Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WordPress integration #747

Closed
IQ2022 opened this issue Sep 9, 2015 · 33 comments
Closed

WordPress integration #747

IQ2022 opened this issue Sep 9, 2015 · 33 comments

Comments

@IQ2022
Copy link

IQ2022 commented Sep 9, 2015

1- wordpress user integration
if not
2- signup/login within wordpress/ webpage as an API?
3- Send alerts to (specified) channels once a new post is published.

@marceloschmidt
Copy link
Member

Someone with WordPress knowledge can take this?

@nonsintetic
Copy link

I know quite a bit about Wordpress, but not a lot about meteor. I can try and pitch in on the WP part once a general approach has been laid out by someone who knows both.

@engelgabriel engelgabriel added this to the Next milestone Sep 16, 2015
@engelgabriel
Copy link
Member

@nonsintetic I think we need your help here indeed.

  1. We need to find a good WordPress oAuth or SAML plugin. Do you know any?
  2. Do you know how to write WP plugins? We can give you the Rest URLs to send the alerts to.

@nonsintetic
Copy link

I can write plugins, sending alerts to a REST api should be easy as pie. I'm guessing we could send alerts for things like new post, new comment, new user registration, maybe even admin stuff such as when Wordpress is auto-updated.

@engelgabriel
Copy link
Member

That's great. We are working on the integration points. I'll get your a doc with the API to test. If you can help, it would be awesome!!!!

@nonsintetic
Copy link

Good, I'll make something as soon as I get it.

Regarding SAML plugins, the only one available that doesn't use an external SaS service is https://wordpress.org/plugins/saml-20-single-sign-on/, it's basically an implementation of simplesamlphp (https://simplesamlphp.org/). It makes Wordpress a SAML SP, it works, but it's kind of hacked-together if you ask me.

The way I see it is: what would be useful is to have a plugin that makes Wordpress an IdP instead and use Rocket Chat as a SP. That way you can just keep using the Wordpress login functions, login screen and database for storage like before, just add a plugin for RC. There isn't one available at this moment, but one could be written using simplesamlphp without too much hassle.

Otherwise, migrating to a different accounts system to use a chat system would be overkill for most people, especially since most of them already have users signed up to their WP site.

@engelgabriel
Copy link
Member

@nonsintetic I think we are saying the same thing. I don't want people to have to migrate to a different accounts system. We want to keep WP and the Identity Provider, either via SAML or oAuth, and Racket.Chat will just use our generic packages to login using those credential.. as you can with Facebook, LinkdeIn, GitHub, etc on our https://demo.rocket.chat server.

So how should we start?

@engelgabriel
Copy link
Member

Shall we use this?

https://wordpress.org/plugins/oauth2-provider/

@nonsintetic
Copy link

I have that plugin installed on my test server and it works fine, all it really needs is a rocket.chat plugin very similar to the Gitlab one (a generic oAuth plugin). I'm not sure how Gitlab works, but I imagine it's just the links that differ.

If you want i can set up a public Wordpress install with that plugin enabled and give you guys the keys so you can test it out.

@engelgabriel
Copy link
Member

Hi @rodrigok can you help?

@marceloschmidt marceloschmidt modified the milestones: Roadmap, Next Sep 21, 2015
@rodrigok
Copy link
Member

@nonsintetic and @engelgabriel now we have buttons on section accounts to add a custom oAuth section, so you can configure the login with wordpress their I think.

@engelgabriel
Copy link
Member

@rodrigok 👍

@nonsintetic
Copy link

Ok I've had a very long chat (on Rocket Chat!) with marcelo.rocket.team and we've managed to log into RC with Wordpress. Unfortunately there was an issue with RC expecting 'id' in the response instead of 'ID' which is what came from Wordpress in the /oauth/me info, details on how it was fixed below in the tutorial.
(According to Marcelo the part that handles that on RC's end is in the Meteor codebase - https://github.com/meteor/meteor/blob/devel/packages/accounts-base/accounts_server.js#L1328)

Here's how it was done:
Rocket Chat Side

  1. Administration > Accounts : (bottom-right next to Save settings) click 'Add custom oAuth'
  2. name it 'wordpress' (case sensitive). Can be anything you want, just keep in mind it will have to be typed exactly the same in the redirect uri on the Wordpress plugin side of things (details lower)
  3. fill out these settings for the new oAuth you created
Authorize Path: /oauth/authorize
Button Text: anything you want
Enable: true
ID: this is the 'Client ID' you get when you get to step 4 on the Wordpress side of the instructions
Identity Path: /oauth/me
Secret: this is the key you get when you complete step 4 below on the Wordpress side, just hover over the newly created client's name and you'll see a 'Show Secret' link, copypaste that hash here
Token Path: /oauth/token
URL: http://yourwordpresssiteurl.com

Wordpress Side:

