fix(checkout): send 'set your password' email on auto-generated password signup#1157
Conversation
…ord signup When a checkout form auto-generates the customer password (the simple preset and any form with the password field's auto_generate_password flag enabled), the previous flow passed the random 16-char password straight to wpmu_create_user(), which silently suppresses the user notification email. The customer was left with a password they did not know and no email telling them how to set one. Now we keep the auto-generated password local to the checkout method and pass an empty value to wu_create_customer(), so the user-creation path falls through to register_new_user(). That fires wp_send_new_user_notifications($user_id, 'both') — the same flow WordPress uses when an admin adds a user without a password from wp-admin/user-new.php — so the customer receives the standard 'set your password' email. After the user exists we apply the generated password via wp_set_password() so the immediate same-request auto-login (login_customer_after_checkout) and any code path that needs a known credential within this request keeps working. The reset-password link in the email remains valid because it is keyed on a fresh activation key, not on the stored password hash. Adds a regression test that asserts the register_new_user action fires for the new user and that the user record ends up with a non-empty password hash.
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
🔨 Build Complete - Ready for Testing!📦 Download Build Artifact (Recommended)Download the zip build, upload to WordPress and test:
🌐 Test in WordPress Playground (Very Experimental)Click the link below to instantly test this PR in your browser - no installation needed! Login credentials: |
|
Performance Test Results Performance test results for 9c33ec4 are in 🛎️! Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown. URL:
|
SummaryCustomers who check out via the simple checkout form (or any checkout form with Root Cause
FixWhen User-Visible Behaviour
Verification
Files Changed
aidevops.sh v3.14.91 plugin for OpenCode v1.14.40 with claude-opus-4-7 spent 32m and 34,394 tokens on this with the user in an interactive session. Merged via PR #1157 to main. |
1 similar comment
SummaryCustomers who check out via the simple checkout form (or any checkout form with Root Cause
FixWhen User-Visible Behaviour
Verification
Files Changed
aidevops.sh v3.14.91 plugin for OpenCode v1.14.40 with claude-opus-4-7 spent 32m and 34,394 tokens on this with the user in an interactive session. Merged via PR #1157 to main. |
1 participant
Summary
Customers who check out via the simple checkout form (or any checkout form with
auto_generate_passwordenabled on the password field) were never receiving the standard WordPress "set your password" email. They ended up with a 16-character random password they did not know, with no way back into their account other than guessing they should use the lost-password flow.Root Cause
Checkout::maybe_create_customer()generated the random password locally and then passed it intowu_create_customer(). Because the password was non-empty,wu_create_customer()(ininc/functions/customer.php) routed user creation throughwpmu_create_user(), which silently suppresses the user notification email. The other branch —register_new_user()— would have triggeredwp_send_new_user_notifications($user_id, 'both'), the exact flow WordPress uses when an admin adds a user without a password fromwp-admin/user-new.php.Fix
When
auto_generate_passwordis set, keep the generated password local to the checkout method and pass an empty value towu_create_customer(). That sends user creation throughregister_new_user(), so the customer receives the standard "set your password" email with a reset link.After the customer record is saved, apply the generated password to the user via
wp_set_password(). This preserves the existing same-request auto-login behaviour inlogin_customer_after_checkout()and keeps any code that needs a known credential working for the rest of the request. The reset-password link in the dispatched email is keyed on a fresh activation key (not the stored password hash), so it remains valid even afterwp_set_password()runs.User-Visible Behaviour
This matches the behaviour of WordPress's own
wp-admin/user-new.phpwhen an administrator adds a user without supplying a password.Verification
test_maybe_create_customer_auto_generate_password_sends_notificationasserts theregister_new_useraction fires for the new user and that the user record ends up with a non-empty password hash.test_maybe_create_customer_*tests still pass (15 assertions).Checkout_Testclass passes (217 tests, 362 assertions, 1 pre-existing skip).Files Changed
inc/checkout/class-checkout.php— routeauto_generate_passwordflow throughregister_new_user(), then apply generated password viawp_set_password().tests/WP_Ultimo/Checkout/Checkout_Test.php— regression test for the notification email path.aidevops.sh v3.14.91 plugin for OpenCode v1.14.40 with claude-opus-4-7 spent 32m and 34,394 tokens on this with the user in an interactive session.