{"code":"http_request_failed","message":"Too many redirects"}]}

Wordpress plugin in use to do this : Advanced noCaptcha & invisible Captcha
And another to customize the login page : GS Custom Login Lite

Maybe it can help. But without the Advanced noCaptch all work fine.

sorry for my bad english :S

clarkwinkelmann · Oct 9, 2020

Amarok hi! Could you try temporarily disabling the single sign on of this extension by going to Wordpress settings > General > Enable SSO integration and turning it off?

Then you can try connecting again and see whether the error still happens. If it continues to happen, then it's likely not related to my extension. But if it only happens when "Enable SSO integration" is turned on, I'll investigate to see what might be causing the incompatibility.

Unfortunately Wordpress doesn't have a proper log file so I think we have no way to know which URL is being caught in a redirect loop unless looking at the webserver access logs if they exist.

Could you share links to the Wordpress plugins you are using? That way I can test with the exact same plugins on my test website.

Amarok · Oct 10, 2020

clarkwinkelmann Hi.
It's appear it was an Edge Navigator problem... and coockies. Deleted all of them and all work perfectly with SSO turning on.

Sorry for the sorry for the inconvenience :S

clarkwinkelmann · Oct 10, 2020

Amarok no inconvenience, I'm here to help

That seemed an odd error to be caused by a specific browser since the error appears to be related to a background request made by the server itself. But glad to hear it's solved!

clarkwinkelmann · Oct 12, 2020

I am aware of an issue regarding cookies when my extension is used in a cross-origin context. Using the extension in such a context has so far been unsupported (see requirements in documentation), but it was mostly working.

Up until recently, only global login would be unavailable on cross-origin, but connecting and disconnecting from Flarum side would work.

Now with Chrome defaulting cookies to SameSite=Lax, cross-origin iframes can no longer access Flarum session cookies, which means the iframe comments has effectively become read-only and it's impossible to connect or interact with Flarum inside of it.

The upcoming Flarum beta 14 will also mark Flarum cookies explicitely as SameSite=Lax, which means this behavior will be experienced across all browsers.

As I said this should only affect users that were using my extension in an already unsupported manner. But if you are affected and have suggestions regarding the handling of cookies, feedback is welcome.

I could offer an option to force Flarum cookies to use SameSite=None, but that seems counter-productive for security. Especially since my extension still wouldn't fully support global login for such setups.

My recommendation continues to be to only use this extension for contexts where Wordpress and Flarum share a common origin.

hrvoje_hr · Oct 21, 2020

@clarkwinkelmann is it safe to upgrade Flarum to 0.14?

clarkwinkelmann · Oct 21, 2020

hrvoje_hr no, the extension is currently incompatible with Flarum beta 14. The constraints will prevent you from upgrading.

An update was prepared a few weeks ago I just need to test it against the final beta 14 release. It will be released within a week.

codemotion · Oct 25, 2020

Is it able to import existing WordPress comments? I'm thinking about to migrate from existing comments to the plugin one.

clarkwinkelmann · Oct 25, 2020

codemotion not yet, but this might be coming in a future update.

In the meantime it's still possible to manually import them, but that does require a fair amount of manual work.