Jetpack Protect bbPress Login Widget issue

Rolf Allard van Hagen
(@ravanh)

8 years ago

Hi,

When both Jetpack Protect and bbPress are running, the Login Widget provided by bbPress does not work as expected.

Trying to log in via the widget will open an extra dialogue screen with a math puzzle. No problem there, but replying to the question correctly (or incorrectly, it does not matter) the user will be redirected to the normal WordPress login form on /wp-login.php instead of being logged in and directed back to the bbPress forum page. Logging in again from the WP login form, will redirect to the front page.

Is there anything that can be done about this?

https://wordpress.org/plugins/jetpack/

Viewing 9 replies - 1 through 9 (of 9 total)

Plugin Author Jeremy Herve
(@jeherve)

Jetpack Mechanic 🚀

8 years ago

Do you happen to have a live site where I could test this? I wasn’t able to reproduce on a test site of mine.

If you want the site URL to remain private, you can also contact us via this contact form:
http://jetpack.com/contact-support/

Thanks!

Thread Starter Rolf Allard van Hagen
(@ravanh)

8 years ago

Hi Jeremy! 🙂

Yes you can see it happen on https://premium.status301.net/support/ with the bbPress login widget on the right. Just try anything and you’ll instantly get the first math puzzle, then you’ll get directed to the normal login.php (just as it sais above the first puzzle) but it even if you answered the math correctly, there is a second math puzzle on the second login.

After finally logging in, the normal redirect back to the original forum page is lost.

This completely breaks the usual bbPress login flow and is very counter intuitive: users wanting to respond to a thread or to start a new thread will have to enter their username/password twice and pass two math puzzles and then don’t even get back to where they where… That’s just annoying.

Is there any way to get around this without breaking Protect’s added security?

Plugin Author Jeremy Herve
(@jeherve)

Jetpack Mechanic 🚀

8 years ago

Thanks for the extra details. I’ve asked our Protect expert to take a look, and I’ll get back to you as soon as I have some news!

Thread Starter Rolf Allard van Hagen
(@ravanh)

8 years ago

Thanks!

A complicating factor might be that this is on a Multisite… I’ve no single site installation to test this at the moment.

Plugin Author Jeremy Herve
(@jeherve)

Jetpack Mechanic 🚀

8 years ago

My colleague Sam found the source of the issue, and worked on a patch here:
https://github.com/Automattic/jetpack/pull/3686

We’ll test it, and include it in Jetpack 4.0.1. Feel free to test the patch on your own network and let us know how it goes.

Thanks again for the report!

Thread Starter Rolf Allard van Hagen
(@ravanh)

8 years ago

Tested and found it to be working. Just great!

Thanks 🙂

Thread Starter Rolf Allard van Hagen
(@ravanh)

8 years ago

Turns out it’s not a very reliable fix… I’m not really sure about how/why but it looks like the math puzzle does not always appear below the login widget form. In fact, it’s less likely to show than not.

When testing in an anonymous browser window, I usually do not see the math puzzle below the form except after attempting a login (which redirects to the single math puzzle page) and then hitting the back-button (not continuing the log in) and refreshing the forum page… Strange.

Thread Starter Rolf Allard van Hagen
(@ravanh)

8 years ago

As far as I can figure out, the math below the widget form only shows when the visitor has a WordPress cookie. Even a wordpress_test_cookie (which you get when seeing the stand alone math puzzle page) suffices.

Plugin Author Jeremy Herve
(@jeherve)

Jetpack Mechanic 🚀

8 years ago

Thanks for the feedback! I see you’ve also commented on the GitHub issue, so we’ll continue the discussion there!

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Jetpack Protect bbPress Login Widget issue’ is closed to new replies.