  1. oAuth Provider plugin: https://wordpress.org/plugins/oauth2-provider/ (free version, tested with v.3.1.7)
  2. to get the plugin working with RocketChat:
    EITHER: add 1 line of code in wp-content/plugins/oauth2-provider/includes/filters.php , around line 123, after unset($me_data['user_url']); add this $me_data['id'] = $me_data['ID']; > this will break when you update the plugin
    OR: add this GIST to your template's functions.php file (https://gist.github.com/nonsintetic/af01e406732b923754b2) > this will work even after an update of the plugin
  3. in the plugin's settings > Advanced Configuration - tick all Grant Types
  4. in the plugin's settings > Clients - select "Add new client", client name: anything, redirect uri: http://<your rocketchat server link>/_oauth/wordpress (very important: if you chose a different name for your custom oAuth in Rocket Chat, use that exact name here after '/_oauth/' - case sensitive), description: anything

After all these steps have been completed, if the client ID and the secret match between RC and WP, if the fix is applied. You just go to your rocketchat and click the newly appeared button to log in, if you're not logged into wordpress you'll get the wordpress login screen in a popup.

Possible errors encountered (by me):

  • 502 errors on login - check if the fix is applied (you'll get an error in the rocketchat console Exception while invoking method 'login' Error: Service data for service wordpress must include id if it's not applied). Check if the paths in RC's custom oAuth method are set correctly. If is still doesn't work check the meteor console, it will probably give you insight on what exactly is wrong.
  • 'key doesn't match' or similar error in the popup - problem with client id or secret (don't match)
  • redirect uri errors - check if the redirect uri set in the plugin has the same (case sensitive) name as your oAuth method in RC (you'll have to remember because it's forced uppercase in the UI currently).
  • you got it all wrong, deleted the custom oAuth method and started again, but the old redirect uri or key are still being used: you'll have to delete them by hand from mongodb (there's a bug with deleting custom oAuth methods currently) - in mongodb go to 'meteor/collections/meteor_accounts_loginServiceConfiguration' and delete what's there. You can use Robomongo ( a gui editor for mongodb databases )

@marceloschmidt
Copy link
Member

Thank you very much, @nonsintetic! I'll add this to the wiki, so it doesn't get lost.

@syedalamabbas
Copy link

This should be updated. Now this is a built in feature with Rocket Chat.
So for Rocket Chat side: You don't have to do 'Add custom oAuth' and fill in whole bunch of details as the above comments state, instead look for Wordpress tab and fill in fewer details and a wordpress login button appears.

@engelgabriel
Copy link
Member

@marceloschmidt, should we update the WIKI?

@wargamesqcf
Copy link

wargamesqcf commented Jul 7, 2016

Does this still work or do I need to edit the template's functions.php because I got this

W20160707-22:34:56.111(0) (oauth_server.js:398) Error in OAuth Server: Failed to complete OAuth handshake with wordpress at http://five-rings-online.com//oauth/token. failed [400] {"error":"redirect_uri_mismatch","error_description":"The redirect URI is missing or do not match","error_uri":"http:\/\/tools.ietf.org\/html\/rfc6749#section-4.1.3"}
I20160707-22:34:56.277(0) Exception while invoking method 'login' Error: Failed to complete OAuth handshake with wordpress at http://five-rings-online.com//oauth/token. failed [400] {"error":"redirect_uri_mismatch","error_description":"The redirect URI is missing or do not match","error_uri":"http:\/\/tools.ietf.org\/html\/rfc6749#section-4.1.3"}     at CustomOAuth.getAccessToken (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:71:16)     at Object.handleOauthRequest (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:106:23)     at OAuth._requestHandlers.(anonymous function) (packages/oauth2/oauth2_server.js:8:1)     at middleware (packages/oauth/oauth_server.js:173:1)     at packages/oauth/oauth_server.js:146:1 

@rankun203
Copy link

rankun203 commented Sep 16, 2016

Now(WP OAuth Server v3.1.8) I need to add these code

$me_data['id'] = $me_data['ID'];
$me_data['name'] = $me_data['username'];

into wp-content/plugins/oauth2-provider/includes/filters.php#131.

@wargamesqcf
Copy link

wargamesqcf commented Nov 3, 2016

WP OAuth Server updated to 3.2 and I can't get it to work with rocketchat.

Is there a wordpress saml server to provide rockets with username/password?

@wargamesqcf
Copy link

I am getting this from my logs.

