WordPress integration

[IQ2022]

1- wordpress user integration
if not
2- signup/login within wordpress/ webpage as an API?
3- Send alerts to (specified) channels once a new post is published.

[marceloschmidt]

Someone with WordPress knowledge can take this?

[nonsintetic]

I know quite a bit about Wordpress, but not a lot about meteor. I can try and pitch in on the WP part once a general approach has been laid out by someone who knows both.

[engelgabriel]

@nonsintetic I think we need your help here indeed.

1. We need to find a good WordPress oAuth or SAML plugin. Do you know any?
2. Do you know how to write WP plugins? We can give you the Rest URLs to send the alerts to.

[nonsintetic]

I can write plugins, sending alerts to a REST api should be easy as pie. I'm guessing we could send alerts for things like new post, new comment, new user registration, maybe even admin stuff such as when Wordpress is auto-updated.

[engelgabriel]

That's great. We are working on the integration points. I'll get your a doc with the API to test. If you can help, it would be awesome!!!!

[nonsintetic]

Good, I'll make something as soon as I get it.

Regarding SAML plugins, the only one available that doesn't use an external SaS service is https://wordpress.org/plugins/saml-20-single-sign-on/, it's basically an implementation of simplesamlphp (https://simplesamlphp.org/). It makes Wordpress a SAML SP, it works, but it's kind of hacked-together if you ask me.

The way I see it is: what would be useful is to have a plugin that makes Wordpress an IdP instead and use Rocket Chat as a SP. That way you can just keep using the Wordpress login functions, login screen and database for storage like before, just add a plugin for RC. There isn't one available at this moment, but one could be written using simplesamlphp without too much hassle.

Otherwise, migrating to a different accounts system to use a chat system would be overkill for most people, especially since most of them already have users signed up to their WP site.

[engelgabriel]

@nonsintetic I think we are saying the same thing. I don't want people to have to migrate to a different accounts system. We want to keep WP and the Identity Provider, either via SAML or oAuth, and Racket.Chat will just use our generic packages to login using those credential.. as you can with Facebook, LinkdeIn, GitHub, etc on our https://demo.rocket.chat server.

So how should we start?

[engelgabriel]

Shall we use this?

https://wordpress.org/plugins/oauth2-provider/

[nonsintetic]

I have that plugin installed on my test server and it works fine, all it really needs is a rocket.chat plugin very similar to the Gitlab one (a generic oAuth plugin). I'm not sure how Gitlab works, but I imagine it's just the links that differ.

If you want i can set up a public Wordpress install with that plugin enabled and give you guys the keys so you can test it out.

[engelgabriel]

Hi @rodrigok can you help?

[rodrigok]

@nonsintetic and @engelgabriel now we have buttons on section accounts to add a custom oAuth section, so you can configure the login with wordpress their I think.

[engelgabriel]

@rodrigok 👍

[nonsintetic]

Ok I've had a very long chat (on Rocket Chat!) with marcelo.rocket.team and we've managed to log into RC with Wordpress. Unfortunately there was an issue with RC expecting 'id' in the response instead of 'ID' which is what came from Wordpress in the /oauth/me info, details on how it was fixed below in the tutorial.
(According to Marcelo the part that handles that on RC's end is in the Meteor codebase - https://github.com/meteor/meteor/blob/devel/packages/accounts-base/accounts_server.js#L1328)

Here's how it was done:
Rocket Chat Side

1. Administration > Accounts : (bottom-right next to Save settings) click 'Add custom oAuth'
2. name it 'wordpress' (case sensitive). Can be anything you want, just keep in mind it will have to be typed exactly the same in the redirect uri on the Wordpress plugin side of things (details lower)
3. fill out these settings for the new oAuth you created

Authorize Path: /oauth/authorize
Button Text: anything you want
Enable: true
ID: this is the 'Client ID' you get when you get to step 4 on the Wordpress side of the instructions
Identity Path: /oauth/me
Secret: this is the key you get when you complete step 4 below on the Wordpress side, just hover over the newly created client's name and you'll see a 'Show Secret' link, copypaste that hash here
Token Path: /oauth/token
URL: http://yourwordpresssiteurl.com

Wordpress Side:

1. oAuth Provider plugin: https://wordpress.org/plugins/oauth2-provider/ (free version, tested with v.3.1.7)
2. to get the plugin working with RocketChat:
   EITHER: add 1 line of code in wp-content/plugins/oauth2-provider/includes/filters.php , around line 123, after unset($me_data['user_url']); add this $me_data['id'] = $me_data['ID']; > this will break when you update the plugin
   OR: add this GIST to your template's functions.php file (https://gist.github.com/nonsintetic/af01e406732b923754b2) > this will work even after an update of the plugin
3. in the plugin's settings > Advanced Configuration - tick all Grant Types
4. in the plugin's settings > Clients - select "Add new client", client name: anything, redirect uri: http://<your rocketchat server link>/_oauth/wordpress (very important: if you chose a different name for your custom oAuth in Rocket Chat, use that exact name here after '/_oauth/' - case sensitive), description: anything

After all these steps have been completed, if the client ID and the secret match between RC and WP, if the fix is applied. You just go to your rocketchat and click the newly appeared button to log in, if you're not logged into wordpress you'll get the wordpress login screen in a popup.

Possible errors encountered (by me):

• 502 errors on login - check if the fix is applied (you'll get an error in the rocketchat console Exception while invoking method 'login' Error: Service data for service wordpress must include id if it's not applied). Check if the paths in RC's custom oAuth method are set correctly. If is still doesn't work check the meteor console, it will probably give you insight on what exactly is wrong.
• 'key doesn't match' or similar error in the popup - problem with client id or secret (don't match)
• redirect uri errors - check if the redirect uri set in the plugin has the same (case sensitive) name as your oAuth method in RC (you'll have to remember because it's forced uppercase in the UI currently).
• you got it all wrong, deleted the custom oAuth method and started again, but the old redirect uri or key are still being used: you'll have to delete them by hand from mongodb (there's a bug with deleting custom oAuth methods currently) - in mongodb go to 'meteor/collections/meteor_accounts_loginServiceConfiguration' and delete what's there. You can use Robomongo ( a gui editor for mongodb databases )

[marceloschmidt]

Thank you very much, @nonsintetic! I'll add this to the wiki, so it doesn't get lost.

[syedalamabbas]

This should be updated. Now this is a built in feature with Rocket Chat.
So for Rocket Chat side: You don't have to do 'Add custom oAuth' and fill in whole bunch of details as the above comments state, instead look for Wordpress tab and fill in fewer details and a wordpress login button appears.

[engelgabriel]

@marceloschmidt, should we update the WIKI?

[wargamesqcf]

Does this still work or do I need to edit the template's functions.php because I got this

W20160707-22:34:56.111(0) (oauth_server.js:398) Error in OAuth Server: Failed to complete OAuth handshake with wordpress at http://five-rings-online.com//oauth/token. failed [400] {"error":"redirect_uri_mismatch","error_description":"The redirect URI is missing or do not match","error_uri":"http:\/\/tools.ietf.org\/html\/rfc6749#section-4.1.3"}
I20160707-22:34:56.277(0) Exception while invoking method 'login' Error: Failed to complete OAuth handshake with wordpress at http://five-rings-online.com//oauth/token. failed [400] {"error":"redirect_uri_mismatch","error_description":"The redirect URI is missing or do not match","error_uri":"http:\/\/tools.ietf.org\/html\/rfc6749#section-4.1.3"}     at CustomOAuth.getAccessToken (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:71:16)     at Object.handleOauthRequest (packages/rocketchat_custom-oauth/custom_oauth_server.coffee:106:23)     at OAuth._requestHandlers.(anonymous function) (packages/oauth2/oauth2_server.js:8:1)     at middleware (packages/oauth/oauth_server.js:173:1)     at packages/oauth/oauth_server.js:146:1 

[rankun203]

Now(WP OAuth Server v3.1.8) I need to add these code

$me_data['id'] = $me_data['ID'];
$me_data['name'] = $me_data['username'];

into wp-content/plugins/oauth2-provider/includes/filters.php#131.

[wargamesqcf]

WP OAuth Server updated to 3.2 and I can't get it to work with rocketchat.

Is there a wordpress saml server to provide rockets with username/password?

[wargamesqcf]

I am getting this from my logs.

[34mW20161219-18:15:38.588(0) (oauth.js:101) �[35mUnable to base64 decode state from OAuth query: undefined
�[34mW20161219-18:15:38.589(0) (oauth.js:101) �[35mUnable to base64 decode state from OAuth query: undefined
�[34mW20161219-18:15:38.591(0) (oauth.js:428) �[35mError in OAuth Server: Failed to complete OAuth handshake with wordpress at http://five-rings-online.net:3000/_oauth/wordpress/oauth/token. socket hang up

[Sing-Li]

Anyone upgraded 3.2 and has it working? @IQ2022 @nonsintetic @rankun203 @syedalamabbas

[flantascience]

I'm also interested in this

[IQ2022]

if we have funds, i think we should probably look to get some professional Wordpress programmer to build a plugin for RC that does complete membership integration .. and user database sync between both ends.. given 3/4 world sites are running wordpress so, i think its worth it..

[wargamesqcf]

would it better if RC was able to look at the WP DB for users?

[IQ2022]

would be nice if they can actually create a membership plugin that handles Wordpress :) like member+ or https://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 plugin :D

[johnlund]

The built-in RC Wordpress oAuth doesn't seem to work with WP oAuth Server at all.

I've had some luck with custom oAuth, but I'm having the same issue as @wargamesqcf. I've included the gist fix above and am not getting the missing id error anymore, but am still seeing this:

[34mW20170221-20:26:24.094(0) (oauth.js:101) [35mUnable to base64 decode state from OAuth query: undefined
[34mW20170221-20:26:24.098(0) (oauth.js:101) [35mUnable to base64 decode state from OAuth query: undefined
[34mW20170221-20:26:24.100(0) (oauth.js:428) [35mError in OAuth Server: invalid_request

Works:

• No problems in an iframe on WP site after WP login
• Works on a standalone page after I've already logged into WP in another tab

Does not work:

• All RC apps (desktop and mobile)
• Standalone page using the RC oAuth login as the means to login to WP

I'm using WP oAuth 3.2.001 non-pro.

[wargamesqcf]

So RC is just the one messing up or is the free app?

[johnlund]

@wargamesqcf Basically, if the user is already logged into WP, I can get the RC oAuth to work, but if they are not logged in, RC login does not work.

RC Custom oAuth:

• Enabled: True
• URL: homepage of WP site
• Token path: /oauth/token
• Identity path: /oauth/me
• Authorize path: /oauth/authorize
• Scope: openid
• Token sent via: Header
• ID: from WP oAuth Server
• Secret: from WP oAuth Server
• Username field: I have this blank, but I'd love to be able to import display names from WP (any ideas how to do this?)
• Merge users: false (not sure exactly how this works, and I don't want to mess up my user data)

WP oAuth Server:

• General
  • API Enabled - Checked
• Advanced
  • Everything checked
• Clients
  • Setup a new client using the callback URL from the top of the RC custom oAuth settings
  • Get the ID and secret for the fields in RC custom oAuth settings

[wargamesqcf]

I just get /oauth/error/404 when I try this thanks for trying atleast.

[flantascience]

I've had a few people comment on this. Here's what worked for me...

Enable True
URL https://peerunschooling.net/members/
Token Path /oauth/token
Identity Path /oauth/me
Authorize Path /oauth/authorize
Scope openid
Token Sent Via Header
Id
Secret
Login Style Redirect

WPOAuth 3.2.87

Grant Types
Authorization Code: YES
Client Credentials: YES
User Credentials: YES
Refresh Tokens: YES
Allow Implicit: YES

Misc Settings
Token Length 30
Require Exact Redirect URI: NO
Enforce State Parameter: YES

OpenID Connect 1.0a
Enable OpenID Connect: NO
ID Token Lifetime 3600

Token Lifetimes
Access Token Lifetime 86400
Refresh Token Lifetime 864000

Redirect URI: https://members.peerunschooling.net/_oauth/punetauth

[flantascience]

Check my post I just dropped on this article: #747 That's how I did the settings. Then, I created an iframe in my WordPress page using this code: <iframe src="https://members.peerunschooling.net" style="position: absolute; top: 60;left: 0; width: 100%; height: calc(100% - 60px);"></iframe> This positions a full-screen iframe just below my header containing the RocketChat app. Jim Flannery jim-flannery.com p. 860-578-4966 e. [email protected] s. jim_flannery

…

On Tue, Feb 21, 2017 at 3:56 PM, wargamesqcf ***@***.***> wrote: I have no idea what iframe is but can you walk me through how you did it? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#747 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AL_pYnO3qvxTP3MJHBdjpoWnTFeLUCRDks5re09rgaJpZM4F6ixm> .

[johnlund]

Thanks Jim.

[gjsman]

So, overall, is it possible to use the non-pro version to do this, or not?

I've tried with the settings, and a WordPress sign-in page loads, et citera, but it suddenly ends with a "Internal Server Error." The error in logs is:

�[34mI20171014-20:51:02.644(0) Exception while invoking method 'login' SyntaxError: Unexpected token < at Object.parse (native) at CustomOAuth.getAccessToken (/snap/rocketchat-server/1142/programs/server/packages/rocketchat_custom-oauth.js:166:17) at Object.handleOauthRequest (/snap/rocketchat-server/1142/programs/server/packages/rocketchat_custom-oauth.js:224:28) at OAuth._requestHandlers.(anonymous function) (packages/oauth2.js:27:31) at middleware (packages/oauth.js:203:5) at packages/oauth.js:176:5