wp-calypso
wp-calypso copied to clipboard
Automattic
Comments: WordPress.com users getting are prompted to log in while the site setting doesn't require it
Quick summary
WordPress.com users are being asked to log in to leave comments, even though site settings (on WordPress.com > My Sites > Settings > Discussion > Comments (Calypso) > “Users must be registered and logged in to comment“) don’t require login to leave a comment.
Steps to reproduce
- Make sure you open a page/post on a browser where you are not logged in to your WordPress.com account.
- You can try to add a comment here: https://premium.groovytestsite.blog/2018/11/03/block-button/
- Add the email address used in one of your WordPress.com accounts to leave a comment.
- Name and website fields should be filled automatically if they exist.
- Hit the submit button.
- You will get redirected to a login page:
What you expected to happen
When site settings don't require login to leave a comment (on WordPress.com > My Sites > Settings > Discussion > Comments (Calypso) > Users must be registered and logged in to comment), I expected the comment to be submitted right away.
What actually happened
WordPress.com users are getting prompted to log in to submit their comments.
I could only reproduce this issue on Simple Sites.
Context
HC report on a private channel on Slack, and maybe related to this:
p2EDhh-1Fg-p2#comment-8226
Platform (Simple, Atomic, or both?)
Simple
Theme-specific issue?
No response
Browser, operating system and other notes
No response
Reproducibility
Consistent
Severity
Some (< 50%)
Available workarounds?
No but the platform is still usable
Workaround details
No response
There are a few things going on here.
The first issue is that the user is not being recognised as logged in, which is probably the biggest fundamental problem. It would be good to know whether the user has in fact been logged out everywhere, or whether they are not being recognised as logged in on the site. Due to increasing third party cookie restrictions, we're starting to see the "not-logged-in" state occurring more, primarily for sites that have mapped domains (such as the test site you referenced).
When users then enter their details and submit their comment, our back end systems (correctly) detect that this "unknown" user is trying to submit a comment as if they were the WordPress.com user associated with that email address, and we then put up the login prompt to make sure they are, in fact, that user, as we don't want to allow someone else to be treated as if they're the actual user.
I need to spend some more time looking into the first problem, as discussed in this thread: p2EDhh-1Fg-p2
📌 SCRUBBING : RESULT
- Tested on Simple - Replicated
📌 FINDINGS/SCREENSHOTS/VIDEO
- I was able to recreate this behavior, but as discussed above it seems to be that the settings are working as expected.
- On the test site in question, the setting "Users must be registered and logged in to comment" is disabled, but the setting "Comment author must fill out name and email" is enabled. When I used an email associated with a WordPress.com account, I see a login prompt. This is expected as explained in this comment. When I used an email that is not associated with a WordPress.com account, I was able to post the comment without registering for an account or logging in.
- Since this issue is specifically asking to test the behavior for users that are trying to comment using a WordPress.com account email when they are not logged in, I'll go ahead and close this issue for now since this seems to be the expected behavior.
📌 ACTIONS
- Closed since this is expected behavior.
