fix: auto-login after checkout, ThankYou guest buttons, forgot password page
1. Auto-login after checkout: - Added wp_set_auth_cookie() and wp_set_current_user() in CheckoutController - Auto-registered users are now logged in when thank-you page loads 2. ThankYou page guest buttons: - Added 'Login / Create Account' button for guests - Shows for both receipt and basic templates - No more dead-end after placing order as guest 3. Forgot password flow: - Created ForgotPassword page component (/forgot-password route) - Added forgot_password API endpoint in AuthController - Uses WordPress retrieve_password() for reset email - Replaced wp-login.php link in Login page
This commit is contained in:
Dwindi Ramadhana
@@ -186,4 +186,48 @@ class AuthController {
|
||||
],
|
||||
], 200 );
|
||||
}
|
||||
|
||||
/**
|
||||
* Forgot password endpoint - sends password reset email
|
||||
*
|
||||
* @param WP_REST_Request $request Request object
|
||||
* @return WP_REST_Response Response object
|
||||
*/
|
||||
public static function forgot_password( WP_REST_Request $request ): WP_REST_Response {
|
||||
$email = sanitize_email( $request->get_param( 'email' ) );
|
||||
|
||||
if ( empty( $email ) || ! is_email( $email ) ) {
|
||||
return new WP_REST_Response( [
|
||||
'success' => false,
|
||||
'message' => __( 'Please enter a valid email address', 'woonoow' ),
|
||||
], 400 );
|
||||
}
|
||||
|
||||
// Check if user exists
|
||||
$user = get_user_by( 'email', $email );
|
||||
|
||||
if ( ! $user ) {
|
||||
// For security, don't reveal if email exists or not
|
||||
// But still return success to prevent email enumeration attacks
|
||||
return new WP_REST_Response( [
|
||||
'success' => true,
|
||||
'message' => __( 'If an account exists with this email, you will receive a password reset link.', 'woonoow' ),
|
||||
], 200 );
|
||||
}
|
||||
|
||||
// Use WordPress's built-in password reset functionality
|
||||
$result = retrieve_password( $user->user_login );
|
||||
|
||||
if ( is_wp_error( $result ) ) {
|
||||
return new WP_REST_Response( [
|
||||
'success' => false,
|
||||
'message' => __( 'Failed to send password reset email. Please try again.', 'woonoow' ),
|
||||
], 500 );
|
||||
}
|
||||
|
||||
return new WP_REST_Response( [
|
||||
'success' => true,
|
||||
'message' => __( 'Password reset email sent! Please check your inbox.', 'woonoow' ),
|
||||
], 200 );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -300,6 +300,10 @@ class CheckoutController {
|
||||
// The real password is already set via wp_insert_user
|
||||
update_user_meta($new_user_id, '_woonoow_temp_password', $password);
|
||||
|
||||
// AUTO-LOGIN: Set authentication cookie so user is logged in after page reload
|
||||
wp_set_auth_cookie($new_user_id, true);
|
||||
wp_set_current_user($new_user_id);
|
||||
|
||||
// Set WooCommerce customer billing data
|
||||
$customer = new \WC_Customer($new_user_id);
|
||||
|
||||
|
||||
@@ -72,6 +72,13 @@ class Routes {
|
||||
'permission_callback' => '__return_true',
|
||||
] );
|
||||
|
||||
// Forgot password endpoint (public)
|
||||
register_rest_route( $namespace, '/auth/forgot-password', [
|
||||
'methods' => 'POST',
|
||||
'callback' => [ AuthController::class, 'forgot_password' ],
|
||||
'permission_callback' => '__return_true',
|
||||
] );
|
||||
|
||||
// Defer to controllers to register their endpoints
|
||||
CheckoutController::register();
|
||||
OrdersController::register();
|
||||
|
||||
Reference in New Issue
Block a user