[34mW20161219-18:15:38.588(0) (oauth.js:101) �[35mUnable to base64 decode state from OAuth query: undefined
�[34mW20161219-18:15:38.589(0) (oauth.js:101) �[35mUnable to base64 decode state from OAuth query: undefined
�[34mW20161219-18:15:38.591(0) (oauth.js:428) �[35mError in OAuth Server: Failed to complete OAuth handshake with wordpress at http://five-rings-online.net:3000/_oauth/wordpress/oauth/token. socket hang up

@Sing-Li
Copy link
Member

Sing-Li commented Dec 19, 2016

Anyone upgraded 3.2 and has it working? @IQ2022 @nonsintetic @rankun203 @syedalamabbas

@flantascience
Copy link

I'm also interested in this

@IQ2022
Copy link
Author

IQ2022 commented Dec 28, 2016

if we have funds, i think we should probably look to get some professional Wordpress programmer to build a plugin for RC that does complete membership integration .. and user database sync between both ends.. given 3/4 world sites are running wordpress so, i think its worth it..

@wargamesqcf
Copy link

would it better if RC was able to look at the WP DB for users?

@IQ2022
Copy link
Author

IQ2022 commented Dec 28, 2016

would be nice if they can actually create a membership plugin that handles Wordpress :) like member+ or https://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 plugin :D

@johnlund
Copy link

johnlund commented Feb 21, 2017

The built-in RC Wordpress oAuth doesn't seem to work with WP oAuth Server at all.

I've had some luck with custom oAuth, but I'm having the same issue as @wargamesqcf. I've included the gist fix above and am not getting the missing id error anymore, but am still seeing this:

[34mW20170221-20:26:24.094(0) (oauth.js:101) [35mUnable to base64 decode state from OAuth query: undefined
[34mW20170221-20:26:24.098(0) (oauth.js:101) [35mUnable to base64 decode state from OAuth query: undefined
[34mW20170221-20:26:24.100(0) (oauth.js:428) [35mError in OAuth Server: invalid_request

Works:

  • No problems in an iframe on WP site after WP login
  • Works on a standalone page after I've already logged into WP in another tab

Does not work:

  • All RC apps (desktop and mobile)
  • Standalone page using the RC oAuth login as the means to login to WP

I'm using WP oAuth 3.2.001 non-pro.

@wargamesqcf
Copy link

wargamesqcf commented Feb 21, 2017

So RC is just the one messing up or is the free app?

@johnlund
Copy link

@wargamesqcf Basically, if the user is already logged into WP, I can get the RC oAuth to work, but if they are not logged in, RC login does not work.

RC Custom oAuth:

  • Enabled: True
  • URL: homepage of WP site
  • Token path: /oauth/token
  • Identity path: /oauth/me
  • Authorize path: /oauth/authorize
  • Scope: openid
  • Token sent via: Header
  • ID: from WP oAuth Server
  • Secret: from WP oAuth Server
  • Username field: I have this blank, but I'd love to be able to import display names from WP (any ideas how to do this?)
  • Merge users: false (not sure exactly how this works, and I don't want to mess up my user data)

WP oAuth Server:

  • General
    • API Enabled - Checked
  • Advanced
    • Everything checked
  • Clients
    • Setup a new client using the callback URL from the top of the RC custom oAuth settings
    • Get the ID and secret for the fields in RC custom oAuth settings

@wargamesqcf
Copy link

I just get /oauth/error/404 when I try this thanks for trying atleast.

@flantascience
Copy link

I've had a few people comment on this. Here's what worked for me...

Enable True
URL https://peerunschooling.net/members/
Token Path /oauth/token
Identity Path /oauth/me
Authorize Path /oauth/authorize
Scope openid
Token Sent Via Header
Id
Secret
Login Style Redirect

WPOAuth 3.2.87

Grant Types
Authorization Code: YES
Client Credentials: YES
User Credentials: YES
Refresh Tokens: YES
Allow Implicit: YES

Misc Settings
Token Length 30
Require Exact Redirect URI: NO
Enforce State Parameter: YES

OpenID Connect 1.0a
Enable OpenID Connect: NO
ID Token Lifetime 3600

Token Lifetimes
Access Token Lifetime 86400
Refresh Token Lifetime 864000

Redirect URI: https://members.peerunschooling.net/_oauth/punetauth

@flantascience
Copy link

flantascience commented Feb 23, 2017 via email

@johnlund
Copy link

johnlund commented Mar 6, 2017

Thanks Jim.

@gjsman
Copy link

gjsman commented Oct 14, 2017

So, overall, is it possible to use the non-pro version to do this, or not?

I've tried with the settings, and a WordPress sign-in page loads, et citera, but it suddenly ends with a "Internal Server Error." The error in logs is:

�[34mI20171014-20:51:02.644(0) Exception while invoking method 'login' SyntaxError: Unexpected token < at Object.parse (native) at CustomOAuth.getAccessToken (/snap/rocketchat-server/1142/programs/server/packages/rocketchat_custom-oauth.js:166:17) at Object.handleOauthRequest (/snap/rocketchat-server/1142/programs/server/packages/rocketchat_custom-oauth.js:224:28) at OAuth._requestHandlers.(anonymous function) (packages/oauth2.js:27:31) at middleware (packages/oauth.js:203:5) at packages/oauth.js:176:5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests