feat(paypal): guided setup wizard for manual credentials + OAuth flag gate#1120
Merged
superdav42 merged 2 commits intomainfrom May 5, 2026
Merged
feat(paypal): guided setup wizard for manual credentials + OAuth flag gate#1120superdav42 merged 2 commits intomainfrom
superdav42 merged 2 commits intomainfrom
Conversation
…flag PayPal denied our Commerce Platform partnership, so the one-click 'Connect with PayPal' (Partner Referrals) flow is not available. Hide the partner-only code paths behind a feature flag that defaults to false, so non-partner installs: - Never make outbound /status proxy probes during settings rendering - Don't register the AJAX endpoints for the OAuth init/disconnect flow - Don't render the OAuth connect button in the gateway settings - Still preserve already-connected merchant data (read-only) for any install that was connected before the partnership ended When Ultimate Multisite is approved as a PayPal partner again, define WU_PAYPAL_OAUTH_ENABLED as true in wp-config.php to re-enable the one-click flow. The handler class, AJAX endpoints, partner-token proxy call, and PayPal-Auth-Assertion logic all remain in the codebase ready to switch back on. Tests: existing proxy-probe tests skip when the constant defines a short-circuit value (the default shipped configuration). A new test asserts the constant short-circuit returns the expected bool.
When the OAuth/partner integration is disabled (the default since
WU_PAYPAL_OAUTH_ENABLED was added), merchants previously had to copy
PayPal API credentials into a flat settings panel with no guidance and
no way to verify them before saving. This adds a five-step wizard that
walks them through the entire process and verifies the credentials with
PayPal before completing.
Wizard steps
- Welcome: introduces the integration and lets the merchant choose
sandbox vs live (sandbox by default).
- Get Credentials: four-step walkthrough of the PayPal Developer
Dashboard, with a deep link to the right environment.
- Configure: Sandbox/Live Client ID and Secret form, persisted via
wu_save_setting() and adds paypal-rest to active_gateways.
- Test Connection: a small Vue widget pings POST /v1/oauth2/token with
the saved credentials and, on success, auto-installs the webhook via
POST /v1/notifications/webhooks. Failures surface PayPal's own error
message plus a troubleshooting list.
- Done: green confirmation with two buttons that both land on the
Payments tab so the merchant can run a test checkout immediately.
Settings panel CTA
- Adds a "Guided setup" card to the PayPal Payments settings that links
into the wizard when OAuth is disabled.
- Webhook Listener URL row no longer requires the legacy
paypal_rest_show_manual_keys flag, so it stays visible alongside the
manual credential fields in either mode.
New files
- inc/admin-pages/class-paypal-setup-wizard-admin-page.php
- views/wizards/paypal-setup/{welcome,instructions,configure,test,done}.php
- assets/js/paypal-setup-wizard.js (+ minified)
- tests/WP_Ultimo/Admin_Pages/PayPal_Setup_Wizard_Admin_Page_Test.php
Modified
- inc/class-wp-ultimo.php registers the wizard page and its AJAX handler.
- inc/gateways/class-paypal-rest-gateway.php renders the CTA and decouples
the webhook URL row from the legacy manual-keys toggle.
Tests
- 33 new PHPUnit tests / 60 assertions covering page properties, sections,
sandbox/live mode detection, all section views, the configure handler
(nonce, sandbox+live persistence, empty-credentials notice), AJAX
handler registration, and AJAX endpoint branches (bad nonce, missing
credentials, PayPal rejection, transport error, success-with-webhook).
- PHPStan clean on every changed file.
- Browser-verified end-to-end against the local WordPress dev install:
welcome → instructions → configure (creds persisted) → test (real
PayPal /v1/oauth2/token call, error UI rendered correctly) → done
(Finish lands on Payments tab).
Contributor
|
Warning Rate limit exceeded
To continue reviewing without waiting, purchase usage credits in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (14)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
🔨 Build Complete - Ready for Testing!📦 Download Build Artifact (Recommended)Download the zip build, upload to WordPress and test:
🌐 Test in WordPress Playground (Very Experimental)Click the link below to instantly test this PR in your browser - no installation needed! Login credentials: |
Collaborator
Author
SummaryWhen the OAuth/partner integration is disabled (the default since
Wizard Flow
Settings Panel CTAA new "Guided setup" card on the Payments settings panel links into the wizard when OAuth is disabled. The webhook URL row is no longer pinned to the legacy New Files
Modified Files
Test PlanAutomated
vendor/bin/phpunit --filter PayPal_Setup_Wizard_Admin_Page_Test
# 33/33 OK (60 assertions)
vendor/bin/phpstan analyse inc/admin-pages/class-paypal-setup-wizard-admin-page.php inc/gateways/class-paypal-rest-gateway.php inc/gateways/class-paypal-oauth-handler.php
# OKManual / BrowserEnd-to-end verification against a local WordPress multisite install:
Backwards Compatibility
Merged via PR #1120 to main. aidevops.sh v3.14.72 spent 31s on this as a headless bash routine. |
Collaborator
Author
SummaryWhen the OAuth/partner integration is disabled (the default since
Wizard Flow
Settings Panel CTAA new "Guided setup" card on the Payments settings panel links into the wizard when OAuth is disabled. The webhook URL row is no longer pinned to the legacy New Files
Modified Files
Test PlanAutomated
vendor/bin/phpunit --filter PayPal_Setup_Wizard_Admin_Page_Test
# 33/33 OK (60 assertions)
vendor/bin/phpstan analyse inc/admin-pages/class-paypal-setup-wizard-admin-page.php inc/gateways/class-paypal-rest-gateway.php inc/gateways/class-paypal-oauth-handler.php
# OKManual / BrowserEnd-to-end verification against a local WordPress multisite install:
Backwards Compatibility
Merged via PR #1120 to main. aidevops.sh v3.14.72 spent 27s on this as a headless bash routine. |
|
Performance Test Results Performance test results for 72f1e75 are in 🛎️! Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown. URL:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When the OAuth/partner integration is disabled (the default since
WU_PAYPAL_OAUTH_ENABLEDwas added in #e9b9aede), merchants previously had to copy PayPal API credentials into a flat settings panel with no guidance and no way to verify them before saving.This PR delivers two things:
e9b9aede) — Confines OAuth/partner code paths behind aWU_PAYPAL_OAUTH_ENABLEDconstant defaulting tofalse, so production installs make zero outbound/statusprobes when the partner integration is unavailable. Set the constant totrueinwp-config.phpto re-enable.Wizard Flow
wu_save_setting()and addspaypal-resttoactive_gateways.POST /v1/oauth2/tokenwith the saved credentials. On success, auto-installs the webhook viaPOST /v1/notifications/webhooks. On failure, surfaces PayPal's own error message + troubleshooting list.Settings Panel CTA
A new "Guided setup" card on the Payments settings panel links into the wizard when OAuth is disabled. The webhook URL row is no longer pinned to the legacy
paypal_rest_show_manual_keysflag, so it stays visible alongside the manual credential fields in either mode.New Files
inc/admin-pages/class-paypal-setup-wizard-admin-page.phpviews/wizards/paypal-setup/{welcome,instructions,configure,test,done}.phpassets/js/paypal-setup-wizard.js(+ minified)tests/WP_Ultimo/Admin_Pages/PayPal_Setup_Wizard_Admin_Page_Test.phpModified Files
constants.php— definesWU_PAYPAL_OAUTH_ENABLED(defaultfalse).inc/gateways/class-paypal-oauth-handler.php— gated on the constant.inc/gateways/class-paypal-rest-gateway.php— renders the CTA and decouples the webhook URL row from the legacy manual-keys toggle.inc/class-wp-ultimo.php— registers the wizard page and its AJAX handler.tests/WP_Ultimo/Gateways/PayPal_OAuth_Handler{_Test,_Standalone_Test}.php— adds the constant assertion and skip helper for proxy-probe tests.Test Plan
Automated
PayPal_Setup_Wizard_Admin_Page_Test) covering: page properties, sections list, sandbox/live mode detection, all section views, the configure handler (nonce, sandbox + live persistence, empty-credentials notice), AJAX handler registration, AJAX endpoint branches (bad nonce, missing credentials, PayPal rejection, transport error, success-with-webhook).Manual / Browser
End-to-end verification against a local WordPress multisite install:
AQTESTclientid12345/EBTESTsecret67890persisted topaypal_rest_sandbox_client_idandpaypal_rest_sandbox_client_secret;paypal-restadded toactive_gateways(verified viawp eval).?page=wp-ultimo-settings&tab=payment-gateways.?page=wp-ultimo-settings&tab=payment-gatewaysshows the "Guided setup" card with the "Open setup wizard" button when the OAuth constant isfalse. No OAuth/Connect-with-PayPal button. Webhook URL row visible alongside manual credential fields.Backwards Compatibility
define('WU_PAYPAL_OAUTH_ENABLED', true);inwp-config.php.