Hi, I was doing the configurations for Janrain Capture plugin I have one doubt:
1. What should be the field value for “Url for load.js file (required)”.
]]>Problem
1. User cannot reset password
2. User is able to log back into the application, from email, if they use a non-expired password reset token url.
Discussion
After requesting a password reset, an email is sent out with the following URL for reset:
https://php.hgv.dev/wp-admin/admin-ajax.php?action=janrain_capture_redirect_uri&code=wna6bd772nr3bv
When this occurs, janrain-capture.php will forward the request to the registered wp_ajax method of redirect_uri. From there, the JanrainCaptureApi is immediately instantiated and a new access token is generated base on the above code. That code will log the user back in! Obviously a security risk if the email is compromised.
After the token has been generated, it appears one condition continues the flow of password reset. That is:
if ( $api->password_recover === true ) {
wp_redirect( add_query_arg( array( 'janrain_capture_action' => 'password_recover' ), home_url() ) );
}Essentially redirecting the user back to the homepage, as logged in, with the final query request of:
https://php.hgv.dev/?janrain_capture_action=password_recover
After digging through the plugin, it appears this is a fragment from the capture legacy implementation. We can find a reference to password recover action within the JanrainCaptureUi Object. There it begins the process of using admin ajax to create a modal. However, this doesn’t apply to us as we use the modern capture implementation provided from janrain screens.
Therefore, it appears the token code attempts to log a user back in and redirect them with the above query request. Because the query is not associated with a registered wp ajax action method, it doesn’t do anything. And even if it attempts to load a provisioned screen of forgot.html, it couldn’t without a code in query.
The functionality of resetting a password, from an email, seems to be non-existent for this plugin. If we attempt the current workflow in loading a screen, it is possible to load the markup file by correctly appending the following query parameters:
https://php.hgv.dev/wp-admin/admin-ajax.php?action=janrain_capture_redirect_uri&url_type=forgot&code=123
This will load an individual page but proves to be incorrect and non-working when attempting the reset. The correct flow, would of course, launch up the screens in the existing provisioned modal.
]]>Please address first
https://www.ads-software.com/support/topic/janrain-capture-ui-inconsistent-backplane-names
Problem
Janrain Registration works as should in logging a user through backplane in support of both janrain and livefyre. That is, janrain shows log out in place of all shortcode declarations as well as livefyre listing the logged in user for comments. However, when a user logs out, backplane is not working in signing out a user from both services.
Discussion
If a user logs out of Janrain, through its shortcode, we are able to successfully log out of Janrain services and the WordPress session. Upon refresh, the shortcode declaration now requires we sign-in. A quick check of related federate sites shows the event was emitted and user is now signed out of all sites. Nevertheless, if we look at an article that has livefyre enabled, we see that a user is still logged in.
The same situation applies if we use livefyre to sign out. When you select sign out from livefyre, the current session of livefyre has ended and a user is logged out of all related federate sites. However, even after manually refreshing the page, the shortcode shows the link to log out. In both cases, you can sign out of one but not the other.
Our implementation of livefyre registration is strictly based on the recommended workflow from:
https://answers.livefyre.com/developers/identity-integration/janrain-capture/
More specifically, following the same object creation for the authentication delegate.
A few initial ideas that we’ve played around with include forcing a redirect to the same page, with a logout query, after the auth delegate runs the logout function. We would follow a similar action that you have injected in your shortcode declaration when a user is signed in:
https://php.hgv.dev/wp-login.php?action=logout&redirect_to=http%3A%2F%2Fphp.hgv.dev%2Fpreparation%2Fhack-cash-449%2F&_wpnonce=ca9e59831e
This code is generated from your janrain-capture-ui.php:
$href = wp_logout_url( self::current_page_url() );
This does work in logging a user out from both janrain and livefyre. However, when a user attempts to log out from the generated shortcode link, that is from janrain, a user is signed out of janrain but as mentioned above, is not logged out of livefyre.
So while we can resolve this issue one way, the problem shouldn’t exist at all if backplane is correctly working with both services. We understand that in a successful flow, we would be responsible for any asynchronous UI changes that need to occur to properly reflect livefyre sign out. We also understand that wordpress session also comes into play in logging a user out.
Thanks for reading!
]]>Problem
janrain-capture-ui.php is currently using the incorrect option key for getting values relating to Janrain Backplane. More specifically, backplane enabled flag as well as backplane bus name.
LINE 31:
– if ( JanrainCapture::get_option( JanrainCapture::$name . '_widget_bp_enabled' ) > 0 ) {
Should be:
– if ( JanrainCapture::get_option( JanrainCapture::$name . '_widget_backplane_enabled' ) > 0 ) {
LINE 620:
$bus = JanrainCapture::get_option( JanrainCapture::$name . '_bp_bus_name' );
should be
$bus = JanrainCapture::get_option( JanrainCapture::$name . '_widget_bp_bus_name' );
The following fix will resolve the backplane javascript library from properly loading in the head tag for immediate reference for any services that use the protocol.
Discussion
This is an essential piece of the service. As such, it leads me to believe this feature was not fully fleshed out for support. I will be creating a separate forum for this discussion as well as a Janrain support ticket. I will stress though that the above should be fixed before continuing resolving other issues involving backplane.
Parse error: syntax error, unexpected ‘:’ in /home/corpsure/domains/corpsure.com.au/public_html/wp-content/plugins/janrain-capture/janrain-capture-ui.php on line 644
Guys need some serious help what happened?
]]>for register does send e-mail Verified account when user sign up ? e.g e mail sent to ur account for verify click on the link
and custom field for register form with *reqiuerd ?
]]>Does this plugin offer this integration?
]]>I downloaded and installed janrain capture but I couldn’t see how or where to add custom fields. I would like users to be able to set their password with a password confirmation field, enter their zipcode and agree to the terms of service before being able to complete their registration. any assistance with that will be appreciated. thanks.
https://www.ads-software.com/extend/plugins/janrain-capture/
]]>Hi I have the clamshell openid server setup and I am looking to use it with 5 sites, for SSO and importing of user info and everything they have on the other sites.
Will this be able to accomplish that?
https://www.ads-software.com/extend/plugins/janrain-capture/
]]>