clef / clef-wordpress Goto Github PK
View Code? Open in Web Editor NEWThe official Clef plugin for WordPress.
Home Page: http://wordpress.org/plugins/wpclef
The official Clef plugin for WordPress.
Home Page: http://wordpress.org/plugins/wpclef
Right now, I don't think that the little pointer to the Settings tab is enough direction for an easy setup experience. We should do a window on the dashboard that you can setup Clef from.
We need to be able to localize the Clef button to any language (that's been added).
http://wordpress.org/support/topic/localize-the-login-button
I run my own blog and I would love for Clef to be the default login choice when I attempt to login to wp-admin/
.
What do you think about adding a new option to make Clef the default and have a link at the bottom of the page to show the regular WP login?
Right now, Clef can be installed on multisite, but every site needs to be setup individually with it's own Clef application — this is not the way it should be.
This may need serious involvement from Clef to make it work, which we'll be happy to do!
We've seen a fair amount of issues with verifying the Clef SSL certificate on user hosts where the machine SSL certs are out of date.
We should include the Clef SSL certificate and pin it for all Clef API request — this adds the increased security of a pinned SLL cert and addresses the bad verify issue.
It's a secret, so the input type should be "password" :P
Right now, the plugin is a mess. To accommodate easier development (and general developer happiness), we need to reorganize the repository into some sort of standard structure.
I'm thinking that we should base it off of MP6's structure, seeing as that's the new standard for core development.
If you hide the login URL using the "Hide Backend" option in Better WP Security Plugin, the override URL no longer works.
If you're using a different email on Clef than your Wordpress account, when you disable passwords, you're redirected to the Users page to connect your Clef account.
After you've done so, you aren't redirected back to Settings to actually save the fact that you want to disable passwords.
It would be nice to mitigate this confusion by redirecting back to Settings automatically (or just disabling passwords automatically) after the user has connected with Clef when they were trying to disable passwords.
I'm putting a $100 bounty on anyone can figure out this bug. Payable via cash (or Bitcoin or Dogecoin or any object of comparable value) for any information that leads to solving this issue.
Of late, we've seen an uptick in users setting Clef applications up through the [getclef.com/developer](developer site). This process sucks — that's why we built the easy WordPress setup wizard, which basically does everything for you (and connects your account). This leads to confusion and more often than not misconfiguration.
At first, we though this was just chance, but then last night someone wrote a blog post that clearly shows the setup wizard not showing up.
This is the failure case:
It should look more like this:
Possible clues:
Relevant pieces of code:
If you want to help with the bug hunt, I'll be hanging out in our support room all day trying to figure this out.
Yeah...we need tests ASAP.
It's a little confusing that
We should be highlighting this at the end of the onboarding and on the Settings page in general, since it's a pretty big advantage of using Clef.
Could you svn-remove development files like Gruntfile.js?
Occasionally, when I log in with Clef, it redirects me to the login page and makes me login again. I'm not sure why, need to figure it out.
We've had this feature requested a few times, including in our support forum, should add sometime this week.
We should add some info below the "Password Settings" header that explains how Clef locks down password logins.
It should be clear that Clef actually disables password logins completely, instead returning an error message and not even looking at the passwords for users that have disabled them.
We should also highlight that this means users don't need to worry about previous weak passwords that they have set or automated login attempts for their account, if they have checked the option to disable passwords.
http://codex.wordpress.org/Function_Reference/unregister_setting
This is better than what we currently do.
People can't find it in the Your Profile section.
This will be partially addressed by the automatic account connection, but should still be done.
@BoiteAWeb has pointed out that a lot of the things in the 2.0 version of this plugin rely on JS and Ajax to work. Ideally, we'd have a plugin that worked beautifully with JS and works functionally without it.
I've already pushed some changes that lets the main settings page work without JS, but lots of other things break without JS. It would be great to fix those too :)
If a site has custom roles, these roles are currently incompatible with our role-based password disabling and invite sending.
To make this change, I think that we should switch to a model where you select (with a checkbox) the roles that you want to disable passwords for. With this model, we should be able to just iterate over all roles and display them as options for disabling and sending invites.
Right now, the Clef settings do not apply to the XMLRPC API. This means that even if passwords are disabled by Clef, a user can still access site data through the API with their username and password.
This is not the correct functionality and should be resolved.
If the app ID or app Secret is empty, you're obviously not going to be logging in. Therefore, we should clear these settings.
This was triggered by me clearing my app ID, but leaving that no passwords option — giving me just a blank white screen on the login page.
:(
Besides the enhanced setup that I mention in #11, I think that we should have a widget that displays something about Clef.
I'm not quite sure what this something should be, but I have a few ideas:
Thoughts?
Right now, to fix this issue, you can add the following lines to your .htaccess:
RewriteCond %{QUERY_STRING} !clef_logout [NC]
That's not a longer term solution — we need one.
Clef recently added the ability to specify the logout hook on a per-login basis.
We should hook into this API to allow multisite logout to work across domains (solving issues like those mentioned in #92).
The link position is confusing b/c it looks like it's important, but the WP settings are mostly managed from the plugin itself.
The logout hook is blocked by Sucuri.
It'd be nice to have the option to disable the Waltz notifications for your users, if you want.
Right now, it's a pain in the butt to debug users issues with Clef for WordPress. We've improved this ability over the last week by adding more informative error messages (pro tip: using "something went wrong" for every error message is a horrible, horrible idea), but it needs to get better.
I'm not sure what the standard is for this, so I'd love some input — should we have a debug option in the plugin?
NOTICE: wp-content/plugins/wpclef/includes/lib/Settings_API_Util.inc:228 - Undefined index: clef_password_settings_force
NOTICE: wp-content/plugins/wpclef/includes/lib/Settings_API_Util.inc:228 - Undefined index: clef_password_settings_xml_allowed
Thank you!
Incorrect WP auth failure error message displayed on the following password settings configuration:
On these settings user login fails from override URL.
If one sets Disable passwords for all users and hide the password login form to false, logins via override URL are successful.
Right now, it's unclear that a user should clear their settings by deleting their app ID and app secret.
This should either be more explicit or we should add an option to clear the settings.
That creates lots of problems.
Your app messes up Better WP Security custom login url. When clef plugin
is enabled login url changes back to wp-admin. For me, this is a major
security issue. I wont be using your plugin utnil this changes.
Recreate via @landakram
Expected behavior: setting is not saved and error message is displayed
Current behavior: setting is not save and no error message is displayed
I was not able to replicate this issue.
@landakram what plugins do you have enabled? I remember something like this cropping up with W3 Total Cache activated.
Since a second link CTA popup gets shown after clicking "Not right now", the Badge CTA doesn't get dismissed if you navigate away from the dashboard and then back to it.
Instead, it should not be shown after you navigate back to the dashboard, regardless of your action in the second link CTA.
I feel like we shouldn't be opening it every time the plugin gets loaded; it's also interfering with our new unit tests.
git clone git://github.com/clef/wordpress.git wpclef
cd wpclef
git checkout two-point-oh
WP-Login.php Legend:
Settings Page Legend
Start the following tests from fresh install state (i.e., all settings except API keys should be null, false, or “disabled”).
img
and functioning a
in site footer.a
in site footer.img
and/or a
from site footer.img
and functioning a
in site footer and saves the setting (verify on setting page).a
in site footer and saves the setting (verify on setting page).To the precious few who make it this far: treat yo self to a 💥.
/wp-admin/admin.php?page=connect_clef_account
TypeError: style is null
parseInt(style.getPropertyValue('padding-left'),10)-
in https://clef.io/static/gen/button.js?cded9379
(fresh WordPress install)
When a user sees an SSL error message (Peer certicate...) they should see a link to the Github thread with the fix.
I have a suggestion. It's a little complicated for "not programmer" users, but I think it's ok for me:
I can help translating the website to Brazilian Portuguese.
Here's a usability issue:
Say you've disabled password login for all users. If you want to add another user who isn't nearby and doesn't use the share the same email between Clef and WordPress, then they have no way of associating their Clef account, because they can't log into WordPress.
My multisite: http://yoyo.io/admin login works perfectly! Amazing work BTW!
However if a client wants to login on their subsite: http://loslonelyboys.com/admin they get the notice below:
Something went wrong!
Invalid redirect URL.
Please refresh and try again.
Sure, the client can login at the Network root and get to their subsite that way, but some have a years logging in at their domain, which I can respect there wishes for.
Any thoughts? Is this WIP right now?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.